ExtraHop tackles packet data ‘avalanche’
The problem of measuring network and application performance has long confounded many IT departments due to its difficulty, high cost, and strain on storage infrastructure. But ExtraHop Networks has released a product it says will change all of that.

ExtraHop 3.8 has added a new packet capture feature to the engine that runs the company’s physical appliances (soon, it says, it will also be available for virtual appliances). The tool will take network performance management to a new level by identifying only the relevant bits of information in a packet stream, says Erik Geisa, senior vice-president for marketing at ExtraHop, something the company describes as akin to “finding a snowflake in an avalanche.”

Traditional methods of analyzing the packet data are cumbersome because they overload storage infrastructure and require human intervention to sift through every piece of it, says Geisa. And the fundamental concept behind doing so is flawed, he adds.
“The problem is that the packet capture is happening after the event. You have no way to know what caused that event unless that event repeats itself while you’re doing the continuous packet capture.”
ExtraHop  is taking a different tack, which it calls “policy-based packet capture,” using a continuous ring buffer that is constantly capturing the last million packets, he says. When it’s triggered by an event on the network, the data immediately preceding it is available for analysis.
And the company takes it a step further by finding the specific packets in the full application flow that caused that event, Geisa says.
Since only the information related to the specific event is captured, it will lead to a “dramatic reduction” in both time and storage requirements, says Geisa, adding that the tool also provides cross-tier visibility: “We see everything from that initial DNS request to the last byte served out of storage and everything in between.”
Geisa also says ExtraHop offers companies a reduced cost of acquisition and deployment through its subscription-based model. The cost works out to “as little as “$22 per element per month,” he says, comparing it to other vendors that would charge $100,000 outright for a similar system.
A fully functional ExtraHop “discovery edition” (in the form of a virtual appliance) is available with a 60-day runtime license.