Why ExtraHop Sees Renewed Interest in Network Security

Security remains one of, if not the top, concern for organizations of every size and scope. As the threat landscape continues to expand and intensify, network detection and response (NDR) is back on the table for many.

We spoke with Jamie Moles, the senior manager of technical marketing at ExtraHop, a company recognized in every analyst review of the network security market, to dive deeper into the conversations around security that channel partners need to be prepared for.

How NDR is emerging as the next best solution to maturing operations

ExtraHop was recently recognized on Garnter’s first-ever NDR magic quadrant and has also been recognized by IDC, Forrester, and other firms on similar reports.

The company was founded in 2007 by former F5 Networks engineers who thought more could be done with the telemetry collected by traditional networking systems. The initial goal of the products offered by ExtraHop was to leverage data to provide stronger network performance monitoring. Over time, early adopters realized the information was also crucial to security outcomes, and the company widened its aperture to build a more holistic approach to NDR.

Now, the wider market seems to be rediscovering the symmetry between networking-related monitoring and security risk identification and response.

“I think it’s really become of interest now because it is a mature offering, and more companies now are ready for this level of tech than maybe they were a few years ago,” Moles said.

As organizations have matured, technology has seen recent waves of innovation in a few key areas that have pushed the market towards a more complete approach to network security, according to Moles.

“The only way to process all of this information is with machine learning. Along with developments in how accessible that is, ethernet moving to fiber and the prevalence of big data and how it can be managed have created a new, modern NDR approach that’s more relevant now than ever,” Moles added.

Moles also emphasizes the need for behavioral analytics throughout the process, as context is arguable the most important part of any detection system.

ExtraHop’s suite of solutions encompasses all the traditional components of NDR, including automated investigation and response through network visibility, as well as performance monitoring, packet forensics, and intrusion detection system (IDS) capabilities.

“I joined ExtraHop because the technology was so interesting to me,” Moles said. “We come out with a new release every quarter, and those aren’t just small fixes to bugs, they’re full product releases. I’ve never worked somewhere like this, and I still see vast amounts of potential ahead.”

Enterprises are already there, but channel partners will be crucial to down-market success

All this might sound logical on paper, but proper implementation and ongoing utilization of modern security tech, including an NDR solution, takes careful work and often expensive resources. Plus, Moles says, it’s best suited for organizations that are already addressing more fundamental security issues and have their endpoints secured.

“NDR also hasn’t seen as much attention because so much focus was on endpoint and also on leveraging SIEM,” Moles said. “But now, after events like CrowdStrike’s outage last year and just generally more need to consider the network as a security posture, more CISOs are considering how network data can also inform security decisions.”

As Moles emphasizes, NDR is a complex security approach and the technology needs to be carefully deployed and utilized to drive the best results. For MSPs and MSSPs, this presents an opportunity to bring enterprise-grade security tools to smaller teams in the midmarket and eventually SMB markets.

“They’re already doing components of this service through EDR and SIEM offerings, and most MSPs are probably doing some form of monitoring work,” Moles said. “Any technology will bring the most value when it’s implemented well, and MSPs and MSSPs will be crucial to that implementation for mid-market and smaller clients.”

Network-based malware increased significantly in the last year, according to research from WatchGuard Technologies. Read our coverage of the findings from its latest internet security report.