ExtraHop's protocol analysis automatically identifies SQL statements and stored procedures for common RDBMS's like Microsoft SQL Server, Oracle, and MySQL, and presents performance data on a per query type with the ability to drill down to a specific query. That's some powerful analysis.
The data captures by the ExtraHop appliance, which are stored for 30 days on the entry-level appliance, are fully searchable and trendable so you can set up reports for HTTP error codes like 404, File Not Found, or 500 Server Error. Within ExtraHop you can drill into those error codes by time, source, and destination, and even identify URLs that are causing the issue and when they occurred. The product isn't able to match a user session to a database request since database connections are shared, but by narrowing the time window to cover a very small area, you can reduce the amount of traffic to examine and pick out the correlated application behavior.
You also can start your investigation or monitoring from the network device and view statistics about the sessions to and from the server, and then continue to drill into any details you like, from Layer 2 up to Layer 7. ExtraHop has the tools to let you search the way you want.
The executives from ExtraHop claim the product out of the box is ready to use, requiring only a connection to a switch span port or a network tap and an IP address for the management interface. The appliance, starting at $50,000, is designed to handle 1 Gbps of traffic with tens of thousands of sessions and 300 network devices. The packet capture, storage, processing, and user interface are all housed on the same server. The appliance can be installed and running in under 15 minutes. ExtraHop also has configuration options for setting threshold alerts and defining reports.
The company is working on refining features, such as using moving averages for alerts. Static thresholds are set so that if network utilization reaches 60%, send an alert, but spikes in utilization might indicate an abnormal event like a flash crowd. Setting an alert based on a 25% spike in utilization might be a more interesting alert, giving you time to respond to a potential problem before performance degrades.
In addition, ExtraHop is working on creating a centralized reporting system so that distributed appliances could roll up data and reports, giving you a global view of your application infrastructure rather than having to touch a bunch of point products.
This story was updated Dec. 9 to correct the spelling of Raja Mukerji's last name.