ExtraHop unifies network security and visibility with new all-in-one sensor.
Seattle-based ExtraHop got its start back in 2007, largely focused on network performance monitoring (NPM). The company has moved steadily over the years into the network detection and response space. This week, ExtraHop announced the latest step in its platform evolution with a unified sensor that combines network visibility alongside security.
The all-in-one sensor technology represents a milestone in the company’s strategic shift and addresses a key challenge for enterprises: the proliferation of point tools for network monitoring and security. This new unified sensor consolidates what previously required multiple specialized sensors, including network detection and response (NDR), intrusion detection systems (IDS), performance monitoring and packet capture capabilities.
“We have been super busy trying to reinvent the NDR space itself,” Kanaiya Vasani, chief product officer at ExtraHop, told Network World. “We have taken a very expansive view of the definition of NDR, and our view is basically anything and everything you need for the network span, going from visibility to managing performance and application performance assurance, to doing all the most comprehensive threat detection that you can do with a network as a data source.”
All-in-one sensor: A unified approach to network intelligence
ExtraHop has been working to bring more capabilities into its network sensor over the past year.
“Up until last year, we had what we call multi-function sensors that consolidated all the telemetry gathering that you needed to do for IPS, NPM and NDR functionality all in one sensor, but for packet capture, we still had a separate sensor,” Vasani said. “Now what we have done is we have consolidated all the functions, including PCAP and packet forensics. Everything comes through that one sensor that you can deploy in your infrastructure.”
The new sensor benefits from a sophisticated architecture designed to efficiently process network traffic from Layer 2 through Layer 7 while maintaining performance. Vasani explained that ExtraHop has developed a highly efficient packet processing pipeline that is able to extract everything that is needed in a single pass architecture.
This deep visibility allows ExtraHop to provide insights across the entire network stack, from basic connectivity to application-level transactions.
“The benefit of going all the way through Layer 7 is I can actually see a database transaction going through on the wire,” Vasani said. “If you have application teams complaining about database query latency, we can map it to what session was that tied to and what flows was it tied to from a network perspective and is this really an app server issue, or is it a network issue, or is it an endpoint issue?”
The new sensor integrates with ExtraHop’s RevealX platform, feeding telemetry into the company’s cloud-scale ML/AI engine that powers its detection and analysis capabilities.
“The sensor collects the telemetry, feeds it into an ML/AI engine that sits in the cloud, and then we layer in workflow engines on top to enable the various use cases,” Vasani said.
How the ExtraHop unified sensor is deployed across hybrid environments
In modern distributed enterprise environments, network visibility must extend beyond traditional data centers. ExtraHop’s all-in-one sensor is designed to address this reality with deployment options that span physical appliances, virtual machines and cloud environments.
ExtraHop has both virtual and physical hardware appliances for sensor deployment. ExtraHop sensors can plug into a network through multiple methods including, Network Tap, SPAN (Switched Port Analyzer) port, packet broker or a cloud provider’s vTAP capabilities.
“We have sensors that scale from a gig all the way to 100 gig, so you can deploy the right size sensor depending on the network you are trying to get telemetry from,” said Vasani. “If you have a branch office, put a one gig sensor in there. If you have a data center, you can deploy a 100 gig sensor from us.”
For organizations embracing cloud-native architectures, ExtraHop has developed specialized capabilities for environments like Kubernetes where traditional network tapping approaches don’t apply.
“For customers who are moving to a cloud-native deployment model, spinning up a lot of Kubernetes clusters on the cloud, we have agents that can ride sidecar with your Kubernetes pods and we are able to mirror traffic from the Kubernetes pods and feed it into cloud sensors,” Vasani explained.
Following the consolidation trend for networking
ExtraHop’s strategy aligns with a broader industry trend toward platform consolidation, as organizations seek to reduce complexity while improving security and operational effectiveness.
While the company is now adding more capabilities to its sensor, it’s still aiming to integrate and complement other technologies that organizations have already deployed. Rather than competing with security information and event management (SIEM) platforms or extended detection and response (XDR) solutions, ExtraHop positions itself as a partner that provides unique network-based insights.
“We can be the best network detection and response platform in the market and then partner with ITSM tool vendors, SIEM vendors and SOAR vendors,” Vasani said.
Looking forward: Agentic AI workflows
ExtraHop is already using generative AI as part of its overall platform. In 2024, the company released an AI search assistant designed to help administrators use natural language to search for issues. Looking forward, ExtraHop is working on further automations that can benefit from agentic AI workflows.
One of the workflows the company is building out uses generative AI to automatically customize product settings for specific enterprise environments. Vasani said work is also underway to help with investigation workflow automation where the system streamlines the incident response process by automating investigation steps.
“We are doing some work from a prototyping standpoint, and things will start to roll out from a roadmap perspective very shortly,” he said.
