ExtraHop has launched the latest version of its streaming analytics platform, ExtraHop 6.0. Designed to provide actionable insights for monitoring, troubleshooting, and operations, the latest version provides new features including continuous packet capture and Netflow analysis.
ExtraHop includes three components. First is the Discover appliance (physical or virtual), which ingests real-time network traffic from a tap or mirror port and transforms it into structured data. Discover holds packets in a rolling buffer to extract metadata, but doesn’t capture the packets.
ExtraHop says its top-end Discover appliance can wring data from up to 4 million packets per second.
Second is the Explore appliance (also physical or virtual), which creates an index of the data gathered in Discover, creates searchable records, and provides the UI for administrators and operators to query the system and conduct investigations.
Third is the Trace appliance (physical only), which adds continuous packet capture capability to the ExtraHop platform. The initial appliance offers 28Tbytes of raw capacity. The company estimates that at 10Gbps of continuous capture, customers can record approximately 6 hours’ worth of traffic per device.
ExtraHop says that its platform lets administrators identify granular transactions—for instance, a log-in attempt to an application server from an individual user’s VDI client—and then drill down to the actual packets that make up the transaction.
Also new to version 6.0 is integrated NetFlow analysis. With support for NetFlow versions 5 and 9, as well as IPFIX, ExtraHop offers real-time metrics for top talkers, top applications, and top conversations.
The Discover appliance starts at $10,000. You have to contact ExtraHop for pricing on Explorer. For packet capture capability, the Trace appliance is $73,500, and you’ll also need the Discover to go with it.