 From Las Vegas, it's theCUBE. Covering VMworld 2018. Brought to you by VMware and its ecosystem partners. Good morning from day three of theCUBE's coverage of VMworld 2018 from the Mandalay Bay Las Vegas. I'm Lisa Martin and I'm joined by my co-host, Justin Warren. Good morning, Justin. Good morning, Lisa. We're excited to welcome to the first time to theCUBE Justi Rothstein, co-founder and CTO of ExtraHop. Justi, it's nice to meet you. Nice to meet you, Lisa. Thank you for having me. Absolutely. So ExtraHop, you guys are up in Seattle. You are one of Seattle's sunny Seattle. So one of the best companies up there to work for. Tell us about ExtraHop. What do you guys do in the software space? Great. Well, ExtraHop does network traffic analysis. And that can be applied to both performance optimization as well as cybersecurity. Now I'm not unbiased, but what I would tell you is that ExtraHop extracts value from the wire data better than anybody else in the world. And that's our fundamental belief. We believe that if you can extract value from that wire data and insights and apply in real time analytics and machine learning, then this can be applied to a variety of use cases, as I said. That's quite interesting. Some of the use cases we were talking about are off camera. So some of the things around micro segmentation, particularly for security as you mentioned, is really important. And also in software defined networking. So the fact that you are software and software defined networking, we've had a few guests on theCUBE so far over the last couple of days. That's something which is really experiencing a lot of growth. We have VMware who's talking about their NSX software defined networking. So maybe you could give us a bit of a detail on how ExtraHop helps in those situations. Well, I'm paying a lot of attention to VMware's vision and kind of the journey of NSX and really software defined everything as well as, and with NSX, you see a lot of applications towards security, kind of a zero trust, least privileged model, which I think is very exciting and there are some great trends around that. But as we've also seen, it's difficult to execute. It's difficult to execute to build the policies such that they maybe don't break. From my perspective, a product like ExtraHop, a solution like ExtraHop, we work great with software defined environments first because they enable the type of visibility that we offer in that you can tap traffic from a variety of locations for the purposes of analysis. If left to its own devices, I think these increased layers of abstraction and increased kind of policy frameworks have the potential to introduce complexity and to limit visibility. And this is where solutions like ExtraHop can provide a great deal of value. And we apply to both your traditional on-prem environments as well as these hybrid and even public cloud environments. So the ability to get visibility across a wide range of environments, really pervasively in the hybrid enterprise is, I think, a big value that we offer. You know, we're at VMworld and on day one on Monday, Pat Gelsinger talked about the average enterprise has eight, eight or nine clouds. I heard somebody the other day say that they had four and a half clouds. I didn't know you could have a half a cloud, but you can. So multi-cloud, a big theme here, that's more kind of the vision and the direction that VMworld's going to go into. But to your point, customers are living in this world. It's not about embracing it, they're in it. But that also, I think by default, that can create silos that enterprises need to understand to wrap their heads around. To your point, they have to have visibility because the data is the power and the currency only if you can have visibility into it and actually extract insights and take action. Absolutely. X-Rap customers are primarily large enterprises and carriers. And every single one of them is somewhere on their own cloud journey. You know, maybe they're just beginning it, maybe they're quite mature, maybe they're doing a lot of, you know, data center consolidation or some amount of workload migration to public cloud. No matter where they are in that journey, they require visibility into those environments. And I think it's extremely important that they have the same level of visibility that they're accustomed to in their on-prem environments with their traditional workloads, as well as any sort of born in the cloud workloads. But I want to stress it's visibility for its own sake isn't very useful. Organizations are drowning in data. You can drown in visibility. So for us that the real trick is to extract insights and bring them to your attention. And that's where we've been investing in data science and machine learning for about four and a half to five years. And this is before it became trendy as it is today. For power like that called it. There's so much ML washing. You know, when you walk any show floor almost every vendor talks about, you know, their AI and machine learning. A lot of it's exaggerated. But what I'll say for extra up is that of course ours is real and we've been investing in this for years. And our vision was that we had this unbelievable amount of data. You know, when you're looking at the wire data, you're not just drinking from the fire hose here. You're drinking from Niagara Falls. And you have all of this data. And then with machine learning, you need to perform feature extraction on the data. That's essentially what data science teams are very good at. And then build the ML models. So our vision was that we don't want to just give you a big pile of data or a bunch of charts and graphs. We actually want to bring things to your attention so that we can say, hey, Lisa, you know, look over here. There's something unusual happening here. Or in many cases, there's a potential threat or there's suspicious behavior, an indicator of compromise. And that's where that sort of machine learning, I believe is the kind of the, well certainly the current horizon or the state of the art for cybersecurity. And it's extremely important. Jesse, can you give us an example of one of your enterprise customers and how they've used extra hot to manage that complexity, that Lisa was talking about, that visibility that they need to get through all the different layers of abstraction. And maybe if there's one, an example of how they've done some cybersecurity thing, particularly around that machine learning of detecting an anomaly that they need to deal with. Sure, I mean, I can think of a lot. One customer in mind, and unfortunately, I can't actually name them as a very large retail customer. And what I love about them is they actually have XTRAP deployed at thousands of retail sites as well as their data centers and distribution centers. And not only does XTRAP give them visibility into the logistics operations, and they've used XTRAP to detect performance degradations and things like that that were preventing them from, literally preventing the trucks from kind of rolling out. But they're also starting to use XTRAP more and more to monitor what's going on at the retail sites, in particular looking for potential compromises in the point of sale systems. We have another customer that's a large telco carrier and they used XTRAP at one point to actually monitor phone activations. Because this is something that can be frustrating. If you buy a new phone and maybe it's an iPhone and you go to activate it, it has to communicate to all these different servers, it has to perform some sort of activation. And if that process is somehow slow or could take a long time, that's very frustrating to your users and your customers. So they needed the ability to see what was happening and certainly if it was taking longer than it usually does. So that's a very important use case. And then we have a number of customers on the cybersecurity side who are looking for both the ability to detect potential breaches and maybe ransomware infections. But also the ability to investigate them rapidly. And this is extremely important because in cybersecurity, you have a lot of products that are essentially alert cannons. You know, a product that just says, hey, hey, look at this, look at this, look at this. I think we found something. And that just creates noise. That just creates work for cybersecurity teams. So the ability to actually surface high quality anomaly and threats and streamline and even automate the workflows for investigation is super important. It's not just, hey, I think I found something, but hey, let's take a clicker to and investigate what it is so we can make a decision. Does this require immediate action or not? Now, for certain sort of detections, we can actually take an automated response. But there are a variety of detections where you probably want to investigate a little more. Yeah. I also noticed the Purdue Pharma case study on your website. And looking at sort of the, some of the bottom line impacts that your technology is making, where they saved, reduced their data center footprint by 70% and increased app response times by 70%. And we're talking about, you know, pharmaceutical data. You guys are also very big in the healthcare space. So we're talking about literally potentially life-saving situations that need to be acted on immediately. Certainly that can be true. Healthcare, there can be life and death situations and timely access to medical records, to medical data, you know, whether it's a work station inside an exam room or an iPad or something like that can be absolutely critical. You often see a lot of desktop and application virtualization in the healthcare environment, primarily due to the protection of PHI, your personal health information and HIPAA constraints. So very common deployments in those environments and if the logins are slow or if there's an inability to access these records, it can be devastating. So we have a large number of customers who are essentially care providers, hospital chains and such that use X-Trump to ensure that they have timely access to these records. And that's more on the performance side. We also have healthcare customers that have used our ability to detect ransomware infections. Ransomware is just a bit of a plague within healthcare. Unfortunately, that industry vertical has been hit quite hard with those infections and the ability to detect a ransomware infection and perform some sort of immediate quarantining is extremely important. And this is where I think micro segmentation comes into play because as these environments are more and more virtualized, natural micro segmentation can help limit damage to ransomware, but more often than not, these systems and workstations do have access to something like a network drive or a share. But what I like about micro segmentation is the flexibility to configure the policies. So when a ransomware infection is detected, we have the ability to quarantine it and shut it down. And keep in mind that there's defense in depth is kind of a security strategy that we've been employing for decades, literally multiple layers of protection. So there are always protections at your gateway, your firewall, at the perimeter, your NGFW, and there are protections at the endpoint, but if these were 100% effective, we wouldn't have ransomware infections. So unfortunately they're not and we always require that last, and maybe a last line of defense where we examine what's going on in the East West corridor and we look for those potential threats and that sort of suspicious activity or even known behaviors that are known to be bad. Well, Jesse, thanks so much for stopping by theCUBE and sharing with us what extra hop is doing and what differentiates you in the market. We appreciate your time. My pleasure, Lisa. Justin, thank you so much for having me. And we want to thank you for watching theCUBE. I'm Lisa Martin with Justin Moore and Stick Around will be back day three of VMworld 2018 coverage in just a moment.