ExtraHop Networks

ExtraHop is a cybersecurity company providing AI-based network intelligence that stops advanced threats across cloud, hybrid, and distributed environments.

ExtraHop Networks, Inc.

Company type	Private
Industry	Cybersecurity
Founded	2007
Founders	Jesse Rothstein Raja Mukerji
Headquarters	Seattle, WA
Key people	Greg Clark, CEO
Products	Reveal(x); Reveal(x) 360
Owners	Bain Capital Private Equity, Crosspoint Capital Partners
Number of employees	501 to 1,000
Website	www.extrahop.com

History

Jesse Rothstein and Raja Mukerji founded ExtraHop in 2007 in Seattle, Washington, USA. The co-founders were formerly senior engineers at F5 Networks and architects of the BIG-IP v9 product.

Early on, ExtraHop acquired $6.6 million in funding from the Madrona Venture Group and other private investors including Marc Andreessen and Ben Horowitz.^[1] In May 2014, the company closed a $41 million Series C round led by Technology Crossover Ventures (TCV). Other participants in this round included existing investors Meritech Capital Partners and Madrona Venture Group, as well as private investors including Sujal Patel, former CEO and founder of Isilon Systems. This round brought ExtraHop’s total venture funding to $61.6 million.^[2]

After debuting as a Visionary in the Gartner Magic Quadrant for Network Performance Monitoring and Diagnostics in 2017, ^[3] in 2018 ExtraHop formally expanded into the cyber security market with the release of the Reveal(x) product, followed 2 years later by the launch of SaaS-based Reveal(x) 360. In January 2019, the company announced having booked $100 million in revenue for the previous year.^[4]

In July 2021, ExtraHop was acquired by Bain Capital Private Equity and Crosspoint Capital Partners for $900 million.^[5] In February 2022, the company announced that it had appointed Patrick Dennis as CEO.^[6] By October 2023, Dennis was moved to an advisory role with co-founder and managing partner at Crosspoint Greg Clark taking over as ExtraHop CEO.^[7] Clark had prior CEO roles at Forescout Technologies and Blue Coat Systems.

ExtraHop operates globally with offices in Seattle, Washington (HQ); London, UK; Germany; France; Australia; Singapore; and Japan.

Products

 

ExtraHop is headquartered on the 16th floor of 520 Pike Tower in downtown Seattle

ExtraHop sells products for Enterprise Security and IT Operations use cases. The company launched the Reveal(x)^[8] network intelligence product for Security Operations teams in 2018. ^[9] In 2020, the company introduced Reveal(x) 360,^[10] a fully SaaS-based version of their network detection and response platform.

Reveal(x) and Reveal(x) 360 (hereinafter referred to as "Reveal(x)") use what the company calls "cloud-scale machine learning" (ML) algorithms and rule-based techniques to detect behaviors, anomalies, and software vulnerabilities to provide security recommendations in actionable Detection Cards, and curate threat intelligence indicators of compromise of known threats.

Reveal(x) securely decrypts and analyzes traffic in real time, to collect intelligence and network threat telemetry that drive ML detections. These include:

–Detection of encrypted lateral movement, living off the land, and encrypted exploit attempts of CVEs such as PrintNightmare, ProxyLogon,^[11] Log4Shell, and Spring4Shell.^[12]

–Detection of cloud attack techniques (eg, AWS IMDS proxying, AWS services enumeration)

–Hygiene detections (eg, insecure protocols, passwords in plaintext)

–IoT detections (abnormal behavior observed on an IoT device of a specific make and model)

–Network-based detection of abuse of encrypted Microsoft protocols (Active Directory, Kerberos, SMBv3, MSRPC),^[13] as well as TLS 1.3

–User behavior (eg, abnormal login behavior)

ExtraHop Reveal(x) works by extracting metadata from raw network traffic across more than 70 protocols, including the ability to decrypt Microsoft application and authentication protocols^[14] and Transport_Layer_Security#TLS_1.3. This data includes natively discovered information about endpoints/users such as MAC, Hostname, OS, software, application layer information, usernames, geolocation, passive DNS, and whois. Reveal(x) data can be enriched with threat intelligence and endpoint process data from partner products. ExtraHop detections include a timeline of related events, MITRE ATT&CK techniques, next steps for investigation and remediation, and 1-click access to forensic data such as transaction records and decrypted packets. These data can also be explored/filtered as a starting point for threat hunts. Customers can build, reuse, and share libraries of saved queries to speed recurring threat hunting tasks.

The core of ExtraHop technology is a passive network appliance that uses a network tap or port mirroring to receive network traffic, and then performs full-stream reassembly to extract application-level protocol metrics and other custom-specified information contained in the transaction payload.^[15] A subset of these metrics is sent to the cloud where they are used as machine learning features to proactively detect anomalous behavior that could indicate data breaches, ransomware, and other threats as well as performance issues.^[16]

The ExtraHop network sensors can be deployed with self-managed physical and virtual appliances, or as a zero-infrastructure SaaS product. Network sensors can be deployed on-premises in data centers, on campus, at remote sites, and in cloud environments including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Integrations

ExtraHop Reveal(x) natively integrates with a number of technology products, including endpoint security (CrowdStrike^[17]), threat intelligence, and Saas/IaaS/PaaS platforms such as Microsoft 365^[18] and AWS native telemetry.^[19]

A sample list of known integrations includes: CrowdStrike; Microsoft Defender Security Center; Windows Defender ATP; Microsoft 365; AWS quarantine; Azure Sentinel; Cisco ISE; Palo Alto NGFW, Panorama, Demisto; Splunk SIEM & Phantom; Exabeam; IBM Qradar; ServiceNow; and Check Point.^[20]

Certifications

ExtraHop holds a number of industry certifications. These include SOC 2 Type II, SOC 3, GDPR, HIPAA and US Privacy Shield.^[21]

Customers

Known ExtraHop customers include Ulta Beauty,^[22] The Home Depot,^[23] and The City of Dallas.^[24]

Funding

On July 22, 2021, Bain Capital Private Equity and Crosspoint Capital Partners acquired ExtraHop for $900M,^[25] marking a significant shift in the market away from a prevention-and-protection model and toward a detection-and-response approach. After extensive due diligence and market research, Bain and Crosspoint determined that Network Detection and Response (NDR) is poised to be the next major cybersecurity category, a segment that is already growing fast at 24% CAGR. Both parties agreed, ExtraHop provides the best-in-class team and the best-in-class product in the NDR market and entered into an agreement to acquire ExtraHop in June 2021.

Prior to the acquisition, ExtraHop’s last funding was in 2014, a $41M Series C round^[26] that brought total funding to just over $61M. The company's Series B was a $14M round closed in May 2011,^[27] preceded by a $5.1M Series A in April 2009.^[28] Unlike many technology companies that exit at comparable valuations, ExtraHop raised very limited capital and was largely self-funded.^[29]

On January 9, 2024, Extrahop announced an addition $100M investment from their existing investors.^[30]

References

1. "Marc Andreessen, Madrona back ExtraHop Networks with $5 mil".
2. "ExtraHop Raises $41M Series C Round For Its Real-Time IT Analytics Service".
3. "ExtraHop Debuts as a Visionary in the Gartner Magic Quadrant for Network Performance Monitoring and Diagnostics". ExtraHop. February 27, 2017.
4. "Seattle hybrid cloud security startup ExtraHop touts bookings growth, says it's on an IPO path". GeekWire. January 15, 2019.
5. "Bain Capital and Crosspoint Capital Partners Buy ExtraHop Networks". Wall Street Journal. June 8, 2021.
6. "ExtraHop Grows Annual Recurring Revenue by 47%, Names Patrick Dennis Chief Executive Officer | ExtraHop". www.extrahop.com.
7. "ExtraHop's Exciting Future". www.extrahop.com.
8. "Reveal(x) Enterprise: Network Detection and Response | ExtraHop". www.extrahop.com. Retrieved 2021-04-29.
9. "ExtraHop Introduces Reveal(x) to Expose Attacks on Critical Assets and Automate Investigations".
10. "Reveal(x) 360: SaaS-Based Network Detection & Response | ExtraHop". www.extrahop.com. Retrieved 2021-04-29.
11. "ProxyLogon". ProxyLogon.
12. "CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware". Trend Micro. April 8, 2022.
13. "ExtraHop Introduces Breakthrough Decryption and Threat Detection Capabilities for Microsoft Environments | ExtraHop". www.extrahop.com.
14. "ExtraHop expands decryption capabilities in Microsoft environments". November 2, 2021.
15. "How Reveal(x) Enterprise Detects Threats in Real Time | ExtraHop". www.extrahop.com.
16. "ExtraHop mines the network to glean operations intelligence". NetworkWorld.com. 2013-10-04. Retrieved 2015-03-05.
17. "Technology Partner: CrowdStrike | ExtraHop". www.extrahop.com.
18. "Technology Partner: Microsoft | ExtraHop". www.extrahop.com.
19. "Technology Partner: Amazon Web Services | ExtraHop". www.extrahop.com.
20. "Explore ExtraHop Reveal(x) Integrations | ExtraHop". www.extrahop.com.
21. "| ExtraHop". www.extrahop.com.
22. "ExtraHop Helps Ulta Beauty Deliver Exceptional and Secure Guest Experiences | ExtraHop". www.extrahop.com.
23. "The Home Depot Builds Unified Customer Experience with Visibility from ExtraHop | ExtraHop". www.extrahop.com.
24. "City of Dallas Customer Solution Video Page | ExtraHop". www.extrahop.com.
25. "ExtraHop Announces Completion of Acquisition by Bain Capital Private Equity and Crosspoint Capital Partners | ExtraHop". www.extrahop.com.
26. "ExtraHop Closes $41 Million in Series C Funding | ExtraHop". www.extrahop.com.
27. "ExtraHop Networks Secures $14 Million Series B Financing Led By Late-Stage Venture Capital Firm Meritech Capital Partners | ExtraHop". www.extrahop.com.
28. "ExtraHop Raises $5.1 Million in Series A Funding | ExtraHop". www.extrahop.com.
29. "Seattle's ExtraHop expects $100M ARR in 2020, IPO the following year".
30. "ExtraHop Secures $100M in Growth Capital from Existing Investors and Strengthens Leadership Team to Accelerate NDR Market Growth | ExtraHop".