(upbeat music) >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at the RSA Conference in downtown San Francisco. We're live, it's 40,000 people all talking about security, and we're excited for a first-time attendee of RSA. We're joined by John Smith, a solutions architect from ExtraHop Networks. Welcome, John. >> Hey, thanks for having me. >> Absolutely. So you said it's your first time to the RSA Conference? I'm just curious, kind of first impressions of the show? >> Wow. Well, there's certainly a lot of people here. It's the biggest show I've ever been to. We've been to Synergy, HIMSS, a couple of them. I think HIMSS might have more people, but it certainly seems more crowded. People are more involved in the booths here, asking a lot of really good questions. A lot of ones and zeros people at the booth, so you really got to be on your toes (laughs) when you're talking to folks. (Jeff laughs) >> All right, for the people that aren't familiar with ExtraHop, give us kind of the overview, what you guys are all about. >> So we're a real-time IT analytics product that uses wire data to provide, at least in the security space, the biggest play we have is more around surveillance and invisibility. One of the first two controls that SANS recognizes as being, that you need to secure your environment, is asset inventory and the ability to see what applications are running on those assets. A lot of the tools in the security industry try to engineer down to that, to try to give you that. That's one of the, a lot of security people will kind of name that as one of the more difficult things to get. We start there. So we are a wire data analytics, that's kind of the core of what we do, so we don't require any IP addresses, we don't, or, I'm sorry, we don't require any agents, we don't require any SNMP, any ping sweeps or anything like that. If it has an IP address, it can't hide from us. So that means whether it's an IOT device or a medical device that's been compromised, if it's someone who wants to work in the dark and they've got a NACL that's blocking people, the minute they communicate with someone else, they're made and they can't hide from us. So what we've seen in our, with our customer base, is kind of a burgeoning security practice where people are actually using the appliance more in a security use case, and that's probably our fastest-growing use case right now. >> So what was the core of the business before? You said ExtraHop's been around for 10 years, but you're new here. What was kind of the core business before your security practice really grew? >> So the core of the business, and, you know, there's three kind of major areas. There's, we generally use the wire as a data source. So we position the customer to interact directly with the wire and the data that's coming across it. So that can be break, fix, and performance of your different web applications from layer two up to layer seven. A lot of that is business intelligence. We had an online retailer that wanted to know, you know, the average of income of people who filled out their credit app by ZIP code so that they could adjust pricing. That used to be a complicated OLAP job on the back end. We were able to give that to them in real time so that they could see, "Hey, people in this ZIP code make $300 a month more "than people in this ZIP code, we can raise prices here." So business intelligence and break, fix, and performance are big ones, and then of course in the security place, or the security space, where we're able to provide full accountability for every single IP address on the network, has been very powerful. >> Interesting. So you said you had some announcements that you guys are making here at the show? >> Yeah, so we have, are announcing our SaaS offering, which is another, it's basically a machine-learning, a cloud-based machine-learning platform that allows us to do some anomaly detection without the need to, you know, a lot of your cloud-based anomaly detection tools require you to forward terabytes of data so that then they can look at it, analyze it, and then maybe an hour later you get some information that you've been breached or that there's a problem-- >> That, or a day. >> Yeah, or, maybe, yeah. >> Months and months and months. >> Exactly. We're kind of unique in that we're able to, you know, what our Atlas program is able to essentially interrogate systems that are deployed around the world, currently around the U.S., it's a U.S. offering today, but basically we can interrogate those systems for any types of anomalies that happen. Actually, in the run up to the offering, we had a customer that was able to reroute some traffic because they were able to see the mirai botnet was starting to meddle with some of the performance of different parts of their infrastructure. So having the ability to be able to provide customers visibility into what's going on on their networks without the burden of making them FTP data up to you so that then you can evaluate it, one, you don't have the infrastructure burden of sending the data to you and the delay with that, but in addition to that, you're able to provide some real-time visibility. One of the things we've noticed is that the people who have the ability to interpret the data and to kind of parse and tell you when there is an anomaly, they're very overworked and they're spread really thin in a lot of their organizations. We augment that capability by doing some of that heavy lifting for them so that we can say, "Hey, did you know you have 1,000% increase in, you know, "DNS traffic from this particular host?" >> Right. >> That type of visibility that you can do in real time, so that if you have multiple branches around the country, we can provide that visibility from one centralized location. >> Yeah, it's all about the real time, right? Real time is in time, hopefully. >> Real time, and really, the money is in the mash-up, right? We've had a lot of really, one of the things I've noticed over the years is thread intelligence has really matured, and I think that's great, but if you can't marry that with some of your own intelligence that's going on on your own networks, you know, the value is really a lot tougher to realize. If you can ad hoc or if you can engage in some ad hoc thread intelligence by leveraging a platform like ExtraHop that can do the evaluation and thread things like anomalous behavior, that makes your agility to deal with today's threats really, really, a lot more effective. Most threats, as you're probably aware, happen, I think 93% of them happen within a minute. Dealing with that with humans, dealing with that with logs, is, it's really, really tough to do. I love logs and I love humans, but if you can position yourself to engage in programmatically dealing with that, we see orchestration is becoming, you know, kind of an emerging technology, and we're uniquely positioned to be able to interact with any sort of orchestration engines, something like a phantom, you know, things like that, where we can observe some actionable data, and then we have an open platform that can then integrate with the orchestration they're after. >> All right. Well, John, that was a great summary. We're going to leave it there, thanks for stopping by. The money's in the mash-up, did I get it right? >> John And Jeff: The money's in the mash-up. >> Baby. >> All right. >> All right. >> He's John Smith, I'm Jeff Frick. You're watching theCUBE from RSA. >> Thank you. >> Thanks for watching. (upbeat music)