(pulsing music) >> Live from Las Vegas, it's theCUBE, covering VMworld 2018. Brought to you by VMware and its ecosystem partners. >> Good morning from day three of theCUBE's coverage of VMworld 2018 from the Mandalay Bay, Las Vegas. I'm Lisa Martin, and I'm joined by my co-host, Justin Warren. Good morning, Justin. >> Good morning, Lisa. >> We're excited to welcome to the first time to theCUBE Jesse Rothstein, co-founder and CTO of ExtraHop. Jesse, it's nice to meet you. >> Nice to meet you, Lisa. Thank you for having me. >> Absolutely, so ExtraHop, you guys are up in Seattle. You are one of Seattle's-- >> Sunny Seattle (Jesse chuckles). >> Sunny Seattle. So, one of the best companies up there to work for. Tell us about ExtraHop. What to you guys do in the software space? >> Great. Well, ExtraHop does network traffic analysis, and that can be applied to both performance, performance optimization, as well as cybersecurity. Now, I'm not unbiased, but what I would tell you is that ExtraHop extracts value from the wired data better than anybody else in the world, and that's our fundamental belief. We believe that if you can extract value from that wired data and insights and apply in real-time analytics and machine-learning, then this can be applied to a variety of use cases, as I said. >> That's quite interesting. Some of the use cases we were talking about off camera, some of the things around micro-segmentation, particularly for security, as you mentioned, is really important, and also in software-defined networking, the fact that you are software, and software-defined networking we've had a few guests on theCUBE so far over the last couple of days, that's something which is really experiencing a lot of growth. We have VMware who's talking about their NSX software-defined networking. Maybe you could give us a bit of detail on how ExtraHop helps in those situations. >> Well, I'm paying a lot of attention to VMware's vision and kind of the journey of NSX and software, really software-defined everything, as well as, and within NSX, you see a lot of applications towards security, kind of a zero-trust, least-privileged model, which I think is very exciting, and there's some great trends around that, but as we've also seen, it's difficult to execute. It's difficult to execute to build the policies such that they maybe don't break. From my perspective, a product like ExtraHop, as solution like ExtraHop, we work great with software-defined environments. First, because they have enabled the type of visibility that we offer in that you can tap traffic from a variety of locations for the purposes of analysis. If left to its own devices, I think these increased layers of abstraction and increased kind of policy frameworks have the potential to introduce complexity and to limit visibility, and this is where solutions like ExtraHop can provide a great deal of value. We apply to both your traditional on-prem environment as well as these hybrid and even public cloud environments. The ability to get visibility across a wide range of environments, really pervasively, in the hybrid enterprise is I think a big value that we offer. >> We are at VMworld and on day one, on Monday, Pat Gelsinger talked about the average enterprise has eight or nine clouds. I heard somebody the other day say that they had four and a half clouds. I didn't know you could have a half a cloud, but you can. Multi-cloud, a big theme here, that's more the vision and direction that VMware's going to go into, but to your point, customers are living in this world, it's not about embracing it, they're in it, but that also I think by default that can create silos that enterprises need to understand or to wrap their heads around. To your point, they have to have visibility, because the data is the power and the currency only if you can have visibility into it and actually extract insights and take action. >> Absolutely. ExtraHop customers are primarily large enterprises and carriers, and everyone single one of them is somewhere on their own cloud journey. You know, maybe they're just beginning it, maybe their quite mature, maybe their doing a lot of data center consolidation or some amount of workload migration to public cloud. No matter where they are in that journey, they require visibility into those environments, and I think it's extremely important that they have the same level of visibility that they're accustomed to in their on-prem environment, with their traditional workloads, as well as in these sort of borne-in-the-cloud workloads. But, I want to stress visibility for its own sake isn't very useful. Organizations are drowning in data, you can drown in visibility. For us, the real trick is to extract insights and bring them to your attention, and that's where we've been investing in data science and machine-learning for about four and a half to five years. This is before it became trendy as it is today. >> Superpower, like Pat called it. >> There's so much ML watching, when you walk in the show floor, almost every vendor talks about their AI and machine-learning. A lot of it's exaggerated, but what I'll say for ExtraHop, of course, ours is real, and we've been investing in this for years. Our vision was that we had this unbelievable amount of data, and when you're looking at the wired data, you're not just drinking from the firehose, you're drinking from Niagara Falls. You have all of this data, and then with machine-learning, you need to perform feature extraction on the data, that's essentially what data science teams are very good at, and then, build the ML models. Our vision was that we don't want to just give you a big pile of data or a bunch of charts and graphs, we actually want to bring things to your attention so that we can say, "Hey, Lisa, look over here, "there's something unusual happening here", or in many cases there's a potential threat or there's suspicious behavior, an indicator of compromise. That's where that sort of machine-learning I believe is the, kind of the-- well, certainly the current horizon or the state of the art for cybersecurity, and it's extremely important. >> Jessie, can you give us an example of one of your enterprise customers and how they've used ExtraHop to manage that complexity that Lisa was talking about, that visibility that they need to get through all the different layers of abstraction, and maybe, if there's one, an example of how they've done some cybersecurity thing, particularly around that machine-learning of detecting an anomaly that they need to deal with? >> Sure, I can think of a lot. One customer of mine, that unfortunately, I can't actually name them, is a very large retail customer, and what I love about them is the actually have ExtraHop deployed at thousands of retail sites, as well as their data centers and distribution centers. Not only does ExtraHop give them visibility into the logistics operations, and they've used ExtraHop to detect performance degradation and things like that, that we're preventing them from, literally preventing the trucks from rolling out. But they're also starting to use ExtraHop more and more to monitor what's going on at the retail sites, in particular, looking for potential compromises in the point-of-sale systems. We've another customer that's a large, telco carrier, and they used ExtraHop at one point to actually monitor phone activations, because this is something that can be frustrating if you buy a new phone, and maybe it's an iPhone, and you go to activate it, it has to communicate to all these different servers, it has to perform some sort of activation, and if that process is somehow slow or could take a long time, that's very frustrating to your users and your customers. They needed the ability to see what was happening, and certainly, if it was taking longer than it usually does. That's a very important use case. And then we have a number of customers on the cybersecurity side who are looking for both the ability to detect potential breaches and maybe ransomware infections, but also the ability to investigate them rapidly. This is extremely important, because in cybersecurity, you have a lot of products that are essentially alert cannons, a product that just says, "Hey, hey, look at this, look at this, look at this. "I think we found something." That just creates noise. That just creates work for cybersecurity teams. The ability to actually surface high-quality anomaly and threats and streamline and even automate the workflows for investigation is super important. It's not just, "Hey, I think I found something", but let's take a click or two and investigate what it is so we can make a decision, does this require immediate action or not. Now, for certain sort of detections, we can actually take an automated response, but there are a variety of detections where you probably want to investigate a little more. >> Yeah. >> I also noticed the Purdue Pharma case study on your website, and looking at some of the bottom line impacts that your technology is making where they saved, reduced their data center footprint by 70% and increased app response times by 70%. We're talking about pharmaceutical data. You guys are also very big in the healthcare space, so we're talking about literally potentially life-saving situations that need to be acted on immediately. >> Certainly that can be true. Healthcare, there can be life-and-death situations, and timely access to medical records, to medical data, whether it's a workstation inside an exam room or an iPad or something like that can be absolutely critical. You often see a lot of desktop and application virtualization in the healthcare environment, primarily due to the protection of PHI, personal health information, and HIPPA constraints, so very common deployments in those environments. If the logins are slow or if there's an inability to access these records, it can be devastating. We have a large number of customers who are essentially care providers, hospital chains, and such that use ExtraHop to ensure that they have timely access to these records. That's more on the performance side. We also have healthcare customers that have used our ability to detect ransomware infections. Ransomware is just a bit of a plague within healthcare. Unfortunately, that industry vertical's been hit quite hard with those infections. The ability to detect a ransomware infection and perform some sort of immediate quarantining is extremely important. This is where I think micro-segmentation comes into play, because as these environments are more and more virtualized, natural micro-segmentation can help limit damage to ransomware, but, more often than not, these systems and workstations do have access to something like a network drive or a share. What I like about micro-segmentation is the flexibility to configure the policies, so when a ransomware infection is detected, we have the ability to quarantine it and shut it down. Keep in mind that there's defense in depth, it's kind of a security strategy that we've been employing for decades. You know, literally multiple layers of protection, so there are always protections at your gateway, and your firewall, at the perimeter, your NGFW, and there are protections at the endpoint, but if these were 100% effective, we wouldn't have ransomware infections. Unfortunately, they're not, and we always require that last, and maybe a last line of defense where we examine what's going on in the east-west corridor, and we look for those potential threats and that sort of suspicious activity or even known behaviors that are known to be bad. >> Well, Jesse, thanks so much for stopping by theCUBE and sharing with us what ExtraHop is doing, and what differentiates you in the market. We appreciate your time. >> My pleasure, Lisa, Justin. Thank you so much for having me. >> And we want to thank you for watching theCUBE. I'm Lisa Martin with Justin Warren. Stick around, we'll be back. Day three of the VMworld 2018 coverage in just a moment. (pulsing music)