PODCAST: That crumbling sound you hear is obsolescence creeping into legacy security systems

By Byron V. Acohido

For more than 20 years companies have, by and large, bought into the notion that they must take a  “defense in depth” approach to network security. The best way to curtail network breaches, companies were told, was to erect strong perimeter firewalls, and then pile on dozens of layers of defenses on endpoint devices, databases, servers and applications.

Related article: Machine learning perfectly suits security analytics

Say goodbye to defense in depth as it swirls down the drain pipe to obsolescence; there is a tectonic shift in the way companies have begun to assemble and use corporate networks. This shift, in turn, has pushed legacy security defenses to the edge of the cliff where they are teetering at the brink of obsolescence.

I had an engrossing and enlightening conversation about this with Jesse Rothstein, CTO of ExtraHop, at the RSA Conference 2018 in San Francisco last week. Rothstein and Raja Mukerji formerly were senior software architects at F5 Networks, the network switching systems supplier that competes against Cisco and Juniper Networks.

One day, Rothstein and Mukerji began noodling a simple question: at a time of unprecedented scale, complexity, and dynamism, how do companies gain an actionable understanding of their IT environments? The answer: they don’t.

So, Rothstein and Mukerji co-founded ExtraHop in 2007 to help companies do just that. By 2014, the company closed a $41 million round of Series C financing, and today has 350 employees delivering network diagnostics and security analytics systems.

So ExtraHop is doing something right. And Rothstein knows a thing or two about what’s happening to business networks. For a full drill down on our discussion please give a listen to the accompanying podcast. A few high-level takeaways:

Digital shifts

The shift we discussed is the so-called “digital transformation” of business networks. This refers to the ascendancy of hosted cloud services, not just for data storage, but also for developing and deploying next-gen business applications and consumer services. This digital age is being brought to you courtesy of the infrastructure supplied by Amazon Web Services, Microsoft Azure and Google Cloud.


There’s more data than ever originating from smartphones and IoT devices and getting encrypted, stored and mined on cloud servers. This sets the table for fantastic innovation, such as driverless cars and the blossoming of Internet of Things services. But it has also introduced an entire new matrix of attack vectors, which malicious parties already have begun probing to get at valuable business data.

It’s clear that traditional business networks reliant on stalwart perimeter defenses, and layered defenses, are on their way out. A new approach to defending business networks is needed. The good news is that the table is set to make the necessary transition. Gigantic datasets are being amassed that are perfectly suited to applying automated data analysis, aka machine learning, to security monitoring.

What’s more, some very clever innovators, the engineers and scientists at ExtraHop among them, are diligently developing tools and services that can effectively mine network traffic for indicators of malicious activity.

“Today, we’re not just drinking from the firehose, we’re drinking from Niagara Falls,” Rothstein says. “Yet we have next-generation network security analytics products that are able to go really, really deep with the capacity to process all the traffic in real time and analyze it. We are then able to perform very advanced data visualization so that we can visualize and spot trends.”

False positives pitfall

We’re very early into this, and one of the obstacles to overcome is false positives. Many organizations already are using security products that generate huge numbers of alerts, many of which prove harmless. And human analysts, even with an assist from automated traffic analysis tools, are hard pressed to investigate them all.

“The complexity and environments are increasing, perhaps even more rapidly than the technology can keep up,” Rothstein says. “When we talk to organizations, we always encourage them to focus on their critical assets first.

“Focusing on high-quality anomaly detection, threat detection and critical assets is one of the ways in which I believe organizations can triage,” he says. “It’s common sense risk mitigation and prioritization.”

For its part, ExtraHop is developing systems to spotlight critical areas based on who’s accessing them and how they behave. Through advanced machine learning, the company intends to make these systems “smarter and smarter, making them better and faster learners about what’s going on in the environment,” as well as being able to scale up to deal with a growing torrent of data.

“I’m absolutely optimistic that the applications of new technology is allowing the defenders to keep pace, and I’m a very big fan of network security from the perspective of both detecting data breaches and the ability to streamline investigations,” Rothstein says.

I applaud Rothstein’s optimism. The innovation ExtraHop and others are now nurturing —  at the network switching level – was one of the most fundamentally encouraging things I heard last week at RSA.

“Certainly, we’ve got a tough hill to climb,” Rothstein told Last Watchdog. “But I’m confident and optimistic that the industry continues to close the gap” around breach detection.

(Editor’s note: Last Watchdog has provided consulting services to ExtraHop.)


Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone