ExtraHop appliance blends historical data with real-time wire data

Since its launch in 2007, ExtraHop, a specialist in real-time wire data analytics, has had a handle on data-in-motion. Wire data encompasses all network, client, application, infrastructure and business data, and ExtraHop’s platform is able to perform analytics on that wire data at line rate — up to a sustained 20Gbps. But with Tuesday’s release of the new ExtraHop Explore appliance, the company is adding the ability to perform wire data analytics on data-at-rest as well.

“Our existing appliance provide customers with the ability to mine, in real-time, all of the data-in-motion running through their network,” says Chris Blessington, senior director of Marketing at ExtraHop. “This new product brings the power of search — historical transactions. You can mine your data for much great insight than you could otherwise.”

[ Related: Digital publishers struggling to get real-time data ]

“They capture everything that moves on the wire. Everything,” adds Wes Wright, chief technology officer of Sacramento, Calif.-based Sutter Health, a 25- hospital not-for-profit health system that services more than 100 northern California cities and towns. “If you can capture what moves on the wire and spit it into an appliance and then mine that for data points that can help you as you service your patients, then that’s a big deal.”

Taking wire data analytics to business

In his previous role as CIO of Seattle Children’s Hospital, Wright’s IT ops teams came to rely on ExtraHop’s capability to provide visibility into their infrastructure. But the new appliance promises the capability to extend the benefits of wire data analytics beyond IT to line of business users.

For instance, there’s a push in health systems to decrease the number of antibiotics prescribed.

“If we take the antibiotics case, when an order is paced, it goes across the wire to the pharmacy in a well-formatted way,” Wright says. “When it sees an antibiotic order going to the pharmacy system, it can alert me. I want to know when there’s an antibiotic going across the wire and I want to know which physician is prescribing that antibiotic and I want to know how often that physician has prescribed an antibiotic in the past 30 days.”

If the analytics kick out that particular physicians have been prescribing more antibiotics than their peers for particular conditions, which could lead to an antibiotics counselor doctor contacting those physician to discuss strategies for treating those conditions without antibiotics.

Getting the dosage right

Another use case Wright notes has to do with insulin. In the correct dosage, insulin can be life-saving. But the wrong dosage can be deadly. The ExtraHop Explore appliance could help hospitals track insulin orders across the wire against existing patient data, particularly weight, as they move from the pharmacy to the hospital floor to the point of administration. At any point in that process, an incorrect dosage could trigger an alert.

[ Related: MapR 5.0 Hadoop supports real-time applications ]

The new appliance is priced on a per-node basis with no data restrictions. The virtual appliance starts at a list price of $10,000 per node and can index and store more than 1 billion messages per day.

The ExtraHop Explore appliance is just one part of the fifth generation of the ExtraHop platform, also released today. New features of the fifth generation platform include the following:

• Open Data Stream for Kafka. This feature uses the Apache Kafka open source message broker for real-time data feeds to support the correlation of multiple data sets while streamlining the distribution of those data sets to multiple destinations.
• Dynamic Discovery. This feature allows for the automatic discovery of any device in the environment, including Internet of Things (IoT) connected devices, understands device dependencies and tracks activity without instrumentation. L2 tunneling enables monitoring and analysis of virtual machine to virtual machine traffic, including virtual L2 segments such as SDN and private cloud. It also expands protocol support for DHCP, Telnet, Kerberos and MSMQ.
• Universal Observation. This feature delivers continuous, comprehensive observation of the IT environment from the highest level to granular, second-by-second detail to help IT identify anomalous and disruptive behavior from any device or user in real time.
• REST API. The new REST API gives users the ability to programmatically use, control and administrate any physical or virtual appliance through any programming language.
• New user interface and user experience features. These new features in version 5.0 are designed to simplify and accelerate the time to exploration and discovery. Key new features include a visual query language, dynamic tables for rapidly building comparisons of any attribute and selective dashboard sharing. New global navigation dynamically guides users through metrics.

Follow Thor on Google+