back caretBlog

Day Zero: Our Perspective on ExtraHop's Mission, Our Vision, and the Road Ahead

By Jesse Rothstein and Raja Mukerji, co-founders

Today, we are proud to announce that ExtraHop has entered into an agreement to be acquired by Bain Capital Private Equity and Crosspoint Capital Partners. It is a watershed moment for the company we started 14 years ago, for us as co-founders, and for the many current and former team members who come to ExtraHop to do exceptional work in service of a worthy mission: to provide our users an advantage against advanced threats with security that can't be undermined, outsmarted, or compromised. Today, we're doubling down on that mission.

Welcome to Day Zero

In security, a 'Zero Day' is an exploit derived from a previously unknown vulnerability. It's the ultimate tool for nation states and cyber criminals because it provides an unconstrained opportunity to gain access to, and move laterally within, a network.

We think of today as 'Day Zero' at ExtraHop. It's our greenfield opportunity to capitalize on our technology leadership in the rapidly expanding Network Detection and Response (NDR) segment, with the backing and resources of investors that bring a wealth of knowledge about how to accelerate and scale the growth and innovation of companies like ours.

As co-founders, this acquisition isn't the end of the road for us––it's the beginning of the next chapter. We're reinvesting in the newly acquired entity and will work alongside the teams at Bain Capital Private Equity Capital and Crosspoint Capital Partners as we stomp on the accelerator for ExtraHop.

Vision is Anticipating Shifts

Fourteen years ago, we founded ExtraHop on the knowledge that the wire doesn't lie––that the network is the source of ground truth about what's happening across the digital enterprise. As cloud adoption has exploded, IoT has proliferated, and organizations have reshaped themselves to support remote workforces, this has only become more true.

While the network has always been a rich source of insight, deriving actionable intelligence from the petabytes of data that traverse it each day is hard. When we started ExtraHop, we set out to make it much easier to access that insight in real time and at scale. ExtraHop created a fundamentally new way to analyze all data-in-flight in real time across the entire hybrid environment. Our platform is composed of core proprietary technologies including real-time stream processing, in-flight decryption, and advanced machine learning that combine to deliver the most powerful detection and automated investigation capabilities on the market.

But cloud, IoT, and distributed operations are not the only forces reshaping modern digital business. The enterprise IT estate is now vast and perimeter-less, and it's under constant threat from nation states, cyber criminals, and even insiders in pursuit of sensitive business and personal data, illicit profit, or both.

That's why, a little less than four years ago, we took our decade of expertise in mining this vast source of real-time intelligence and turned the power of the network into an advantage for security teams. Four years ago, we had no product specifically aimed at security, and no awareness in the security market. Today, we're among the top three players in the second fastest growing cybersecurity segment, network detection and response, with hundreds of enterprise customers that rely on our Reveal(x) platform to defend their organizations from the most advanced cyber threats.

Our focus on scaling for enterprise customers gave us a huge advantage. When other NDR products were in their infancy, we were already performing real-time behavioral analytics, applying millions of machine learning models, and doing line-rate decryption at 100Gbps. ExtraHop Reveal(x) was the first NDR product to perform machine learning in the cloud to deliver intelligent threat detection at petabyte scale. It was the first NDR product to deliver a fully SaaS-based platform that deploys and starts detecting threat activity in minutes with zero configuration overhead. It was the first––and remains the only––NDR product that can give you visibility into encrypted traffic, where more than 70% of malicious threat activity now hides. We provide insight across all infrastructure, workloads, and data-in-flight at speed and scale no one else can touch.

To put it simply, ExtraHop offers the advantage of truth. Irrefutable, immutable truth, from intrusions at the edge, to post-compromise activity in the east-west corridor, to forensic proof of what happened over time––across every device, every system, every cloud workload, every data center, every remote site, everywhere your business is, and everywhere it's going.

After extensive due diligence and market research, Bain Capital Private Equity and Crosspoint Capital Partners believe that NDR is poised to be the next major cybersecurity category. The segment is already growing fast at 24% CAGR, and they believe that's just the beginning. They view NDR as a superset category that will consolidate intrusion detection and prevention systems, as well as network forensics, advancing the state of the art across all of network security with massively scalable AI and machine learning. We agree with them.

They also see the shift in the market away from a prevention-and-protection model and toward a detection-and-response approach. According to Gartner, less than a decade ago just 10% of enterprise security budgets went to detection and response. Today, that number is over 60%, and growing.

Even that trend doesn't fully illustrate the opportunity. Today, cybersecurity is a $125 billion market (inclusive of services), and most of it focuses on securing users. Technologies like endpoint detection and response and identity and access management have seen massive growth as organizations look for ways to shore up their weakest point––humans. But in the rush to detect threats introduced by phishing scams and weak passwords, organizations are missing the most advanced threats, including zero days and software supply chain attacks, that bypass users and directly exploit infrastructure, workloads, and data. The unexplored opportunity in detection and response is around defending exactly those assets––infrastructure, workloads, and data-in-flight––from the cyberattackers with the knowledge, skills, and resources to inflict the most damage.

Of course, it's not just the market opportunity. Bain Capital Private Equity and Crosspoint Capital Partners also believe that ExtraHop has––bar-none––the best-in-class team and the best-in-class product in the NDR market. They see a fast growth path to ubiquity for ExtraHop on the horizon, and they are committed to providing the strategic guidance and support to help us achieve that goal through both organic and inorganic expansion and innovation.

Vision is Shaping the Future

Today is Day Zero at ExtraHop. We have the leading platform in a market that is only just beginning to explore its full potential. As of today, we have the strategic guidance and resources of Bain Capital Private Equity and Crosspoint Capital Partners, and they are ready to support us with a variety of expertise, help us continue to build our talented team, and make industry in-roads that support our growth.

It is now our job to double-down on our leadership role in shaping the future of the cybersecurity market. We said at the outset that today is our day to stomp on the accelerator, and we're doing just that.

We're going to start by accelerating our capabilities around detecting, investigating, and responding to the most advanced threats, including software supply chain attacks and zero day exploits, that bypass user-focused defense systems and go straight for infrastructure, workloads, and data.

We're going to seize our strategic opportunity to consolidate IDS and network forensics into a superset NDR category.

We're going to invest in building out our detection and response capabilities for the explosion of unmanaged devices now connecting to the network, including enterprise, healthcare, and industrial IoT.

We're going to capitalize on the wave of Zero Trust adoption with visibility that verifies that segmentation and policies across Zero Trust frameworks––a "zero trust, but verify" approach that shores up user-based security with defense tailor-made for infrastructure, workloads, and data.

We're going to continue to build our services offerings, with an eye toward filling the "first 24 hours" gap between when post-compromise activity is first detected and full-scale incident response teams are typically deployed.

We're going to expand on our partnerships with leaders in the market like CrowdStrike and AWS to automate response at the ecosystem level and create best-of-breed detection and response that truly delivers on the promise of integrated insights.

And we're going to continue to listen to our customers––the people on the front lines of cybersecurity––to help them reclaim the advantage against advanced threats.

Conclusion

Today is Day Zero on the next phase of our journey as a company, and we're thrilled and excited for the future. At the same time, we're humbled by the support and commitment we've been shown by our customers, channel partners, technology partners, and team members. Thank you for all that you've meant to the success of ExtraHop so far, and we can't wait to work alongside you on this exciting phase of growth and development!

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed