Tech Field Day

The Independent IT Influencer Event

  • Home
    • The Futurum Group
    • FAQ
    • Staff
  • Sponsors
    • Sponsor List
      • 2025 Sponsors
      • 2024 Sponsors
      • 2023 Sponsors
      • 2022 Sponsors
    • Sponsor Tech Field Day
    • Best of Tech Field Day
    • Results and Metrics
    • Preparing Your Presentation
      • Complete Presentation Guide
      • A Classic Tech Field Day Agenda
      • Field Day Room Setup
      • Presenting to Engineers
  • Delegates
    • Delegate List
      • 2025 Delegates
      • 2024 Delegates
      • 2023 Delegates
      • 2022 Delegates
      • 2021 Delegates
      • 2020 Delegates
      • 2019 Delegates
      • 2018 Delegates
    • Become a Field Day Delegate
    • What Delegates Should Know
  • Events
    • All Events
      • Upcoming
      • Past
    • Field Day
    • Field Day Extra
    • Field Day Exclusive
    • Field Day Experience
    • Field Day Live
    • Field Day Showcase
  • Topics
    • Tech Field Day
    • Cloud Field Day
    • Mobility Field Day
    • Networking Field Day
    • Security Field Day
    • Storage Field Day
  • News
    • Coverage
    • Event News
    • Podcast
  • When autocomplete results are available use up and down arrows to review and enter to go to the desired page. Touch device users, explore by touch or with swipe gestures.
You are here: Home / Videos / Chalk Talk: The ExtraHop Architecture

Chalk Talk: The ExtraHop Architecture



Security Field Day 2


This video is part of the appearance, “ExtraHop Networks Presents at Security Field Day 2“. It was recorded as part of Security Field Day 2 at 15:00-17:00 on June 20, 2019.


Watch on YouTube
Watch on Vimeo

The ExtraHop platform was built to deliver visibility, detection, and investigation at massive scale. We consume a copy of unstructured network traffic from across your entire environment – from the data center to the cloud to the remote site – using a tap or port mirror. The ExtraHop stream processor performs line-rate decryption, decoding, and full-stream reassembly for every transaction. The end result is structured wire data that can be analyzed, explored, and fully leveraged for investigation and remediation. It’s our wire data that keeps our machine learning focused, precisely, and uniquely reliable.

In this session at Security Field Day 2, Deputy CISO Jeff Costlow explains the architectural foundation of ExtraHop’s network detection and response (NDR) platform, highlighting how it addresses the challenges of increasing network speed, sprawl, and the prevalence of encrypted traffic. ExtraHop’s design hinges on achieving real-time analytics by processing traffic in motion rather than relying on inefficient store-and-process models seen in traditional PCAP tools. By consuming raw packet data via taps or spans and avoiding reliance on NetFlow, the system extracts high-value metadata across over 4,800 metrics and 60+ L7 protocols, including HTTP and various database protocols. This metadata serves as a rich foundation for both security investigations and performance analytics, enabling operators to detect anomalies and rapidly respond across environments—whether on-premises or in cloud deployments.

A key strength of ExtraHop lies in its streamlined, unified workflow for investigation that integrates metrics, records, and packets under a single interface. It utilizes a custom event-based domain-specific language called Triggers for real-time scripting and flexible protocol support, empowering users to extract and act on specific application-level behaviors. ExtraHop can decrypt TLS traffic, including TLS 1.3 with perfect forward secrecy, through a patented method that forwards ephemeral session keys from servers in a secure, privacy-aware manner. The platform ensures customer privacy using deterministic encryption, selectively anonymizing data before it’s sent to the cloud while preserving utility for machine learning. This architecture not only adheres to privacy-by-design principles aligned with GDPR and HIPAA, but also provides effective machine learning outcomes by leveraging its expansive metric catalog in the cloud without compromising sensitive information.

Personnel: Jeff Costlow


  • Bluesky
  • LinkedIn
  • Mastodon
  • RSS
  • Twitter
  • YouTube

Event Calendar

  • Jul 9-Jul 10 — Networking Field Day 38
  • Aug 19-Aug 20 — Tech Field Day Extra at SHARE Cleveland 2025
  • Sep 10-Sep 11 — AI Infrastructure Field Day 3
  • Sep 24-Sep 25 — Security Field Day 14
  • Oct 22-Oct 23 — Cloud Field Day 24
  • Oct 29-Oct 30 — AI Field Day 7

Latest Coverage

  • Automating the network design, what does it really mean?
  • Key Takeaways from Security Field Day
  • Ubiquiti’s Growing Presence in the Enterprise Market
  • Backups That Belong in the Cloud—But Not Too Close
  • Using a network diagram to configure the network – Another example of GenAI being used by networking vendors

Tech Field Day News

  • Have A Classy Time with Tech Field Day Extra at Cisco Live US 2025
  • Exploring Cloud Resilience, AI, and Data at Cloud Field Day 23

Return to top of page

Copyright © 2025 · Genesis Framework · WordPress · Log in