Understanding what your in Extrahop

So not sure where I should post this. It is not really a question. But more of a statement. Knowing your environment is really important. And really Understanding the OSI model. I have had Revealx\Extrahop in our invironment for I think 5 years. And we use it daily. It has caught some of the most awesome things for us. And really helped solve a ton of problems. As well as help improve performance almost 10 fold.
Now with all that being said. The reason is has been so successful is the depth of understanding our team has of our environment. This like knowing when and HTTP post is used and that we should only see HTTP post at 20% of HTTP Gets in our environment.
Knowing when a time out error occurs. What are the variables of a time out. Is it the application itself.

  • What is the time out of an RTO?
  • What is the Time out of a three way handshake?
  • what is the time out of a TLS connection?
    one must really dig into understanding the OSI model and how it apply to trouble shooting problems in your environment.
    Funny thing is all the security guys gloss over this. But fact is as you understand all this from a performance perspective it applies to security as well.
1 Like