ExtraHop sees everything moving across an organization’s network and uses that visibility to catch attackers in the act. Founded in 2007 in Seattle by Jesse Rothstein and Raja Mukerji, the company provides network detection and response (NDR) — passively monitoring network traffic to identify threats that endpoint security tools miss. Since attackers can disable endpoint agents but can’t hide their network activity, NDR provides a critical detection layer that remains effective even when other defenses have been compromised.
The company’s Reveal(x) platform decrypts and analyzes network traffic in real time, using machine learning to detect anomalous behaviors like lateral movement, data exfiltration, command-and-control communications, and protocol abuse. ExtraHop can analyze encrypted traffic — including TLS 1.3 — without requiring man-in-the-middle decryption, which is a significant technical differentiator. The platform covers on-premise, cloud, and hybrid environments, providing unified visibility regardless of where workloads run.
Bain Capital Private Equity and Crosspoint Capital Partners acquired ExtraHop in 2021 for approximately $900 million. Under private ownership, the company has continued investing in cloud-native detection capabilities and expanding its customer base. ExtraHop serves Fortune 500 companies, government agencies, and healthcare organizations — environments where network visibility is essential and the consequences of missed detections are severe. The NDR market has been growing rapidly as organizations recognize that endpoint-only security strategies leave dangerous blind spots, and ExtraHop’s decade-plus of network analytics expertise positions it well in that expanding market.
