Erik Giesa profile picture

Erik Giesa

Wednesday, August 10, 2016

I recently left a fantastic company and a team that I helped build over the last four years.

ExtraHop was growing rapidly and in fact we set a record in bookings and revenue the last quarter I was there. The pipeline was looking phenomenal several quarters out. We were winning well-deserved product awards and getting recognized in the market by industry analysts for our novel and comprehensive approach to IT Operations Analytics (ITOA). We coined a new concept called Wire Data (the real-time analysis of all data-in-flight) to convey our unique value. We built incredible healthcare, security, and business analytic solutions on top of our platform. We also pioneered the idea that modern IT operations had to move from a tool-centric approach to a data-driven approach in order to unify visibility across all IT domains. I believe ExtraHop will eventually overtake vendors like Splunk and AppDynamics because ExtraHop’s stream analytics platform is the only solution capable of producing comprehensive and full stack insights of Wire Data at scale. ExtraHop’s approach to observing and recording all transactional information is simply superior to analyzing self-reported and incomplete log data or host-based agent data. Several very smart Gartner analysts had anticipated this for quite some time and even wrote a seminal report in March on the superiority of Wire Data. The legacy vendors who have attempted to mimic ExtraHop like NetScout, Riverbed, and Corvil are in for a world of hurt – their true deficiencies will be revealed. 15+ year old architectures simply can’t do real-time analysis, classification, and measurement of everything.

I loved the company, our solution, and my team. I really, really loved my team and was so proud of their accomplishments. We had set a strong culture of collaboration and it showed by how they leveraged each others strengths and were highly tuned across all product and go-to-market disciplines. They made me a better leader and I was having fun. We were also preparing for a new CEO who I knew was going to be perfect to take ExtraHop to the next level, maybe even an IPO. So why leave during the hockey stick growth phase and join a very early stage startup to do it all over again? My wife thought I was crazy. At times I was wondering the same thing but my heart and mind couldn’t get over the fact that I had an opportunity to do something really big. Bigger than my stint at F5 and bigger than ExtraHop.

It boils down to two reasons.

1. It’s not often you get a chance to really change the face of an industry and Tempered Networks presents that opportunity. Our approach to unified networking and security is really novel and elegant in its simplicity. It solves some really hairy and pervasive problems in IT. 2. It’s also not very often you get a chance to do good and make an impact on what really matters in life. I know that sounds horribly sappy but it’s true. I’ve worked in the technology industry for almost 25 years and I’ve never understood why really smart developers and engineers would use their intelligence to hack and harm others. Why would someone infect a non-profit children’s hospital with ransomware or try to take out a city’s water supply? That’s simply evil.

The fundamental problem with networking today is the Internet Protocol itself.

The fundamental flaw in IP is the fact that an IP address has served as the cornerstone of both identifier and the location of a resource. This introduces two significant challenges: one, if a resource can be identified and found, it can be hacked. And two, the tight coupling of an IP address to its resource means restricted mobility and location dependence. Both of these challenges translate to the fact that networks and their underlying resources will always be vulnerable, difficult to protect, and inflexible. Network provisioning, expansion, contraction and access revocation is significantly constrained until a seamless alternative to solving this problem is found. At Tempered, we believe to really solve a problem you have to go to the absolute source – IP itself. We believe that by solving this problem, it will transform the way networking and security is done today.

Here are the questions I began to ask myself when Jeff Hussey began recruiting me eight months ago.

  • What if a simple, orchestrated, and encrypted fabric could be provisioned in seconds that wasn’t based on an IP address for device identity but on a unique CryptoID? Would it be possible for any connected device, system, or sensor to be instantly provisioned, segmented, moved without disruption, as well as be immediately revoked within the fabric? Yes.
  • What if this fabric didn’t require any modifications or changes to your existing network, application, and security infrastructure and was agnostic? Could it be applied on-premises and for private and public cloud resources regardless of the vendor? Wouldn’t this create a very malleable and elastic fabric that was completely under the control of the customer and not the vendor? Yes.
  • What if it could support all connectivity mediums; wired, wireless, cell, radio, and SatCom networks? I could start to apply consistent and predictable security controls for not just my IT assets but also for my operational technologies like HVACs, pumps, sensors, building controls. Would it help reduce the attack surface that these “other” networked devices present? Yes.
  • What if almost every device or system could be cloaked and not have any TCP/IP footprint? Isn’t it more difficult to hack if it can’t be seen or found? Yes.


All of these questions made me think, man you could create your own private and protected Internet that was cloaked, simple to manage at scale and didn’t require a PhD!

It could even reduce the complexity of managing all of those complex firewall policies and rules, VPN policies, L2/L3 ACLs and provide a simple micro-segmentation and security model that’s never been done before. IP would be more mobile, you could reduce IP conflicts and constraints because the IP address is abstracted from the transport layer and managed by a series of secure gateways in a mesh. You could start to unify the networking and security of any connected device or system and orchestrate its access to any connected resource. It’s the ultimate in deconstructing the perimeter all the way down to the host. It’s elastic from perimeter of many to a perimeter of one. You choose.

Google pioneered a significant part of what we’re doing here at Tempered with their BeyondCorp initiative, but that is only focused on secure access and eliminating the perimeter. Most organizations don’t have Google’s massive development and engineering talent to design, build, and maintain such an architecture. Enter Tempered Networks. We have made what Google has done not only practical for any size organization but made it extremely simple. We’re also doing something Google’s BeyondCorp wasn’t designed to do – virtual networking that is not tied to or dependent upon any particular networking infrastructure making IP truly mobile. This has never been done before until now.

That’s why I left such a great place – to help create another great place and hopefully do some good in the process.