I stopped by ExtraHop at Citrix Synergy because I'd heard a lot about them, and while most monitoring solutions appear to be relatively similar (these were dubbed YAM for "Yet Another Monitor" years ago by Kevin Goodman), within about 30 seconds it seemed that ExtraHop's solution was quite a bit different than most of the other solutions out there. They use passive network monitoring via a spanned or tapped port (which, ironically, doesn't add an extra hop). With this method, they actually look inside the packets as they traverse the network, including ICA (which they've licensed).
This is good, of course, for all those situations where a "Citrix problem" turns out to be caused by some other system, but that's something all comprehensive monitoring solutions can claim. What's cool is that because they can see everything going on and mine so much information out of packets, they have lots of insight into database and file server information, files accessed, stored procedures, users, processes, and so on. With this information in hand, ExtraHop can watch for problems and automatically identify trends, bottlenecks, and issues without any threshold tweaking by an admin. Best of all, they do this without an agent!
They even plug into Splunk, which may seem odd at first, but they've run into situations where a system might not log information that would be helpful, but the Extrahop solution can extract information directly from the packets. They can then forward that information via RSyslog to Splunk so that Splunk can work its magic.
For more information, check out the video below and visit ExtraHop.com.