As we continue with the second part of the interview, Dr. Pruthi explains the paradigm shift required to tackle the online threats. The shift is dynamic with multiple variables constituting to an ever changing scenario, but the fundamental way of minimizing the threat remains the same, that is the transition from Unknown to Known. Enjoy this read as Dr. Pruthi, a pioneer of cybersecurity, shares his vision of tomorrow.
This article is the second part of the interview with Dr. Pruthi. The first part is available here.
Cybersecurity Magazine: What is the core technology of Niksun? Does it need to be a constant innovation? The background of this question is to understand hackers ability to innovate with limited resources, surely, not all are funded.
Dr. Pruthi: Looking back in time, I think one of the good things I did was to not dilute the solution to build the “flavor of the day.” I felt that the problems were real and they would continue for a long time. And that we could not build a good security infrastructure if we chased only the problem of the day. That’s indeed what we had to do: invest in the long term, i.e. to really believe that the problems would remain and we don’t need to just “cash out soon and run.”
So I invested heavily in building the right infrastructure that is scalable, that can work in small networks to gigantic networks. This was not easy to build nor was this work for those who want instant gratification. It required hiring the personality types who could stay with it for a long time and keep the cycle of “revolution” and “evolution” going from generation to generation of the technology. It is this dedication and knowledge of the “real facts” and acknowledging those facts that allow NIKSUN to constantly innovate to stay one step ahead of the hackers.
Now to answer what NIKSUN does. I’ll keep it at a high level so, many people can understand it. Generally speaking there are many ways in which one can get compromised and breached. There will always be more and more motivation (money) for those who can capitalize on the efforts of others. Thus we must always take the paranoid approach that the “hacker” is always one step ahead of us. That the “hacker” knows the security measures we have taken and will try to find a way around them. Simply put, tools that detect breaches can also be purchased by the hacker, they will be able to know how and when the tool detects and when it does not. Thus, any good hacker will not go down the obvious path. So I came up with a simple way to explain this concept:
You have the knowledge domain of the:
- Known – Known. This is where I the defender know what the attacker knows. For example, I know that a particular vulnerability exists and then I can take actions to prevent it.
- Known – Unknown. This is where the defender knows that some attack is possible through their firewall for example, but don’t know how. We can also deal with this by saying “lets be extra vigilant around the firewall.”
- Unknown – Unknown. This is where the defender cannot and has not even thought of the possible attack vectors nor even has any knowledge of the possibility of an attack vector existing in a particular manner. This is the biggest “hole” in security. This is the domain that the hacker tries to exploit. Their job is to know something you don’t know and exploit it.
Now realizing this, I said to myself instead of giving up and saying we cannot do anything about the “Unknown – Unknown” because we can’t even think up the possibilities of things, that they are sometimes even beyond our imagination, is there something we can do? After some thought I realized that yes, it is possible to also deal with this situation. We need a way for a security system to be able to measure with precision almost everything there is to know. Sure, it can be costly but let’s not consider that now. Is it possible? Yes, it’s possible. The reason it’s possible is because the Internet is man-made with man-made machines and man-made data and we can know everything about it. Now consider that we can “instrument” this network to be able to know everything. Now I can use techniques to visualize, to look for odd behaviors, to look for unusual things, etc. and then I can go from the Unknown – Unknown to the Known – Unknown and with further focus on the now Known – Unknown I can make the second Unknown, Known, or I can get to the Known – Known where I have complete knowledge and can contain the problem.
So I went about building such a system. The basic idea is to get all the data from the network – all packets, all logs, all events, all flows, all measures, etc. and build an engine that can “mine” this data and “visualize” it such that it gives humans and machines a way to glean the known as well as the unknown from it.
When I first discussed this concept people thought I was a crazy person. That this was impossible. But look today – there are governments and enterprises capturing 90 days, 6 months, sometimes years of full packets. As prices scale, so does the capability.
Because I’ve been able to keep a team intact from the beginning, we have been able to build on our previous experience and make things better and better generation over generation of the technology. I.e. it is impossible to build what we have built in 1 year, in 2 years, in 5 years or I will say even in 10 years even if you spent a ton of money on it. The kind of domain knowledge and expertise you need just is not available.
It is this singular vision and belief, based on fundamental scientific work, that is responsible for us to stay one step ahead.
CSM: What can we learn about innovation from the “dark side”?
Dr. Pruthi: This is a cat and mouse game. As in any game, the players only get better once one plays against better and better players. The “dark side” keeps us on our toes and challenges us. We welcome the challenge !
CSM: Please share your vision for medium and long term
Dr. Pruthi: In the long term I believe that society is headed towards “no secrets”. Everything, it seems, will be instantly knowable. Thus, solutions like NIKSUN’s will become even more necessary. There is no other way around it. So in the long term, you will see a NIKSUN in some form or another almost universally present on the Internet.
In the medium term, I am trying to get governments and companies to stop spending foolishly on “bolt on” technologies. A tool for every thing. They need to see that a platform is far more powerful and long lived. That with the “flavor of the day” mentality they are simply throwing away their money. Unfortunately, most people don’t have the skills to see through the dense fog and then they simply go by voices that scream the loudest. But slowly and surely as we implement this vision of “build once – use many” is paying off for clients in many ways. They get more relevant information with tools that don’t have to be ripped and replaced, they get things much more faster and quicker, and they get to know things beyond what they thought they needed to know hence educating them on the depths of the problem as well. This overall is reducing their total cost of ownership and significantly reducing their risks and the amount of fines and other expenses they have to pay for after breaches.