Today’s increasing network complexity, growing obfuscation techniques, and exploding traffic volumes are exposing a host of serious problems: denial-of-service attacks, zero-day exploits, targeted malware, ransomware, Advanced Persistent Threats (APTs), and service level disruptions. In particular, the nature and frequency of cyber attacks are fundamentally changing the cyber security landscape. High profile attacks are now constantly occurring on an unprecedented scale and with extraordinary sophistication.
Dr. Pruthi is widely recognized as the founding father of packet capture, stream to disk, bit vacuum, and other similar technologies, this was his breakthrough work during his PhD that led to the launch of NIKSUN with the focus to solving problem which requires gaining actionable insight into the dizzying array of unknowns associated with each security attack or performance issue. Founded in 1997, NIKSUN has revolutionized the network monitoring and security industry by delivering a radical approach to analyze network traffic.
This article is part 1 of the interview with Dr. Pruthi. The second part is available here.
Cybersecurity Magazine: How did you realise security is a business, a revenue center? Especially in light of several top level PhD research which are conducted and not all lead to a company or even a product?
Dr. Pruthi: Long ago the packet based WAN networks were conforming to telecom standards and defined protocols like X.25/X.75, ATM, Frame Relay, etc. These networks were closed networks and they were designed with issues such as security, privacy, lawful intercept, etc. With the advent of the Internet as the primary interconnect, I envisioned that all of these aspects were not very well defined and tightly and centrally controlled. The designers of the Internet wanted very open and distributed networking which inherently had built in weaknesses. During the work I did for my Ph.D. thesis, I soon realized that the problems would be greatly compounded in the Internet. This was because we could not “restrict” nor “predict” what types of new applications or services could spring up in the future – sometimes new applications and services would go live so quickly that it would be impossible to ascertain the new vulnerabilities and threat vectors before hand and prepare properly for them.
So I fundamentally asked this question in my Ph.D. thesis: “given real world data from the internet, what measurements do I need to make to predict certain outcomes.” I.e. was there a robust closed model that would allow us to enumerate all the weaknesses so that focusing on the limited domain would lead to a highly secure network. While this question is not directly asked in my thesis, indirectly the nature of the internet traffic is analyzed and the answer, based on chaotic map modeling of the highly bursty nature of the traffic, led me to conclude that the answer was “the measurements you need to make depend on the problem you are trying to solve.” Contrast that with traditional modeling techniques where we can “reduce down” the real world problems to simple tractable models hence extracting defining parameters and metrics which we can use to know the system state at any give point in its evolution. I.e. the nature of the Internet was so vast that we would need to know with almost infinite precision everything that was going on and some problems were tractable and others not.
I soon realized that there was a huge security “hole” that was so big that it would possibly never be fully contained. Hence there was some business to be done for continuous monitoring and analytics in a scalable and evolutionary way. And here we are about 2 decades later; its still as bad a problem when we first started. In fact one can argue that the problems are getting worse because of the exponential variety of things being done with and on the Internet that one could maybe dream of but no one could really predict would happen in such short a time!
About Dr. Parag Pruthi
Dr. Pruthi brings over twenty-five years of expertise in the network security, wireless and applications analysis industry. Dr. Pruthi is the founder of NIKSUN which he has built from a startup to a highly successful global company leading the way in the cyber security, wireless and network monitoring markets.
Recognized as one of the foremost experts in advanced cyber security technologies, Dr. Pruthi advises on cyber defense strategies with some of the highest levels of governments and enterprises around the world.
This is the first installment of a longer interview with Dr. Pruthi. The next article will be published soon.