Published on: 12-13-2018
Dr. Ed Amoroso, Founder and CEO of TAG Cyber
When you hear the term high-speed packet capture, what comes to mind? For me, the term has always conjured thoughts of comprehensive lawful intercept, broad metadata analysis, critical infrastructure protection, and on and on. These are big technical tasks with big operational consequences, and thus require curation from experienced, capable operators using scalable, mature systems and processing tools.
One of the great minds in this important area of network management and security is my longtime friend, Dr. Parag Pruthi, founder and CEO of NIKSUN. Since the mid-1990’s, Parag and his team have been at the forefront in the development of effective tools for collecting data from networks, regardless of their capacity, and using captured data for analytics to determine optimal network management, security mitigation, and incident response actions.
With this backdrop in mind, I spent time recently with the NIKSUN team in Princeton to catch up on recent advances, and to hopefully learn something new. What I found were use-cases that knocked my socks off - including a pair of creative new solutions to enterprise security problems that I’d honestly considered largely intractable. These solutions, rooted in network visibility enablement from the NIKSUN platform, are worth discussing. Let me try to explain:
The first problem being addressed by NIKSUN involves the nagging issue of enterprise security compliance for device portfolios that include IT systems that are either managed (good) or unmanaged (not good). Auditors tend to focus on these unmanaged inventories (an oxymoronic phrase, by the way), much to the chagrin of CISO teams, who routinely offer this complaint: How can we secure unknown devices that we do not manage?
“One of our great recent innovations,” explained Paul Spencer, Vice President of Engineering for the Company, “is that our enterprise network capture and analytics allow us to dynamically learn which endpoint devices are active in an enterprise. Through partnership with McAfee, we can then provide this learning to their ePolicy Orchestrator (ePO) to accurately differentiate between managed and unmanaged devices on the network.”
The result is an amazing enterprise security inventory capability - one that allows CISOs to hunt locally for unmanaged infrastructure. Once devices are identified as being active on the network, but not integrated into the local management tool - and McAfee ePO is an industry leader - the managed inventory can be augmented with this new information. I am certain that this cadence and general approach will emerge as an industry best practice.
The second problem being addressed by NIKSUN involves the accurate, real-time detection of zero-day vulnerabilities that might be introduced to an enterprise network. Certainly, NIKSUN has been at the forefront of performing high speed analytics, including security signature and behavioral pattern review. But zero-day detection is a true challenge, and I was pleased to see NIKSUN's approach - also based on its relationship with McAfee.
“Now that we have access to a massive base of malware samples from McAfee,” explained Spencer, “we can use these to develop a learning base for high speed packet capture analytics. As you would guess, we label malware based on a vector of features and the result is a machine-learning solution for high speed, packet capture for enterprise zero-day vulnerability identification in real time.”
This also is exciting, because it marries together two of the great themes of our cyber security industry: High speed networks and machine learning analytics. Through this partnership, NIKSUN and McAfee demonstrate the power of synergy, and the result is that zero-day risk is likely to decrease. I’d also expect that this combination of high-speed packet capture with advanced AI-processing will become an industry best practice.
If you are already a NIKSUN customer, then I suspect you may already be aware of these fine advances; but if you are new to NIKSUN, then give Spencer and his team a call, and ask them to take you through the specifics of how their industry-leading platform can be applied to your enterprise protection. We all know that Parag and his team understand big challenges on big networks; it’s great that they can apply this capability to a broad set of enterprise challenges.
As always, let us know what you learn from their team.