Featuring Narus Greg Oslan

With Rich Tehrani

Rich Tehrani’s Executive Suite is a monthly feature in which leading executives in the VoIP and IP Communications industry discuss their company’s latest developments with TMC president Rich Tehrani, as well as providing analysis on industry news and trends.

The evolution of communications networks and solutions in today’s IP environments, without question, brings new productivity, convenience, and cost-savings to businesses, governments, and consumers alike. Never before has such a plethora of communications options been available on a wide scale - and the possibilities will only continue to develop.

However, these same products and solutions that are so valuable to businesses, pose an equally difficult threat to their networks, as there are countless individuals and groups who seek ways to exploit vulnerabilities in IP-based communications systems for their own ends.

To contend with those threats, security solutions vendors are continually on the job, hoping to stay one step ahead and plug even the smallest holes in communications systems. Narus is among the vendors looking to ensure the security of communications networks, starting with many of the world’s largest carriers, who must provide complete security for their users across the globe.

Rich recently spoke with Narus’ CEO and President Greg Oslan about some of the challenges facing service providers today, as they, along with their customers, continue to migrate to IP-based communications solutions.

RT: How have you seen the role of the carrier changing over the past few years?

GO: The role of the carrier has changed dramatically in recent years, and the term “service provider” has changed the most. Initially, the services that carriers provided were voice-centric. Adding a new service meant things like voicemail, a new 900 number service, etc. In the late 1990s and early 2000s, the carriers evolved to provide Internet connectivity services (i.e., data services). They’ve traditionally provided just the connection, and customers paid by the bits transported. If one of their enterprise customers were to be attacked by a worm or a Distributed Denial of Service (DDoS) attack, then that was not the carrier’s problem - it was the customer’s problem.

Today, carriers have expanded their services offerings to include a wide array of IP-based services. This has been driven by the consolidation of wireline and wireless carriers (such as Sprint acquiring Nextel or Cingular acquiring AT&T), and the need to keep the average revenue per user (ARPU) as high as possible. Today’s carriers offer new services ranging from VoIP and IPTV, to Push-to-Talk (PTT), to content delivery such as ringtones, MP3s, and streaming video. As the industry moves closer to architectures such as IMS, these services will be delivered anytime, anywhere, to any device.

RT: Has there been a shift, then, in their approach to things like network security?

GO: The carriers have definitely shifted their approach to network security. In this new world, the carrier’s enterprise “customers” are no longer the only target of DDoS attacks. Disrupting a carrier’s VoIP or streaming video service is just as enticing. This dynamic is pushing the carriers toward implementing a high-performance, scalable security system to protect their entire network infrastructure - from the high-speed core (where they can see everything most efficiently).

RT: Are you saying that security now fits into the carrier’s mainstream business thinking?

GO: Indeed, it does. In fact, this actually brings us to another significant shift. Carriers, today, have considerably more skin in the game when it comes to “cleaning the pipes” of worms, DDoS attacks, spam, etc. Their enterprise customers are overwhelmed in their attempts to block all the malicious traffic as it enters their network, while also trying to prevent insider threats, comply with SOX regulations, and so on. Hence, the enterprises are now turning upstream to their Internet service providers and carriers, forcing more of the external security burden on them. Bowing to competitive pressure, the carriers are now offering aggressive SLAs that assume much of this burden and trigger expensive penalties if attacks actually reach their customers’ networks. Interestingly enough, most carrier’s see this as a revenue-producing opportunity, so it’s really caught on. We’ve seen a significant number of carriers entering the Managed Security Services market. Here, the carriers really want to leverage a single, scalable security solution that protects their assets in the core, while extending that “blanket” over their customers as a revenue-producing managed security service.

RT: Are they looking to consolidate the security implementations to cover the core and the edge?

GO: Yes. The bottom line is that carriers want one common system that can scale to protect their core, and extend to provide managed security services at the network edge. Narus is the market leader in this space. Our NarusInsight Secure Suite provides a single system that can scale to secure the massive amounts of high-speed traffic found at the carrier core, yet also detects the widest range of unique attacks on networks, such as wireless networks, VoIP networks, and others.

RT: What is the role of Government in the new Internet security landscape, and how does it relate to that of the carrier?

GO: While carriers are typically concerned with securing their assets, and those of their customers, Governments are concerned primarily with two things: preserving national infrastructure, and assuring the safety and well-being of citizens. As it turns out, the Internet has an important role in both of those pursuits. Today’s national infrastructure is no longer confined to things such as ports, highways, cities, etc. The Internet is not only one of the largest enablers of commerce worldwide, but it’s now a primary means by which we access government services as well. So, protecting this infrastructure is critical to ensuring the smooth flow of economic activity in-country and around the world.

RT: Was this essentially what we witnessed recently in Estonia?

GO: Exactly. Starting in late April 2007, and over a ten-day period, the country of Estonia suffered three waves of carefully orchestrated denial of services attacks on a massive scale. From the Prime Minister, to the Parliament, to essential 911 emergency services, to financial institutions, the Internet presence of many critical services was simply “taken off line.” These attacks are thought to have been sponsored not by an individual, but by another country. If this turns out to be the case, it will have been the first confirmed example of state-sponsored cyberwarfare. This is a scenario that has been contemplated for years. It could now become a common practice. Defending against these types of attacks is no longer a luxury, or a “nice to have.” It’s now an absolute imperative.

RT: How has the evolution of the Internet as a communications medium changed the face of local law enforcement?

GO: As we’ve all seen, the Internet has become a primary method of communication for ordinary folks around the world. Unfortunately, it’s also become a primary method of communication for those who would seek to perpetrate terrorist or criminal acts. The interception of these communications is a critical component of Law Enforcement’s ability to protect citizens and their property. The emergence of new technologies, such as web mail, allows anyone to walk into any cyber cafe and send email messages using a different computer - one that they do not own - each time they communicate. This presents a huge challenge to law enforcement agencies that need to track targeted individuals and intercept their communications. We’ve cracked this challenge in our NarusInsight Intercept Suite product, but it was quite difficult, indeed.

RT: Are the roles of the carriers and Governments interrelated?

GO: They absolutely are. All of the dynamics I mentioned significantly increase the roles of both federal and local Government in Internet security. But they also tighten Government’s relationship with the carriers, whose infrastructure actually routes the Internet traffic.

RT: What is unique about Narus’ approach to meeting carriers’ needs, and what can we expect to see in the future?

GO: Today’s carriers require systems that can scale almost infinitely to meet the unique rigors of the world’s largest IP networks. In addition, they require leading edge technologies that can protect core infrastructures, drive new revenue streams, and assist Government and Law Enforcement in intercepting terrorist and criminal activity. They need systems that can integrate into networks they already have, yet seamlessly extend to new networks as they’re deployed. This really plays to Narus’ strength. Our applications are built on the most powerful, most flexible IP traffic processing engine in the world. Our NarusInsight Secure Suite algorithms detect the widest range of attacks, and are significantly faster and more accurate than anything on the market. Our NarusInsight Intercept Suite application can target the widest range of communications methods in the industry.

And this is just the beginning. In our labs, we are working to solve the problems associated with traffic processing at speeds up to 40 Gbps. We’re also inventing new ways for the system to “learn” about new classes of malicious traffic on the fly, and compensate in real time. We’re discovering new ways to deal with encrypted and opaque communications, onion routing, and other issues to “connect the dots” to trace back terrorist and criminal activities. We filed over 10 patents last year alone, and we’re on a pace to significantly exceed that this year. We think we’re extremely well positioned to lead the industry for years to come. IT

» Internet Telephony Magazine Table of Contents