Digital Version of November/December 2014 Print Edition
Narus changes course by betting on its ‘machine learning’ expertise
When, in 2010, Boeing bought Narus, a firm that specialized in “Big Data” analytics, Boeing probably thought it had acquired a highly-capable firm in a hot new niche. But, before too much time had passed, Boeing decided that Big Data analytics might not be all that it was cracked up to be, and that it should probably poke around in Narus’s intellectual property closet to see what else it could find.
Last September, Boeing hired John Trobough, a serial technology innovator in Silicon Valley who thinks of himself as a corporate turnaround artist, to take the reins at Narus and rummage around in that IP closet. Sure enough, Trobough found intellectual property that was impressive enough for him to chart an entirely new course for Narus; to take down the company’s existing Website (because it no longer describes where Narus is actually heading); and to prepare to “re-launch” Narus at the sprawling RSA show in San Francisco, which opens on Feb. 25.
“I opened the closet door and jewels fell on my feet,” recalled Trobough, in an exclusive interview with Government Security News on Feb. 22.
When Narus used to tout its ability to analyze huge mountains of data, and find patterns within that data that might help detect a cyber attack on a computer network -- or identify a terrorist by spotting nearly-invisible relationships that existed between that terrorist and his worldwide compatriots -- the company was at the cutting-edge of what has come to be known as Web 1.0 and Web 2.0.
Today, cyber experts describe the emergence of Web 3.0, which is sometimes called the “Semantic Web” or the “Predictive Web,” in which data crunchers are no longer satisfied to simply identify static content on HTML Websites (Web 1.0) or dissect user-generated data that can be found on social networks (Web 2.0).
Now, aficionados of Web 3.0 are striving to place data they find on Websites, social media and in Internet traffic in context, so they can develop a superior understanding of the meaning and relationships inherent in that data.
What does all that that mean? Trobough tried to explain how the sophistication of Web 3.0 has moved it well past the Web 1.0 and Web 2.0 capabilities of yester-year. Suppose, for example, you had a week off from work and wanted to plan a holiday. You might go to the Google search engine and type in “Mexican vacation.” Back in the Web 2.0 days, a state-of-the-art search might have generated a set of results that simply cited a long list of undifferentiated hotels, resorts and travel agents located in Mexico.
By contrast, a Web 3.0 search of the same phrase, “Mexican vacation,” might plow through vast amounts of data the search engine now has access to -- about you, your computer, your spending habits, your personal interests, etc. By sorting, sifting and analyzing all this available data -- in an automated fashion, through what is known as “machine learning” -- a Web 3.0 search might determine that you are, in fact, a wealthy, well-educated professional, with a high-speed Internet connection, a taste for fine wines and high-end vacations, who should probably be presented with an upscale offer from a Ritz-Carlton Hotel located on a swanky Mexican beach, rather than a budget-conscious Holiday Inn sitting in a less exotic locale. That’s an illustration of finding relationships within the data, so the results can be presented in context.
Here’s another example, provided by Prakash Nagpal, a senior vice president of Narus, during the same phone interview with GSN.
Suppose a computer network was being attacked by hackers based in countries throughout the world. By using machine learning, the IT administrator for that computer network might be able to determine the points of origin -- and, perhaps, the precise IP addresses being used by the attackers -- by analyzing mountains of data about the incoming traffic, as it crossed his or her network. Now, further suppose that the IT administrator monitors those suspected IP addresses, and discovers that some of the users of those IP addresses periodically log into their own Facebook accounts. By carefully monitoring their activity on Facebook, the IT administrator might be able to identify the exact names, addresses and occupations of some of the individuals who had mounted the original cyber assaults on his network.
Nagpal explained that his company’s machine learning algorithm would need to analyze thousands or millions of interactions to arrive at such conclusions. “You can’t find this through manual actions,” he told GSN. “What’s new is that you can do this with machine learning.”
The new leadership team at Narus believes that its expertise in machine learning could be the key to robust sales in the future. Trobough acknowledges that machine learning is not new to Narus; in fact, the algorithm has been kicking around Narus for approximately three years, he told GSN. What’s new is the emphasis that the company now intends to place on this emerging cyber technology.
In fact, Narus has developed a project, which it has code-named AppScout, that enables an IT administrator to spot traffic moving suspiciously around his computer network, and to reverse engineer that traffic in order to identify what kind of application it is. Trobough says that it is very hard to identify the actual application for about 60 percent of the traffic that moves around the average network.
Nagpal, the SVP of Narus, wasn’t too keen on explaining his company’s methodology for reverse engineering the data packets moving about a network. “This is our secret sauce,” he told GSN.