Narus’s deep packet inspection technology has many applications. It’s ability to to scoop up packet details in real-time and make sense of conversations is ideal for ISP billing and inter-carrier chargebacks. It can also alert network managers to hacking attacks and other suspicious behavior.
And it is the go to vendor in the government’s lawful intercept program or CALEA.
Narus has a darker site. It was implicated in the secret surveillance program of Internet traffic that made the papers a few years back.
With all this in mind, I took a look at Narus’s CyberAnalytics application, an “intelligence and security system that delivers dynamic, organization-wide network visibility and enables timely discovery and analysis of anomalous, suspicious, and malicious network traffic.” (See press release below.)
Parsing the marketing boiler-plate in their brochure, it seems that they’re not breaking any new ground. One feature that’s focused on is a real-time visualization dashboard–there’s even a grainy screenshot showing data in both tabular form and rendered as a network diagram.
With Narus’s CyberAnalytics, network administrators can reel off an SQL query–say, select ip_address where location= “san francisco” and traffic_volume > 1 GB”–to find and graph an unfolding DDOS attack.
Or less innocently, this same app could be part of a Strangelovian master control room monitoring a student dissent.
There’s even an analytics SDK for this thing.
Makes you wonder about the existence of a dark hackathon event, one where black hat hackers use Narus APIs to come up with snoopy software for the entertainment of secret police backers.
Just a thought.