Serial Entrepreneur: Taher Elgamal (Part 8)

Saturday, March 31, 2007 Related Content Share/Send | 1 comment

Taher addresses some of the unexpected impacts of the growth of the Internet, and the impact this had on network design. These thoughts lead into the development of Securify.

SM: What were you doing with Securify? TE: That was mid 1998, and it was an attempt to make networks work correctly knowing the entities you are connecting to. When the Internet came in, something extremely unexpected happened. Everybody, 100% of businesses got connected, and there are no two networks who are not connected to each other. The problem is none of these networks were not designed to be connected to anything. We ended up backing things into these networks, and trying to secure them. A lot of things ended up broken, and even today there are a lot of networks which are connected to the Internet which do not have proper security.

My original philosophy was to devise schemes to help businesses run networks the way they were intended to be, and then we could perhaps stop a lot of the bad, evil or unexpected things.

SM: What were you selling? Was it software? TE: Yes, but the original product was a suite of consulting services.

SM: So you actually worked on corporate networks and plugged their holes? TE: Yes. We had one of the best security consulting groups ever. It was the most unbelievable group of characters I would ever work with. That entire team is now CEOs – it was an unbelievable collection.

In order to build the product we had in mind, we needed to know what the networks looked like. In the mean time we built the technology which Securify still sells today which is a policy based method for managing events. The concept is if you determine something happening on the network should not be happening, you eliminate it. Most of the kernel security methods people use are negative things, which is the opposite way of looking at things. It is very difficult to manage security tracking down negative things because the evil things change every day and it becomes an arms race.

SM: What you were trying to do is preemptive? Can you give us some more on that, some logic for that approach? TE: Suppose you are listening on the wire in the middle of a network. What you listen to tells you that IP address x is asking to access the server at IP y, and the nature of the session looks like a web session. You then simply look at your policy for y and figure out if these two are allowed to talk to each other. If it is not OK then you stop something, or alert something. It turns out that in general, if that were the infrastructure of the networks, then networks would be a lot more secure.

Today what we do for the most part is listen in on traffic and try to see if it looks like some type of attack which we have seen before. The problem is you must see the attack first.

You really need to be ahead of the attack, and be trained on what to do first. That is the right security model. It is the security model from the old mainframe era. The best security model the entire industry has ever developed was in the mainframe era, and it has all been going down hill since then.

This segment is part 8 in a 13 part series Segment 9 →
Jump to part: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13