Observable Networks : Network Security That Never Stops

Patrick Crowley, founder and CTO, founded Observable Networks in 2011 to bring to market the company’s endpoint modeling technology. For over a decade, Patrick has been a leading researcher on deep packet inspection (DPI) technologies within various academic, commercial, & government communities. In 2010, Patrick came to the realization that future security defenses would soon require new approaches and viable solutions that were insensitive to data encryption and the recognition of threat signatures. Additionally, Patrick is Professor of Computer Science & Engineering at Washington University in St. Louis. His research interests are in computer and network systems architecture, with a current focus on the design of programmable embedded network systems and the invention of superior network monitoring and security techniques.

Endpoint Modeling, Observable’s Core Technology

Observable Networks offers a SaaS security service, based on the company’s core technology referred to as “endpoint modeling”. Endpoint modeling uses network activity much like your credit card company uses transaction data which is to develop an understanding of normal roles and activities for each of the IP network endpoints communicating on the corporate network or within the company’s public and private cloud assets. Using this behavior understanding, Observable’s service automatically recognizes potential threats in a company’s network through the changes in endpoint behavior caused by these threats. Observable’s service provides dashboard, UI, and API interfaces for customers to review and research threat notifications or alerts.

They believe in following the strategies – firstly, to continue to enrich endpoint modeling in depth of modeling fidelity and breadth of modeling data and secondly, to amplify the “as a service” element of our offer that is key to our go-to-market differentiation. Observable Networks uses real-time network flow data, automated security analytics, and the methods to continuously model all network devices.

Transforming Benefits into Practical Enhancements

Their clients benefit from a deep understanding of their endpoints normal behavior and automatic recognition of endpoints deviating from established roles. Clients of all sizes are translating these benefits into practical improvements in their security. As an example, a hospital is able to better understand how their patient monitoring equipment acts and understands when their manufacturers are accessing devices to upgrade software. In this case, the improved understanding of equipment and supplier relationships gives the hospital an edge in recognizing when a device might be compromised. In another example, an MSP partner has been able to very rapidly detect malware on a client’s network and remediate before any damage was done due to Observable’s detection of uncharacter-istic activity related to a machine on the network.

Updating Technology in Coming Time

Endpoint modeling provides a compelling opportunity to change the way we think about achieving corporate network security. Fundamentally, endpoint modeling switches the basis of security from “knowing your enemy” to “knowing yourself”. This means that instead of attempting to know all of the attackers, all of the vectors of potential attacks, and all of the methods of attack (which is a non-achievable objective), endpoint modeling provides a means for companies to recognize an attack just by the changes that attack causes in otherwise well understood endpoint behavior.