Not Firewalls, Not Sniffers

Parag Pruthi

Corrections or additions?

Published in U.S. 1 Newspaper on April 26, 2000. All rights reserved.

Niksun’s Strategies for War and Peace

If a 15-year-old Canadian hacker can immobilize such

giant sites as Yahoo, Amazon, e-Bay, and e-Trade, security is a crucial

concern for everyone in cyberspace. Parag Pruthi, president and CEO

of Niksun Inc. thinks he has least part of the answer. His firm has

non-intrusive network monitoring that can be used both in "times

of war" (when security needs arise) and in "peace time"

(when security is not at stake but performance levels need to be checked).

Founded in 1997, the company has moved from East Brunswick to the

Hovnanian Center at North Center Drive in North Brunswick. With clients

drawn from Fortune 100 companies and government agencies, Niksun expects

to go public and grow to 130 people, not necessarily in that order.

"We are unique in the marketplace," says Jayne Fitzgerald,

vice president of business development and operations. "Our president

and CEO was visionary. He spent a tremendous amount of time working

out the innovative approach to doing this. Our equipment is completely


"It took Yahoo and other companies several hours to shut down

this attack on their network. If they had had our product installed,

they would have known of this malicious activity within a fraction

of a second," says Pruthi. "It would have taken only minutes,

not hours, to identify the source of this attack and shut it down.

Rather than losing several million dollars in revenue they would have

provided the level of service one expects to receive when dealing

with a customer like Yahoo. Yahoo’s business was hijacked by a 15-year-old,

and that is ridiculous."

Niksun has dual purpose programs for both security and performance

issues. Its programs can secure a network from illegal intruders,

but the same programs can — in "peacetime" — deal

with performance issues:

Keep a company from losing customers due to poor performance

or capacity limitation.

Check to see if a carrier is meeting the network performance

levels its clients are paying for.

Check to see if employees are using the network in an inappropriate


Top Of Page
Not Firewalls, Not Sniffers

Niksun’s products should not be confused with firewalls, a way

of locking the network if a breach occurs. A firewall tries to keep

the fox out of the henhouse, but the Niksun products give in-depth

information once the fox is inside, telling where the fox dug the

hole, how many eggs the fox broke, where the fox is at the moment,

and how many chickens are dead. This information is obtained almost


Pruthi compares firewalls to traffic cops while his products are like

the hovering helicopters. "A cop typically stands in the path

of the traffic. His vision is limited by his height. If I come in

a helicopter I can report on what is going on, where it is coming

from, and what the problem is."

Firewalls, says Pruthi, lock everybody out or allow certain

holes in. "The product we have is more similar to a camera in

the network than a lock. Both are necessary for security enhancement.

One is incomplete without the other. There are a lot of firewall companies,

but no one with a camera in the network, available in an instant."

Niksun’s products are also different from "sniffers" or "protocol

analyzers." A sniffer records everything, and software on top

of that pulls out the significant events, explains Michael Markulec

Jr., COO of Research Park-based, which offers networking

services to small to medium companies of up to 100 work stations.

"Most Fortune 500 companies should already be doing something

like this," he says (

"A sniffer-type product must be preprogrammed, but with ours,

filters can be applied after the fact," says Pruthi, noting that

the currently well-known sniffer, marketed by Network Associates,

has very limited capabilities. "It can look only at what is stored

in the RAM and does not do continuous storage to disk for extended

periods of time. Not only are we able to do this, but we are also

able to analyze the data and correlate the information across the


Pruthi points to his distributed analysis engine that allows the client

to do pattern matching across the network. "Suppose you were interested

in finding out the root cause of a malicious problem and you needed

to know who sent what information and from where. If someone were

trying to hide an identity, you would be able track it right back."

"This high speed storage of information for many kinds of networks

— and simultaneously being able to process the information and

convert it to intelligence — this highly sophisticated system

does not exist in any products," says Pruthi.

Located in a box that looks like a router, the products

unobtrusively gather information from the network and can work in

a multi-vendor environment. Among Niksun’s products is NetVCR, which

does what a VCR does in the home — record and play back later.

When you are concerned about a network security or performance problem,

you define the attributes of the problem you want to look at, and

then you can see those statistics.

Another product, Net Detector, is a next-generation non-intrusive

Internet monitoring and response program. To identify if there has

been a breach of security, it records what has been compromised as

would a camera. Or, if you have a spike in the network, it records

when it occurred and what delay resulted. If the problem was an intruder

or hacker trying to compromise the network, you can go back and find

out what was done. "The client evaluates what it wants to record,

how much data it wants to keep, and determines the thresholds,"

says Fitzgerald. For a large scale system, the cost might be $50,000.

"Currently we are focused on direct end-user sales," says

Pruthi. "That gives us a lot of information to fine tune the product.

We are in discussions with other manufacturers. To install it is almost

as easy as plugging a computer into the network."

Top Of Page
Parag Pruthi

Pruthi grew up in New Delhi and Old Bridge, where his father was an

entrepreneur who started several companies and his mother was a botanist.

His one brother heads one of the family’s equipment exporting businesses.

It is part of his family’s religious tradition, he says, to work hard

and leave all else up to God. And like many successful entrepreneurs,

Pruthi’s parents told him there was nothing he could not do if he

worked for it. But in Pruthi’s case, when he was 15 years old, his

father gave him a difficult task, to devise a complex computer program

to automate his office using a very old Atari Tandy computer. "It

took me a good four months, and from that time I realized that I should

not back down but should keep chipping away. It was an assignment

nobody thought I could do, but I did it," says Pruthi.

He went to Stevens Institute, Class of 1987, and has a master’s in

computer science and a PhD in telecommunications. He worked for Bellcore

in operations and business areas and has 11 years experience in the

global telecommunications industry and academic research. Pruthi founded

this company, along with a couple of senior engineers, starting in

1997. The name of the company is the shortened version of the names

of the Pruthi’s two sons.

The vice president of engineering is Mahendra Pratap, formerly with

Lucent Technologies and AT&T; he has a doctor’s degree in nuclear

physics. Les Hribar is vice president of worldwide sales. Satish Pruthi is vice president of finance and administration.

Niksun was among the equipment vendors to join the Alliance for Internet

Security sponsored by, which offers security assurance

services for Internet-connected companies.

Patents are pending and Pruthi is not worried about other companies

taking his ideas. "Real time alerting and programming of new filters

in a dynamic manner is not very easy for anyone to copy. This is in

no way an unsophisticated task," says Pruthi. "We are collecting

data, converting data to information, and converting information to

intelligence and doing all of that in real time requires sophisticated


The company’s attorneys are Christopher Dervishian of Ratner Prestia

in Philadelphia and Kevin D’Amour of Reed Smith Shaw & McClay at Forrestal

Village ( The accountant, J.B. Oza, is from Hazlet. Venture capital

funding comes from the Silicon Valley — Redwood Venture’s Rajvir

Singh, founder of a company that was sold to Cisco Systems for $7


With recent financing from venture capitalists on the west coast,

the company is on an IPO path. "It is an exciting path," says

Fitzgerald, the vice president for business development. "Our

growth rate is expected to be 300 percent this year."

"We now have a product suite for monitoring quality of service,

security, and service level validation, and we are on the revenue

growth and client acquisition paths. Last year before the product

went generally available we had as many as 30 customers chomping at

the bit to do a beta test," says Fitzgerald.

Another sign of the times: Just after Niksun was introduced to one

of the companies that was victimized by the 15-year-old in February,

it was hired on a trial basis by that firm.

— Barbara Fox

Niksun Inc., 111 North Center Drive, North Brunswick

08902. Parag Pruthi, president and CEO. 732-821-5000; fax, 732-821-6000.

Home page:

Next Story

Corrections or additions?

This page is published by

— the web site for U.S. 1 Newspaper in Princeton, New Jersey.

Facebook Comments