ⓘ Narus (company)

Narus (company)

ⓘ Narus (company)

In 2004, Narus employed former Deputy Director of the National Security Agency, William Crowell as a director. From the Press Release announcing this:

Crowell is an independent security consultant and holds several board positions with a variety of technology and technology-based security companies. Since 11 September 2001, Crowell served on the Defense Advanced Research Projects Agency DARPA Task Force on Terrorism and Deterrence, the National Research Council Committee on Science and Technology for Countering Terrorism and the Markle Foundation Task Force on National Security in the Information Age.


1. Narus Software

Narus is one of the first companies to combine patented machine learning algorithms, automation, and data fusion technologies to provide the incisive intelligence, context, and control network operators need to protect against cyberthreats and ensure information security.

Narus software primarily captures various computer network traffic in real time and analyzes results.

Prior to 9/11 Narus built carrier-grade tools to analyze IP network traffic for billing purposes, to prevent what NARUS called "revenue leakage". Post-9/11 Narus added more "semantic monitoring abilities" for surveillance.


1.1. Narus Software NarusInsight

Narus is noted for having created NarusInsight, a supercomputer system, whose installation in AT&Ts San Francisco Internet backbone gave rise to a 2006 class action lawsuit by the Electronic Frontier Foundation against AT&T, Hepting v. AT&T.


1.2. Narus Software System specification and capabilities

Some features of NarusInsight include:

  • Certified by Telecommunication Engineering Center TEC in India for lawful intercept and monitoring systems for ISPs.
  • Compliance with CALEA and ETSI.
  • Normalization, correlation, aggregation and analysis provide a model of user, element, protocol, application and network behaviors, in real-time. That is it can track individual users, monitor which applications they are using and what they are doing with those applications, and see how users activities are connected to each other e.g., compiling lists of people who visit a certain type of web site or use certain words or phrases in their e-mail messages.
  • Scalability to support surveillance of large, complex IP networks such as the Internet.
  • High-speed packet processing performance, which enables it to sift through the vast quantities of information that travel over the Internet.
  • NarusInsights functionality can be configured to feed a particular activity or IP service such as security lawful intercept or even Skype detection and blocking.
  • High reliability from data collection to data processing and analysis.

The intercepted data flows into NarusInsight Intercept Suite. This data is stored and analyzed for surveillance and forensic analysis.

Other capabilities include playback of streaming media i.e., VoIP, rendering of web pages, examination of e-mail and the ability to analyze the payload/attachments of e-mail or file transfer protocols. Narus partner products, such as Pen-Link, offer the ability to quickly analyze information collected by the Directed Analysis or Lawful Intercept modules.

A single NarusInsight machine can monitor traffic equal to the maximum capacity 10 Gbit/s of around 39.000 256k DSL lines or 195.000 56k telephone modems. But, in practical terms, since individual internet connections are not continually filled to capacity, the 10 Gbit/s capacity of one NarusInsight installation enables it to monitor the combined traffic of several million broadband users.

According to a year 2007 company press release, the latest version of NarusInsight Intercept Suite NIS is "the industrys only network traffic intelligence system that supports real-time precision targeting, capturing and reconstruction of webmail traffic. including Google Gmail, MSN Hotmail and Yahoo! Mail". However, currently most webmail traffic can be HTTPS encrypted, so the content of messages can only be monitored with the consent of service providers.

NarusInsight can also perform semantic analysis of the same traffic as it is happening, in other words analyze the content, meaning, structure and significance of traffic in real time. The exact use of this data is not fully documented, as the public is not authorized to see what types of activities and ideas are being monitored. Ed Snowdens June 2013 releases about PRISM surveillance program have made clear however that Narus has played a central role.


1.3. Narus Software Mobile

Narus provided Telecom Egypt with deep packet inspection equipment, a content-filtering technology that allows network managers to inspect, track and target content from users of the Internet and mobile phones, as it passes through routers. The national telecommunications authorities of both Pakistan and Saudi Arabia are global Narus customers.