Posted on September 21, 2020 by Joseph Lamport
What does it take to build a breakthrough technology product today? We recently had a chance to sit down with John Limb, the CTO at Braintrace, who is the primary driver behind the development of Dragonfly, a cutting-edge Network Traffic Analysis tool, which takes the fight against malware to the next level. Compared to all the other NTA’s on the market today, Dragonfly provides near-complete visibility, including visibility into encrypted communications, that makes it far easier for the security team to stay a few steps ahead of all the bad actors.
Braintrace’s breakthrough with Dragonfly is all the more remarkable, given that the network security space has long been dominated by huge players, all of whom have vast resources and development budgets at their disposal. In comparison to these behemoths, Braintrace is a modest-sized business. As CTO, John Limb presides over a core research and development team, BraintraceLABS, as well as a European group who support the development efforts.
“With developing new technology today,” as John Limb explains, “there’s no reason to be deterred simply because you have a small team and relatively limited resources. You can put yourself right on the leading edge by leveraging great tools and technology from the open source community. That’s exactly what we did.”
A few other key points emerged in our conversation with Limb, which also seem to be important elements in shaping a successful strategy for tech product development today. The development process starts by taking a careful look at what the market leaders are doing. “And then,” as Limb says, “you have to ask yourself, what can you do that’s better?”
For Braintrace, that meant starting by taking a much closer look at one of the industry’s networking giants, and figuring out their methodology for analyzing encrypted communications; while you can’t read the encrypted contents directly, other platforms identify the unique length and time sequence associated with each packet, which provides a basic means of fingerprinting the packets associated with malware.
“The closer we looked, the more we thought we would be able to take the analysis of encrypted packets further -- beyond merely looking at the packet sequence. We realized if we could harness the proper AI engine, using today’s state of the art deep learning tools, we would be able to build a far more powerful predictive engine for detecting malware.”
Limb’s intuition proved sound. By deploying the latest and greatest deep learning models, Dragonfly has been able to achieve a significant improvement in performance compared to the leaders in the industry. Dragonfly is capable of payload analysis with greater than 99% accuracy, which confers an enormous competitive advantage. In fact, Dragonfly can identify malware by analyzing encrypted packets and comparing them to other known malware families, which means that Dragonfly is capable of deterring what the security community refers to as zero day attacks – rooting out malware even before a particular IP address it is associated with has been identified on a blacklist.
One additional factor that Limb credits as a major contributor to his team’s success is the decision to involve clients directly in the development process. “Any time you are developing a new product, you want to make sure you get your clients’ input early enough to make a real difference. There’s no way to build a product that is going to effectively address clients’ needs unless you first take time to know what your clients think.”
************
Dragonfly was officially launched on September 15, 2020, to the world. If you are interested in viewing a demo of Dragonfly, Braintrace will be hosting a live demo on September 25, at 12:00 PM EDT. You can register here:
https://us02web.zoom.us/webinar/register/WN_ri1AHekDT8auMpdZUNM7CA