In a recent interview, Ariana Lynn, Principal Analyst at The Fast Mode spoke to Syed Hussain, VP of Product Management at SS8 on the importance of traffic visibility for today's networks. Syed joins us in a series of discussions with leading networking, analytics and cybersecurity companies, assessing the need for traffic filtering technologies that can deliver real-time, granular application awareness for meeting regulatory and compliance requirements, in particular, for lawful intelligence and interception.
Ariana: Can you discuss the role of traffic visibility in meeting regulatory and compliance requirements for telcos and governments?
Syed: Many countries have regulations mandating that Telcos be able to extract data from digital communications to help authorized authorities identify and arrest criminals. SS8 provides these solutions, which today include tools to overcome the pervasive use of encryption in 5G and OTT apps that hides message contents and even the service being used. Deep Packet Inspection (DPI) focuses analysts on the traffic flows around communications rather than their payload. This allows telcos and investigators to collaborate and identify what application or service a subject is using, when, and for how long. DPI also help telcos comply with data retention laws to store certain records – like call detail records, text messages, and internet traffic – for a specified period. Together, these capabilities allow analysts to identify unknown numbers and IP addresses, expand the scope of investigations, and establish patterns of life to solve crimes faster.
Ariana: How effective is DPI in providing real-time visibility into traffic flows, and how does it power your suite of solutions?
Syed: SS8’s Enhanced Protocol Extraction Engine (E-PXE) uses DPI to analyze communication application protocols and ports, including encrypted flows, and aggregate digital breadcrumbs that advance investigations. It goes beyond IP packet headers and into the nested headers of encapsulated traffic to extract metadata. This metadata contains application- and sub-application-level characteristics such as the platform used; whether it is text, voice, or video; and the devices and IP addresses associated with each flow. It can also be matched with known digital signature patterns we maintain to reveal additional information about the session. Additionally, SS8’s Intellego XT applies advanced techniques like heuristics and recursive identity lookups to enhance DPI capabilities with probability-based conclusions, timestamps from protocol data, and other reliable information that helps establish patterns of life for a subject and helps agents determine if an individual was involved with key events in a crime.
Syed Hussain has spent more than 20 years working in the telecommunication and cyber security industry in Engineering and Product Management leadership roles. He brings significant technical expertise to his role as VP of Product Management for SS8’s Lawful Intelligence products, covering Service Providers and Law Enforcement market domains. He has led architecture and design of 4G and 5G Lawful Interception solutions in Cloud and non-cloud environments. Syed represents SS8 in both ETSI and 3GPP standards bodies and at technology summits and holds a BS in Computer Science and Engineering.
This interview is a part of The Fast Mode's Traffic Visibility segment, featuring leading networking, analytics and cybersecurity companies and their views on the importance of network intelligence and DPI for today's IP networks. A research report on this topic will be published in June 2024 - for more information, visit here.
