Problem: Current antivirus systems rely on humans: when a network attack comes to light, security analysts begin looking for a string of bytes–a “signature”–that uniquely identifies the malicious program. The signature must be downloaded (often automatically) before software can identify and block attacks. But the whole process takes hours–or days–while attacks can infect up to 55 million computers per second.
Solution: Sumeet Singh has completely automated worm and virus detection, putting defenders on the same footing as attackers. As a graduate student at the University of California, San Diego, Singh realized that worms and viruses move through a network differently from normal traffic: malicious code strives to reproduce and propagate itself rather than simply to travel from point A to point B. So he created software tools that scan for snippets of data that exhibit such behavior.
Incorporated into a network router or switch, Singh’s software can identify malicious code when it first enters a network and generate “vaccines” to combat its spread. In June 2004, Singh cofounded NetSift with his PhD advisor, computer science professor George Varghese, to commercialize his technology. Cisco purchased NetSift just a year later; Singh has since led the integration of his techniques into Cisco routers and switches. He hopes that this technology, able to scan more than 20 gigabits of data per second, will eventually stop viruses and worms as soon as they pop up.