Security Experts:

Security Startups: Interview with nPulse Technologies President and CEO Tim Sullivan

Security Startups Feature on Brinqa

Company: nPulse Technologies  |  Who: Tim Sullivan, President and CEO

SecurityWeek: How did you start out in the computer field and in particular, security?

Tim: I’ve been in the software industry for 20 years now. I started on the Sales and Marketing side, and done every job in that department. At a certain period, I was involved in taking a company public and after the IPO I ran their Sales and Marketing. The senior investment bankers in NY asked me what I was going to do next. I asked what’s hot, and they said cyber security. Since then, 2002, I’ve been in security - I started a company, Fidelis Security Systems. Fidelis was acquired [in 2012] by General Dynamics.

Along the way, I met the founder of nPulse Technologies, Randy Caldejon, who’s an amazing CTO. I really wanted to work with him so we connected in 2011. I thought the area in cyber-security he was working on, full packet capture, was fascinating.

SecurityWeek: What’s the story behind the founding of nPulse?

Photo of Tim Sullivan from nPulse Technologies
 Tim Sullivan, President and CEO of nPulse Technologies

Tim: Randy founded the company in 2006. It was actually a special high performance computing project in the Intel community. One of the major Intel agencies asked Randy if he could build for them a 10GB full packet capture. If he’d be able to do that, they would begin to buy appliances from him.

In 2011, Randy started bringing in a management team where several of the members had previously worked in a legacy packet capture company. They were well-versed in the market so that was the next phase of the company. Shortly after the key management team was formed, I came in to lead the management with my knowledge of the cyber-security market.

It worked really well. In 2.5 years we took nPulse from 5 employees to 25 today, we’re cash flow positive, and we have 52 large enterprise customers - including 2-3 major investment banks, 2-3 telcos, Intelligence and government agencies. We’ve become self-sustained on 1/10 of the capital that took my previous company Fidelis to become self-sustained.

SecurityWeek: What does nPulse do?

Tim: nPulse Technologies does full packet capture. Consider it as a DVR for your network. Say you’re watching a sports event such as soccer and want to see if the players hit a foul or if the ball went above the line – you’d go to the recording to validate. That’s the role we’re providing for security professionals. Security professionals are receiving alerts from firewalls, IDS, IPS and they need to go back in time - from the alert, which is the meta-data, to the actual data which is the packets. We provide the haystack and the tools to extract the needle from it.

It starts at first with the recording of the traffic – the ability to go back in time and saying for how long the event was taking place. Then, it’s possible to basically deconstruct the packets and see how the event happened and what exactly occurred. For example, if one host in the network is communicating externally, the security professional can check whether others hosts are communicating out to that site and at what stage the company is at in a multi-stage attack.

What drove our growth is the need to do 10GB full packet capture – we have the only solution in the world to do this. Networks are moving to 10GBs so there’s lot of solutions out there that were fine for a 1GB world, but don’t work for a 10GB world. That created the market opportunity for us.

nPulse TechnologiesSecurityWeek: What's your business model?

Tim: We sell appliances which are normally installed at the core of the network. That’s where you can aggregate a lot of traffic up to 10Gb. As I mentioned, there’s an appliance but we’re a software company so we have perpetual licenses and maintenance.

We’ll be launching a series of software projects in Big Data analytics space that will complement the capture probes. Our probes are called Capture Probe eXtreme (CPX). Typically you buy CPXs for the core of the network where the traffic is the fastest and then we’ll be bringing tools to further analyze that traffic. We already have some analytics tools but we’ll be bringing more analytic tools in the Spring.

SecurityWeek: What are your markets?

Tim: Our primary markets are investment banks, high frequency trading shops, Federal agencies and telcos. We monitor the fastest networks in the world and obviously those networks all need security monitoring tools.

SecurityWeek: Who are your biggest competitors?

Tim: Netwitness which was brought by RSA, and Solera which was bought by BlueCoat. One competitor benchmarked at 500M packets down the wire and that sounds like a lot. But it’s not a lot - on a 10GB network that means 15 seconds of traffic. What our customers require is days, weeks and up to months of sustained packet captures. There are always these cute tweaks around performance and we stand by our claims.

SecurityWeek: Is nPulse hiring? If so, what do you look for when you hire?

Tim: We’re currently hiring developers and support personnel.

Typically we’re looking for people who are experienced at their particular job function and who have appreciation for an early stage venture. The culture is very flat and we’re going to give folks a lot of responsibility - they must be willing to accept it.

SecurityWeek: Where do you think your field is going on from here?

Tim: In order for the industry to grow it has to grow to the Cloud. The reason is that the real resource constraint in the market is the analyst. SMBs don’t have the resources to attract, develop and train the specialized analysts to make these tools work together. There will always be multiple tools so analysts need to work with a tool set. When analysts are working on a tool set in a process, that’s what I call cyber-security.

What I see happening is that SMBs will acquire cyber-security as a service from Tier1 - telcos and other service providers. The service will provide the tools and the analysts. The key here is that the tools need to be carrier grade since they’ll have to handle saturated links that can aggregate traffic from multiple clients and be able to socialize the cost across clients. There’s going to be winners and losers and I’m highly confident we’ll be one of the winners. There’s an actual precedence for this already – a program like Einstein 3 in the government where the Tier 1 telcos are providing this service to protect the .gov domain. We participate in that program. That’s where I think cyber-security hits a much bigger growth phase than where it’s at.

SecurityWeek: As an entrepreneur - any tips for other starting out?

Tim: Focus on the market risk question - understand where you are relative to the market. The reason is that the first order of business is to survive. So understand how close you are to market, or if you’re radically changing the market - then gain a sense of how long it’ll take to change people’s minds. That’ll drive your finance, marketing and sales strategy. Sometimes peoples hire salespeople too soon while first they need product management personnel to spend time with customers and build compelling use-cases with customers.

SecurityWeek: Other than yours, what is your favorite startup – whether it is in security or not?

Tim: I have to say Fidelis. Obviously that’s because I was the founder, but also that it exited successfully - that’s the key.

view counter
Noa is a private consultant specializing in building thought leadership teams within tech companies. She is one of SecurityWeek’s first columnists with previous columns focusing on trends in the threat landscape. Her current interest lie on the business-side of security. Noa has worked for Imperva as a Sr. Security Strategist and before that, as a Sr. Security Researcher. She holds a Masters in Computer Science (specializing in information security) from Tel-Aviv University.