Narus is one of the first companies to combine patented machine learning algorithms, automation, and data fusion technologies to provide the incisive intelligence, context, and control network operators need to protect against cyberthreats and ensure information security. Narus software primarily captures various computer network traffic in real time and analyzes results. Prior to 9/11 Narus built carrier-grade tools to analyze IP network traffic for billing purposes, to prevent what Narus called "revenue leakage". Post-9/11 Narus added more "semantic monitoring abilities" for surveillance.
Normalization, correlation, aggregation and analysis provide a model of user, element, protocol, application and network behaviors, in real-time. That is it can track individual users, monitor which applications they are using and what they are doing with those applications, and see how users' activities are connected to each other in India for lawful intercept and monitoring systems for ISPs.
The intercepted data flows into NarusInsight Intercept Suite. This data is stored and analyzed for surveillance and forensic analysis. Other capabilities include playback of streaming media, rendering of web pages, examination of e-mail and the ability to analyze the payload/attachments of e-mail or file transfer protocols. Narus partner products, such as Pen-Link, offer the ability to quickly analyze information collected by the Directed Analysis or Lawful Intercept modules. A single NarusInsight machine can monitor traffic equal to the maximum capacity of around 39,000 256k DSL lines or 195,000 56k telephone modems. But, in practical terms, since individual internet connections are not continually filled to capacity, the 10 Gbit/s capacity of one NarusInsight installation enables it to monitor the combined traffic of several million broadband users. According to a year 2007 company press release, the latest version of NarusInsight Intercept Suite is "the industry's only network traffic intelligence system that supports real-time precision targeting, capturing and reconstruction of webmail traffic... including Google Gmail, MSN Hotmail and Yahoo! Mail". However, currently most webmail traffic can be HTTPS encrypted, so the content of messages can only be monitored with the consent of service providers. NarusInsight can also perform semantic analysis of the same traffic as it is happening, in other words analyze the content, meaning, structure and significance of traffic in real time. The exact use of this data is not fully documented, as the public is not authorized to see what types of activities and ideas are being monitored. Ed Snowden's June 2013 releases about the PRISM surveillance program have made clear however that Narus has played a central role.
Mobile
Narus provided Telecom Egypt with deep packet inspection equipment, a content-filtering technology that allows network managers to inspect, track and target content from users of the Internet and mobile phones, as it passes through routers. The national telecommunications authorities of both Pakistan and Saudi Arabia are global Narus customers.
