Balbix founder and Rice University alumnus Gaurav Banga (Ph.D. ’99) was supposed to be a computer science professor. When asked what drew him to Rice University, Banga said, “I was very interested in supercomputers and compilers. Rice was a leader in that field, and I hoped to become a technical expert in those areas.”
The New Supercomputer
While Banga was at Rice, the Internet became a fast-growing phenomenon and surfaced a number of critical gaps between the demands of unpredictable Internet traffic and the capabilities of systems software and network protocols. This became Banga’s area of research.
“The Internet was the new supercomputer,” as he put it. In four years, he published nine papers about his research at top systems conferences including four that won best paper awards. Many elements of Banga’s Ph.D. research were quickly incorporated within commercial products.
“Just before I graduated and started applying for various faculty positions, I realized I would be teaching undergraduates without knowing much about their future industry careers. So I took a sabbatical for a year to work in industry.”
Banga dove into an industry at its peak. Between 1998 and 2000, the technology industry was experiencing a boom and he felt invigorated by the fast pace of innovation and unlimited possibilities to do interesting work.
“It was very rewarding,” he said. “I loved the challenges of building large and complex systems software at Network Appliance (NetApp) to power systems such as Yahoo! Mail, Dreamworks’ production of Shrek and the big banks of New York. I never went back to academia. Five years later, I became an entrepreneur when I discovered a problem I couldn’t put down.”
He noticed an increasing number of business professionals were using a smartphone—a combo device that combined a mobile phone with a hand-held computer called a PDAs (personal digital assistant), and he began working on software to make the devices more useful.
“My first serious computer was a mainframe. It was mind blowing to think you could have a powerful Internet-connected computer in your pocket. When I first saw a PalmPilot phone called the Samsung I300, and I started using it, I began thinking of the amazing possibilities of applications that would make the everyday smartphone experience so much better,” said Banga, who started a company to deliver those applications.
Within two years, PDAapps, Inc. had published popular apps like VeriChat which became the world’s most popular mobile instant messaging app in 2005. Banga’s company was acquired by Intellisync Corporation, and he directed the mobile software product division of the new organization. When Intellisync was sold to Nokia the following year, Banga looked for his next challenge.
A Difficult Turnaround
“I was intrigued by science and art of executing successful turnarounds (think Apple and Steve Jobs) and accepted the role of CTO for Phoenix Technologies Ltd in 2006. We were developing core software for personal computers, such as booting up your PC. At that time, the publicly traded company was in dire straits – both technically and financially.
“During those years at Phoenix, I learned a lot about organizations and what makes them tick (or not). Each day, I was discovering issues facing an established company that is set in its ways and entrenched in a particular corporate culture. We successfully fought off a hostile takeover attempt and went on to grow the business at a significant speed and restore it to profitability. Then we were hit by a second hostile takeover. At that point, the company was taken private and broken into multiple smaller companies, which was heartbreaking for an entrepreneur.”
Reflecting on his different industry experiences, he decided that he preferred spending his energy on innovation, building and working with motivated teams to create new solutions, while aligned with investors with similar goals.
At NetApp in the 1990s, Banga had offered to take on cybersecurity oversight responsibilities for the company’s products. A decade later, some of Phoenix Technologies’ customers began asking for assistance in building very secure personal computers. “Then sophisticated cyber-attacks began, like the 2009 attack on Google that resulted in the theft of intellectual property. Dozens of other companies — in industries ranging from security to chemicals– were also targeted in that attack,” he said.
“It seemed to me that we were building a vast technology-industrial complex around an insecure software. What was particularly problematic was the human user and their Internet-connected endpoint, which made it relatively easy for an adversary to breach an organization. Anti-virus software based on signatures of known malware was no longer effective because attackers could create new and practically undetectable malware at will. I started Bromium to help eliminate security breaches by providing a new type of protection against advanced malware.”
Banga uses a medical analogy to describe the problem with very difficult-to-detect malware and overlapping sources of infection. He said, “A doctor treats and even operates on sick patients who are likely carrying unknown illnesses. The doctor has to treat the patient, so they put on gloves to limit the spread of infection. It’s impossible to avoid the unknowns and still do their job, so they limit their exposure with gloves.
“A doctor changes their gloves between patients and goes through a large number of gloves during the course of a single day. This practice works well to prevent doctors from getting sick and keep infections from spreading. Similarly, many emails and websites carry malware planted by cyber-attackers.”
Banga’s company Bromium developed a type of “digital glove” for computers, to prevent computer from getting infected and to avoid infections spreading from one computer to another. Without realizing it, Bromium users automatically don a glove in the form of a virtual machine to browse a website, shed the glove as they leave the website, and pull on another protective glove to check their email or browse another website. The gloves are actually thousands of virtual disposable computers, used to secure computers systems at scale.
But as Bromium’s success grew, Banga was discovering additional cybersecurity challenges.
“It was becoming increasingly clear that major security problems don’t occur just at the user’s laptop or desktop. My customers – CISOs of the Fortune 500 and government agencies were telling me that there were so many new problems they had to worry about, like protecting cloud and data center servers, network infrastructure, industrial controllers, IOTs, unmanaged devices, and their supply chain. They struggled to determine the areas of greatest risk, and what to focus on. By 2015, the attack surface of organizations was exploding.
“CISOs and CIOs of the Fortune 1000 are faced with a practically infinite set of potential vulnerabilities across tens (or even hundreds) of thousands of assets. How could they decide where an attack might start, or what areas they needed to prioritize for risk mitigation? This is not a human-scale problem anymore.”
In 2015, Banga launched Balbix to automatically and continuously quantify an organization’s security posture and breach risk in a way that allows executives to visualize areas in need of attention. He said, “We discover and analyze the enterprise attack surface— within the context of the business— and provide relevant insights on cyber breach scenarios prioritized by risk. We prescribe prioritized actions that cyber-defenders need to take in order to improve cyber-resilience and decrease breach risk. We also provide real-time drill-down risk heatmaps and Google-like natural language search for all types of cybersecurity and risk questions to support informed decision making.”
Balbix is based on deep learning and a host of innovative machine learning algorithms.
Banga still feels there is much work left to do. “Cybersecurity is the most important problem facing technology today,” he said. “We need to protect the cyberspace in which our modern technology devices operate. Otherwise, there will be no trust and safety in the technology-steeped world of the future. If we don’t get ahead of this problem, we’ll be building a very fragile and brittle future. That’s the challenge I’m focused on right now.”
He attributes some of his determination to secure cyberspace to his Rice experience. Banga said working in Rice’s environment of world-class research gave him tools and confidence to successfully work on world-class problems.
“All the different faculty members and students around me were doing cutting edge work and I realized I could change the world, innovate, do anything I needed to. And the work ethic and outlook I have and hold dear, I picked that up at Rice. Being surrounded by people who were only doing the right things for the right reasons shaped my own approach to problems and how I think about things.”
Gaurav Banga completed his Ph.D. in Computer Science in 1999 under the advisement of Peter Druschel.