Saturday, September 07, 2013

Red Sky Weekly: This is big!

This is the first blog after our two year anniversary of incorporating Red Sky Alliance, and I can’t even believe how far we’ve come! In two years… and at the same time, we’re putting on the “heading into the end of the year membership push”. So sorry, this isn’t a rough cut blog, nor a controversial issue. It’s very simply, this is what we’ve done in the last two year. I’d offer this too. We started from nothing… an empty portal So, here’s where we’re at:

Intelligence and Analysis:

  • We’ve published roughly 100 pieces of detailed, sourced, finished technical analytics (we call them fusion reports --roughly 20 pages of analyst porn and usually a couple of hundred technical indicators presented in Lockheed’s original kill chain format).

  • We’ve published dozens of non-technical intelligence reports showing targeting, intent, and yes, attribution in many cases!

Our membership is active!

  • We’ve got roughly 45 active organizations represented in the two portals, ranging from state/local/federal IT and Information security personnel in our Beadwindow Private | Public portal to 30 or so global enterprise companies in our private Red Sky portal with hundreds of thousands of employees all over the world. In fact, rough estimates suggest this small number of members own, manage, control, or secure over 20 million computers in approximately 140 countries around the world!
  • The portal has grown both in numbers, and in quality of information and activity. Our members contribute on a daily basis more than any other group I’ve been involved with! Checking a moment ago, as of today we have 182 users in our private portal, (including several dev, test and administrative). Of those 182:
    • 81 (slightly less than half) are active participants (we monitor for lurking, but also have many CISOs who just want to read to know what their teams are seeing and doing!)
    • 48 threat analysts or incident responders from these great companies contribute regularly
    • and 23 are regular users who are on here all the time --meaning they log in first thing in the morning and stay on all day (it can be addicting!)

We’ve expanded our services!
  • In April we opened Wapack Labs in Manchester, NH. One might call this our ‘collaboratory’ because of the many great skunkwork ideas that flow in and out of it on a daily basis. Others might call it our ‘wholesale analytic shop’ because we’ve been funded to do analysis on the backend of one of the larger national Computer Emergency Response Teams and a couple of smaller projects for both members and non-members. Others might call it a simple incident response and forensic shop, but that’s a pretty mundane way to describe it given some successes.  Here including two of my favs:

    • WhoisRecon: One of our guys, in his quest for additional data to analyze created a system designed to link and graphically analyze the meta-data associated with bad guys we see registering domains (we call this WhoisRecon and it’s cool as hell!)
    • TIAD: Development of an automated threat intelligence system that links our analytics in the portal to real world data. Today, we have the ability to run nearly 300,000 externally captured pieces of information against all of the data from the two alliance portals and quickly diagnose and qualify them as to what we believe the level of badness is in the intent of the attacker. How cool is that?! In the government we built one of these bad boys and called it GoldRush. Except in the government, the same system cost roughly $10 mil to build. In our collaboratory that is Wapack.. under $200K!
    • R&D: Besides the finished works, we’ve done a bunch of work with Watchguard boxes to see if we can make them do fun things. We’ve had some fun with Splunk and TIAD and a product called Veera. (You’ll be hearing more about this at the Threat Day on Monday.. Oh, wait. I didn’t mention that? We’re having our next Threat Day on Monday at one of the major telecoms, with a tour of the Global NOC. I’m really looking forward to this!)

Last, but certainly not least.. our intern program!

Last year we offered two internship programs. One intern made it through the program. When he graduated, we pushed him into the membership for his first job. Why not? They’ve been seeing his work all year. They peer reviewed him in the top 10%. Why wouldn’t one of our members hire him. And you know what? He’s in a great job working as an intel analyst at one of the biggest credit card processors in the world! He’d been offered three jobs from members, and we’ve been told (by the members) that they’ll take as many as we can push out. So this year we have four of them in the pipeline. One just accepted a (paid) position in a local university. One has another year of school, but she’s bilingual (Japanese and English) and a dual major (CS and Journalism --what a great combination! Man, can she write!). Another is a statistician, and the last is just wrapped his program in homeland security.

“Heading for the end of the year membership push”

So here it is.. it takes months to get membership checks from big companies… even when you offer good terms. I’ve got 14 appointments in the next two weeks to talk about potential memberships. It’s getting busy. Send me a note and schedule your demo today before the end of the year rolls around!

Until next time,

Have a great week!

Post a Comment