Saturday, June 08, 2013

It's about the GOUGE!

We had the opportunity to finally sit with the Director of IT for a great American company. These guys represent all that IS American business. Hard working, salt of the earth types who come to work in the morning, and leave when the whistle blows --and like everyone else, their network is under constant attack. The Director of IT and his team work hard, fighting the fight on a daily basis, but struggle to keep their head above water. It's not because of a lack of skill, and certainly not because of a lack of trying or a a bad work ethic. They simply have never been exposed to the cyber ills known so well by those of us who’ve dealt with cyber espionage for the last several years. These guys needed someone to walk them through the problem. When we left, we took with us roughly 130,000 file samples, and are now analyzing malware that we'll be able to go back to him with, and help him through the rough spots.

Some people talk on the golf course. Others do it in bars. A new friend in NH bought a high end gym membership --all to create networks and build trust. Why? People matter. You can’t do business without them, and you can’t solve complex problems without information gathered from many sources. Our complex cyber environment --not just risk, threats and attackers, but also foundational complexities introduced by mobile, cloud, virtualization, VoIP, and dozens more, have caused us to build bridges on sandy unstable shores.  Simply connecting technologies to the bridge won’t make that shoreline any more stable. It requires an engineer who’s worked on sand before. Smart people matter. To solve problems with as many variables as we deal with on a daily basis, people have to talk --share notes; in the Navy we called it “the gouge”. Tell me what I need to do to make sure I pass my next inspection. You get the gouge by asking guys who’d been through it already.

Cyber is no different. Getting the gouge is about relationships. It's about talking one on one. It's about people trusting strangers with their worst problems and after a cup 'a Joe in the local diner, and then having the ability to talk openly. My IT Director would probably feel intimidated as hell talking to current Red Sky Alliance members about what he’s seeing --because he doesn’t yet understand that everyone else is having the same problems, and that there are others who’ve been there before him. But once the ice is broken, and we've taken him through the process, my bet is you'll be seeing them in one of the portals soon, building his own relationships, passing along his own gouge!

Gouge isn't what the press says. It's not what the government says. It's not what that slick new security tool salesman tells you. It's about good information that can help you avoid the lumps of trial and error. And there are very few places to get the good stuff --and only one that I know of with peer review of submitters so you know who to listen to and who not to listen to. Only one that I know of where large enterprise companies from dozens of industries aren't afraid to help others figure out what to do next --without judgement --because they've all been there. They know exactly what it feels like.

The membership of Red Sky Alliance has been dealing with APT, advanced criminal problems, and all of the emerging threats, and guess what.. many of them started out with one guy watching a log, who got a phone call from the government or one of the consulting companies telling them they have a problem. I know. That’s where it started for me. That’s where it started for almost everyone I know in this business. We were three guys from three companies sitting around a table comparing notes. We signed NDAs and started talking. Then we brought others in, sharing information -lump avoidance, lessons and indicators... and they got better too. We all built our own individual processes for dealing with the new issues, and at some point, the APT became just another problem.. the new normal. We passed the gouge.

Red Sky Alliance members have good gouge. Not just indicators, but the gouge... the good stuff.  

We've connected people who aren’t afraid to pass the gouge in a peer reviewed environment... and everyone benefits... at a fraction of the price of a new threat intelligence subscription.

  • In the private Red Sky portal, companies talk to companies. The environment is very active, and information is shared daily on current happenings.
  • Beadwindow is a public | private portal. Smaller companies, academics, and government users can purchase reduced rate memberships in Beadwindow and both talk amongst themselves, and ask questions of members of the private portal. And, many of the private Red Sky corporate users also have accounts on the public | private Beadwindow portal.
  • Wapack Labs has taken on a smaller company feel. We started with forensic services in April, but have since grown into a lightweight, low cost managed security, analytic and intelligence analysis service.

Red Sky has good gouge. Join us. We're happy to share!


We didn’t publish a fusion report this week but by no means was it slow in the portal.

  • We are looking at several new APT incidents and brought in a number of participants from two new members.
  • On Monday we are starting training for two new interns. They have a tough act to follow from our last intern however we have high confidence that they will add value to our community.
  • We introduced two new members to the Alliance, and sent a membership kit to that restaurant chain we mentioned last week. Wuhoo!

Have a great week!