Saturday, July 12, 2014

Red Sky Weekly: if you want to check the engine, you've got to look under the hood!

Let me ask a simple question. If you took your car to the mechanic and he never lifts the hood to check the noise you've been hearing, would you trust him when he makes his diagnosis and hands you an estimate? Some mechanics have more oil under their nails than my car has had in its oil pan but those guys have more time under the hood than nearly anyone I know, or have MIT degrees (the Car Talk guys?!) and can diagnose problems based on sounds made by the owners. But for most, if you want to check the engine, you've got to look under the hood!

Why am I talking about cars and mechanics? Because believe it or not (hell, I can hardly believe it myself!) I'm going to defend NSA... this week marked yet another piece stemming from the Snowden leaks (The Washington Post, republished by the Boston Globe). I'm not going to defend only the NSA, rather the idea that to catch criminals using the internet, we need to monitor the internet! It's a simple concept!

As a security pro, if I want to know what's going on in your computer, I need to be able to look at it. If I think it's been broken into, I need to look at processes running, files on the machine, and for those really pesky APTs, I'm going to need full packet captures on all comms going in and going out of your network. And yes, I may need to read your email! I promise, if I don't need to I won't, but sometimes... well.

I consider myself an inactive middle of the road Libertarian. I don't participate in Porcupine events. I'm not an anarchist, and I'm not a hemp wearing hippie, but I do believe that my freedoms are really important. I have no problem with the EPA taking water samples to make sure our watershed hasn't been polluted or poisoned, and while I'm not a fan of NSA reading traffic over the wire, if in fact they really do (I don't really know), I'm as much a fan of having someone reading my email as I am my annual prostrate exam. In either case, there's a necessary evil that must be endured for the sake of long term health.

Need examples?
  • Last year, while watching activities related to folks breaking into computers, we were tipped off to a cache of videos of bad guys teaching other bad guys how to make bombs in their garage... about 30Gb of the stuff. Don't worry. We did the right thing.. but at the same time, we had evidence of bad guys doing bad things on a good tool.. bomb makers teaching others to make bombs and distributing them on the internet. 
  • How many dirt bags are taking liberties with kids and pushing their stuff around the internet? 
  • And I haven't even talked about espionage, credit card theft, banking account takeover, or fraud yet... 
And so you wonder why, when we're worried about terrorism, or millions of credit cards stolen from your favorite department store, or espionage targeting the very intellectual property that you work so hard to build and sell... why do people monitor raw data? To find those A-holes (yes, with a capital A) that keep stealing our stuff.

Yes, there are challenges with troubleshooting blood-borne computer illnesses, and certainly privacy concerns in having to look at the actual data to know when terrorists may be planning attacks over Twitter, but we'll figure that out. And the answer should not be black and white. It's going to land somewhere in the middle. So for now, I don't read the paper when I see yet another Snowden story. It pisses me off.

And yes.. I own Fireeye stock. I own Splunk stock. If NSA offered stock I'd buy it in a heartbeat. And I'd buy stock from others like them... UK, French, hell, even Chinese! If they sell stock, I'm in! When we finally do figure this out, I'm going to be ready :)

And for us? We're part of the solution.

This week we had some real successes in both Red Sky and Wapack Labs.

In the lab, we've got 'Threat Recon(tm)' in load testing. We've set up an API that'll really get your attention. If you like Virus Total, you're going to LOVE Threat Recon. As of today (Friday) two Red Sky members are set up and running first tests. We'll be adding more to the testing next week. I'll be announcing its public offering very soon, so hang in there. Only a couple of more weeks. Keep an eye out for it..

Our first university is joining Red Sky, as well as our first Icelandic bank. We've been holding steady on Red Sky membership, our community isn't big, but it's really smart. And our first IR team from a university is VERY exciting, and after spending time in Iceland, I can't tell you have happy it makes me that we're bringing in our first Icelandic member! I've got a reason to go back... but next time I'm taking my fly rod!

Adding to that, we've built a bunch of new tools, added some incredible new sourcing.. we've spent a bunch of time doing R&D this year and it's paying off! I've got the best job in the world. I haven't had this much fun in years!

So until next time,
Have a great week!
Jeff