Cyber Posers – Still fighting cyber adversaries from a defensive mindset

Having been on the front lines with Al-Qaeda since 2004, Treadstone 71 has seen many come and go claiming to be the saviors of information technology, the protectors of the realm, the kings of everyone’s castle in the fight against cyber criminals, jihadists, Daesh, SEA, Ajax, Anonymous, and other adversaries. Lately they act like they are the only ones fighting the battles. From FireEye to Crowdstrike, we hear their claims of ‘hand to hand cyber combat’ and battling cyber terrorists and cyber criminals in a lone battle worthy only of their highly skilled and well honed cyber spec ops.  In fact, this more looks like a sibling spat between former McAfee leadership then anything resembling hand to hand cyber combat. “I know you are what am I?”posers

The problem is and always has been this: Their backgrounds are rooted in IT, embedded in defensive methods, their being driven by profits forced by venture capitalists.  They really do not have your best interests as their main, core value. They are driven by profits and the need to sell. Sell at any and all costs. Sell technologies that marginally improve your security posture while touting them as the ‘cats meow’ of the cyber security world.  They throw around terms like ‘cyber intelligence’ and ‘cyber espionage’ as if they really understood the the community, history and tradecraft. They create failed strategies like the ‘cyber kill chain’ rooted in a defensive methodology based upon adversaries already being ‘inside the wire.’ They have been caught on more than one occasion with their hands in the proverbial adversaries cookie jar by the feds from phishing emails and phony banking sites.  Ultimately, they do this at your expense. As a former CISO (ask your vendor how many in their C-suite have 10 years or more as a CISO – ask your vendor how many in their C-suite have 10 years or more in the IC) and former IC’er I can tell you they do more harm than good.

They have polluted the market with false expectations while lining their pockets to satisfy VC owners and stockholders.  What is good for their company is not always good for yours.  They push layers of technology rooted in cyber janitorism claiming they are the new offensive cyber kings of the net.  Ultimately, they are opportunists who buy, sell, join another company, coin new buzzwords, gain funding, acquire, sell, join another company, coin new buzzwords … You get the picture. What they bring to the table is money in the pockets of VCs and investors. First and foremost.

Our view is that you can do all the same things they offer with a lot less investment and a much longer running and higher return on your money. That investment should not be in their technology but in your staff.  It should not be to line the pockets of VCs but to build and mature your cyber intelligence programs.

Take a very hard look at these companies who claim to battle on the front lines. Your budget dollars are hard to come by and trusting them with posers and false prophets will not lead to an improved security posture. It will lead to a short-term tactical gain that ultimately is surpassed by cyber adversaries. Once their technologies, tactics, protocols and methods are learned, cyber adversaries will deny and deceive, counter-deny and counter-deceive.  These actions are already occurring.notbshit

Beware the posers.  (Yes, we at Treadstone 71 ‘Call Bullshit’) Think hard about where you spend and how you spend. Do not be taken in by the latest buzzwords. The RSA Conference is coming and you will be inundated with a plethora of new and amazing technologies driven by inappropriately used terms sold by people who have no clue what the terms mean.  When you scratch the surface, peal back the onion, you will find that same old stuff rooted in defensive methods.You will find their leadership rooted in IT and profit driven motives. Their motive is not to improve your security posture. Theirs is to sell more products and services.

Treadstone 71