海角大神

Modern field guide to security and privacy

Silicon Valley firm's stumble signals chill in cybersecurity market

Norse Corp. generated buzz with provocative threat reports but now appears to be on its last leg. Its downfall could signal that investors are cooling on the once-frothy cybersecurity market.

|
Courtesy of RSA Conference
The Norse Corp. logo appeared on lanyards for the badges at this year's RSA Conference.

For a firm that has all but closed shop, Norse Corp. had a strikingly high-profile presence at last week's RSA Conference, the cybersecurity industry's premier annual gathering in San Francisco.

Last month, influential cybersecurity blogger Brian Krebs broke news that Norse had run out of money, fired most of its employees, and听was dangerously close to collapsing. It was a stunning turn of events for the Silicon Valley startup听that had raised some $25 million in venture capital and generated headlines听with听its flashy and provocative reports on international cyberthreats and digital crime syndicates.

For this year's RSA Conference, Norse paid some $90,000 to put its logo on this year's RSA badge that hung on the necks of more than 40,000 attendees.听But instead of dazzling conference-goers with its latest products and technology, Norse was a conspicuous reminder that the听exuberance that investors have shown for both early-stage cybersecurity firms and public companies is quickly cooling.

"It's not enough to have the word cyber in your name," said Eric Davis, a partner at the investment firm America鈥檚 Growth Capital.

Indeed,听Wall Street is approaching听digital security firms much more cautiously. Stock prices of publicly traded firms have fallen precipitously in the past six months. FireEye, a bellwether of sorts among a new breed of security companies, is down almost 60 percent from this time last year. The firm Rapid7, which generated plenty of investor excitement when it went public last July, is down 43 percent from the closing price from its opening day of trading.

An issue facing many security firms is redundancy in the听marketplace, said听Wendy Nather, research director at the Retail Cyber Intelligence Sharing Center and a former industry analyst.听When it comes down to it, she said, company chief information security officers, or CISOs, are drowning in too many security products.

"CISOs are tired of endlessly layering products one on top of the other, and are taking a hard look at their portfolios to see what they can reduce," said Ms. Nather.听

What's more, she said, corporate buyers are no longer impressed with slick marketing campaigns and reports from cybersecurity threat intelligence companies that make corporate data security seem like a military exercise.听

Norse strongly denied the allegations made by Mr. Krebs.听In听, the company said his report "includes factual errors, and 'guilt by association' inferences that collectively offer an inaccurate perception of the company鈥檚 strengths, abilities, and standing in the information security industry."

In an interview, Norse's interim CEO听Howard Bain said听that Norse's creditor, WTI, foreclosed on it last week after the company's board concluded that the firm was "no longer viable."

"Norse Corp right now is a bag of liabilities," Mr. Bain said. "WTI is actively looking for a buyer for [Norse's] assets."听

He said that Norse continues to service its customers and will continue to do so until a buyer is found for Norse's technology and other assets, which Bain said he expected in the near future.As for the company's sudden demise and its presence at the RSA Conference, Bain said he appreciated the gallows humor that accompanied the company's sponsorship."I actually kind of enjoyed that," he said.听The badge sponsorship was paid for long ago, said Bain, and Norse received a large number of conference badges with it that were distributed to its employees. "What better place to look for a job," he said.听Norse was emblematic of that breed of security startup. It made a name for itself with expensive marketing and a Hollywood style cyberattack visualization (derisively dubbed the "pew pew map" by security industry pros) which purported to show real-time digital attacks being carried out around the world with听video game slickness.

Like many firms in the emerging threat intelligence sector of the cybersecurity industry, Norse collected data from a global network of honey pots, or computers that posed as legitimate targets for malicious hackers.

"You could see at RSA that there are a ton of companies in threat intel space, but they're incomprehensible in terms of their market message," said Bain. "They're all over the map, and there's no clear idea of what threat intelligence is or how it's deployed."

Norse鈥檚 honey pots posed as all manner of systems, from Web applications to e-mail and file servers to ATMs.听,听the company wasn鈥檛 unique in the kind of data it collected so much as for where it collected it from: less traveled corners of the Internet, including countries in the Middle East and Asia.

In a 2015 interview with this reporter, the company claimed to have a network of 8 million honey pots in 50 countries giving it "the most powerful threat intelligence feed in the world."

But while Norse听听for its reports on Iran's cyber capabilities, it also drew much criticism within the cybersecurity community (including this piece in Passcode) for emphasizing marketing over solid research.听听For instance, after 2014 Sony Pictures hack,听听with a听report suggesting that a disgruntled former employee may have been the source of the compromise. Norse briefed the FBI and law enforcement on its findings, but never provided strong evidence to support its conclusions.听

听As with its fast rise since it was founded in听2010, Norse's downfall has been equally as attention grabbing 鈥 and talked about 鈥 within the cybersecurity community. On the conference floor of the RSA Convention, the听company鈥檚 booth was practically deserted, but for a large video monitor running a loop of the company's cyberattack visualization map.

Norse did not respond to a request to comment for this story. A spokesperson for a public relations firm that has worked with the company said that she had not been in contact with Norse recently and could not comment on the company's current status or its plans for the future.听

In the meantime, RSA听Attendees (including this reporter) tweeted photos of Norse鈥檚 logo on the badge. Others made pilgrimages to Norse鈥檚 booth on the RSA Conference floor and snapped selfies in front of the Norse banner.

鈥淚 visited the Zombie听听booth at听听today," tweeted Electronic Frontier Foundation attorney Nick Cardozo. "Good to see they still had their pew-pew map going strong!"

Tech analysts say that听Norse's stumble indicates that investors are increasingly attracted to companies dealing with more concrete issues听鈥 such as vulnerable systems 鈥 than abstract pursuits like threat intelligence.听

In short, said Mr. Davis of听Americas Growth Capital, the industry is going听"back to basics."

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines 鈥 with humanity. Listening to sources 鈥 with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That鈥檚 Monitor reporting 鈥 news that changes how you see the world.
QR Code to Silicon Valley firm's stumble signals chill in cybersecurity market
Read this article in
/World/Passcode/2016/0311/Silicon-Valley-firm-s-stumble-signals-chill-in-cybersecurity-market
QR Code to Subscription page
Start your subscription today
/subscribe