º£½Ç´óÉñ

Silicon Valley firm's stumble signals chill in cybersecurity market

Norse Corp. generated buzz with provocative threat reports but now appears to be on its last leg. Its downfall could signal that investors are cooling on the once-frothy cybersecurity market.

For a firm that has all but closed shop, Norse Corp. had a strikingly high-profile presence at last week's RSA Conference, the cybersecurity industry's premier annual gathering in San Francisco.

Last month, influential cybersecurity blogger Brian Krebs broke news that Norse had run out of money, fired most of its employees, andÌýwas dangerously close to collapsing. It was a stunning turn of events for the Silicon Valley startupÌýthat had raised some $25 million in venture capital and generated headlinesÌýwithÌýits flashy and provocative reports on international cyberthreats and digital crime syndicates.

For this year's RSA Conference, Norse paid some $90,000 to put its logo on this year's RSA badge that hung on the necks of more than 40,000 attendees.ÌýBut instead of dazzling conference-goers with its latest products and technology, Norse was a conspicuous reminder that theÌýexuberance that investors have shown for both early-stage cybersecurity firms and public companies is quickly cooling.

"It's not enough to have the word cyber in your name," said Eric Davis, a partner at the investment firm America’s Growth Capital.

Indeed,ÌýWall Street is approachingÌýdigital security firms much more cautiously. Stock prices of publicly traded firms have fallen precipitously in the past six months. FireEye, a bellwether of sorts among a new breed of security companies, is down almost 60 percent from this time last year. The firm Rapid7, which generated plenty of investor excitement when it went public last July, is down 43 percent from the closing price from its opening day of trading.

An issue facing many security firms is redundancy in theÌýmarketplace, saidÌýWendy Nather, research director at the Retail Cyber Intelligence Sharing Center and a former industry analyst.ÌýWhen it comes down to it, she said, company chief information security officers, or CISOs, are drowning in too many security products.

"CISOs are tired of endlessly layering products one on top of the other, and are taking a hard look at their portfolios to see what they can reduce," said Ms. Nather.Ìý

What's more, she said, corporate buyers are no longer impressed with slick marketing campaigns and reports from cybersecurity threat intelligence companies that make corporate data security seem like a military exercise.Ìý

Norse strongly denied the allegations made by Mr. Krebs.ÌýInÌý, the company said his report "includes factual errors, and 'guilt by association' inferences that collectively offer an inaccurate perception of the company’s strengths, abilities, and standing in the information security industry."

In an interview, Norse's interim CEOÌýHoward Bain saidÌýthat Norse's creditor, WTI, foreclosed on it last week after the company's board concluded that the firm was "no longer viable."

"Norse Corp right now is a bag of liabilities," Mr. Bain said. "WTI is actively looking for a buyer for [Norse's] assets."Ìý

He said that Norse continues to service its customers and will continue to do so until a buyer is found for Norse's technology and other assets, which Bain said he expected in the near future.As for the company's sudden demise and its presence at the RSA Conference, Bain said he appreciated the gallows humor that accompanied the company's sponsorship."I actually kind of enjoyed that," he said.ÌýThe badge sponsorship was paid for long ago, said Bain, and Norse received a large number of conference badges with it that were distributed to its employees. "What better place to look for a job," he said.ÌýNorse was emblematic of that breed of security startup. It made a name for itself with expensive marketing and a Hollywood style cyberattack visualization (derisively dubbed the "pew pew map" by security industry pros) which purported to show real-time digital attacks being carried out around the world withÌývideo game slickness.

Like many firms in the emerging threat intelligence sector of the cybersecurity industry, Norse collected data from a global network of honey pots, or computers that posed as legitimate targets for malicious hackers.

"You could see at RSA that there are a ton of companies in threat intel space, but they're incomprehensible in terms of their market message," said Bain. "They're all over the map, and there's no clear idea of what threat intelligence is or how it's deployed."

Norse’s honey pots posed as all manner of systems, from Web applications to e-mail and file servers to ATMs.Ìý,Ìýthe company wasn’t unique in the kind of data it collected so much as for where it collected it from: less traveled corners of the Internet, including countries in the Middle East and Asia.

In a 2015 interview with this reporter, the company claimed to have a network of 8 million honey pots in 50 countries giving it "the most powerful threat intelligence feed in the world."

But while NorseÌýÌýfor its reports on Iran's cyber capabilities, it also drew much criticism within the cybersecurity community (including this piece in Passcode) for emphasizing marketing over solid research.ÌýÌýFor instance, after 2014 Sony Pictures hack,ÌýÌýwith aÌýreport suggesting that a disgruntled former employee may have been the source of the compromise. Norse briefed the FBI and law enforcement on its findings, but never provided strong evidence to support its conclusions.Ìý

ÌýAs with its fast rise since it was founded inÌý2010, Norse's downfall has been equally as attention grabbing – and talked about – within the cybersecurity community. On the conference floor of the RSA Convention, theÌýcompany’s booth was practically deserted, but for a large video monitor running a loop of the company's cyberattack visualization map.

Norse did not respond to a request to comment for this story. A spokesperson for a public relations firm that has worked with the company said that she had not been in contact with Norse recently and could not comment on the company's current status or its plans for the future.Ìý

In the meantime, RSAÌýAttendees (including this reporter) tweeted photos of Norse’s logo on the badge. Others made pilgrimages to Norse’s booth on the RSA Conference floor and snapped selfies in front of the Norse banner.

“I visited the ZombieÌýÌýbooth atÌýÌýtoday," tweeted Electronic Frontier Foundation attorney Nick Cardozo. "Good to see they still had their pew-pew map going strong!"

Tech analysts say thatÌýNorse's stumble indicates that investors are increasingly attracted to companies dealing with more concrete issuesÌý– such as vulnerable systems – than abstract pursuits like threat intelligence.Ìý

In short, said Mr. Davis ofÌýAmericas Growth Capital, the industry is goingÌý"back to basics."

Ìý