On a recent Wednesday morning, 100 intelligence analysts crammed into a nondescript conference room in Virginia and dialed into a group call with 100 counterparts in Taiwan, Argentina, Brazil, Cyprus, India, the Netherlands, Romania, Spain and Ukraine. As they worked their way around the room, the analysts briefed one another on the latest developments in the “dark Web.”
A security firm in Pakistan was doing a little moonlighting, selling its espionage tools for as little as US$500. Several US utility companies were under attack. A group of criminals were up to old tricks, infecting victims with a new form of “ransomware,” which encrypts PCs until victims pay a ransom.
The analysts, employees of iSight Partners, a company that provides intelligence about threats to computer security in much the same way military scouts provide intelligence about enemy troops, were careful not to name names or clients, in case someone, somewhere, was listening on the open line.
Within 30 minutes, they were all back at their keyboards, monitoring underground chatter and markets, analyzing computer code meant to cause harm, watching the networks of potential attackers and poring over social media channels for signs of imminent attacks.
For the last eight years, iSight has been quietly assembling what might be the largest private team of experts in a nascent business called threat intelligence.
Of the company’s 311 employees, 243 are so-called cyberintelligence professionals, a statistic that executives there say would rank iSight, if it were a government-run cyberintelligence agency, among the 10 largest in the world, although that statistic is impossible to verify, given the secretive nature of these operations.
ISight analysts spend their days digging around the dark Web, piecing together hackers’ intentions, targets and techniques to provide their clients with information like warnings of imminent attacks and the latest tools and techniques being used to break into computer networks.
The company’s focus is what iSight chief executive John Watters calls “left of boom,” which is military jargon for the moment before an explosive device detonates.
Watters, a tall 51-year-old Texan whose standard uniform consists of Hawaiian shirts and custom cowboy boots, frequently invokes war analogies when talking about online threats.
“When we went into Iraq, the biggest loss of life wasn’t from snipers. It was from concealed explosive devices,” he said. “We didn’t get ahead of the threat until we started asking ourselves: ‘Who’s making the bombs? How are they getting their materials? How are they detonating them? And how do we get into that cycle before the bombs are ever placed there?’”
“Our business is tracking the arms merchants and bomb makers so we can be left of boom and avoid the impact altogether,” Watters added.
ISight’s investors, who have put US$60 million into the company so far, believe that its services fill a critical gap in the battle to get ahead of threats.
Most security companies, like FireEye, Symantec, Palo Alto Networks and Intel’s security unit, focus on blocking or detecting intrusions as they occur or responding to attacks after the fact.
ISight goes straight to the enemy. Its analysts — many of them fluent in Russian, Mandarin, Portuguese or 21 other languages — infiltrate the underground, where they watch criminals putting their schemes together and selling their tools.
The analysts’ reports help clients — including 280 government agencies, as well as banks and credit card, healthcare, retail and oil and gas companies — prioritize the most imminent and possibly destructive threats.
Security experts say the need for such intelligence has never been greater.
In the past three years, businesses have been investing in “big data” analytic tools that sound alarms anytime someone does something unusual, like gain access to a server in China, set up a private connection or siphon unusually large amounts of data from a corporate network.
The result is near constant and confusing noise.
“Except for the most mature organizations, most businesses are drowning in alerts,” said Jason Clark, chief security officer at Optiv, a security firm.
The average organization receives 16,937 alerts a week. Only 19 percent of them are deemed “reliable,” and only 4 percent are investigated, according to a study released in January by the Ponemon Institute, which tracks data breaches.
By the time criminals make enough noise to merit a full investigation, it can take financial services companies more than three months on average to discover them, and retailers more than six months.
“Just generating more alerts is wasting billions of dollars of venture capital,” said David Cowan, an iSight investor and a partner at Bessemer Venture Partners.
The last thing an executive in charge of network security needs is more alerts, he said.
“They don’t have time. They need human, actionable threat intelligence,” Cowan said.
Cowan and others point to what happened to Target in 2013, when the retailer ignored an alert that ultimately could have stopped criminals from stealing 40 million customers’ payment details from its network.
A year earlier, iSight warned its clients that criminals were compiling and selling malware that was specifically designed to scrape payment data off cash registers.
Had Target received that warning, the blip on its network might not have gone unnoticed.
“Target faced the same problem every retailer does every day,” Watters said. “They are awash in a sea of critical alerts every day. Without threat intelligence, they had roulette odds of picking the right one.”
Gartner, the market research firm, estimates that the market for threat intelligence like iSight’s could grow to US$1 billion in two years from US$255 million in 2013.
It predicts that by 2018, 60 percent of businesses will incorporate threat intelligence into their defensive security strategy.
ISight, which plans to file for an initial public offering next year, hopes to capitalize, as do the dozens of other cyberthreat intelligence outfits now flooding the market, each with a slightly different approach.
That proliferation of start-ups has led to a new complaint from computer security chiefs: overlapping information — sometimes by as much as 40 percent — in the reports they receive, none of which are cheap.
ISight charges customers based on size, and while it does not disclose pricing, some customers said they pay US$500,000 or more annually for the company’s services, as much as five times what low-end services charge.
ISight makes 90 percent of its revenue from subscriptions to its six intelligence streams, each focused on a particular threat, including cyberespionage and cybercrime.
The company’s most recent competition comes from its oldest clients, particularly banks, which have been hiring former intelligence analysts to start internal operations.
One former client, which declined to be named because of concerns that doing so could violate a nondisclosure agreement, said it had been able to build its own intelligence program at half the cost of its canceled iSight subscriptions.
However, most businesses do not have the same resources as a Bank of America, whose chief executive recently said there was no cap on the bank’s cybersecurity budget.
Many of those businesses remain paralyzed by the drumbeat of alarms that expensive security technologies are sounding on their networks.
At iSight’s threat center, the company’s approach is perhaps best summed up by a logo emblazoned on a T-shirt worn by one of its top analysts: “Someone should do something.”
Recently, China launched another diplomatic offensive against Taiwan, improperly linking its “one China principle” with UN General Assembly Resolution 2758 to constrain Taiwan’s diplomatic space. After Taiwan’s presidential election on Jan. 13, China persuaded Nauru to sever diplomatic ties with Taiwan. Nauru cited Resolution 2758 in its declaration of the diplomatic break. Subsequently, during the WHO Executive Board meeting that month, Beijing rallied countries including Venezuela, Zimbabwe, Belarus, Egypt, Nicaragua, Sri Lanka, Laos, Russia, Syria and Pakistan to reiterate the “one China principle” in their statements, and assert that “Resolution 2758 has settled the status of Taiwan” to hinder Taiwan’s
The past few months have seen tremendous strides in India’s journey to develop a vibrant semiconductor and electronics ecosystem. The nation’s established prowess in information technology (IT) has earned it much-needed revenue and prestige across the globe. Now, through the convergence of engineering talent, supportive government policies, an expanding market and technologically adaptive entrepreneurship, India is striving to become part of global electronics and semiconductor supply chains. Indian Prime Minister Narendra Modi’s Vision of “Make in India” and “Design in India” has been the guiding force behind the government’s incentive schemes that span skilling, design, fabrication, assembly, testing and packaging, and
Singaporean Prime Minister Lee Hsien Loong’s (李顯龍) decision to step down after 19 years and hand power to his deputy, Lawrence Wong (黃循財), on May 15 was expected — though, perhaps, not so soon. Most political analysts had been eyeing an end-of-year handover, to ensure more time for Wong to study and shadow the role, ahead of general elections that must be called by November next year. Wong — who is currently both deputy prime minister and minister of finance — would need a combination of fresh ideas, wisdom and experience as he writes the nation’s next chapter. The world that
As former president Ma Ying-jeou (馬英九) wrapped up his visit to the People’s Republic of China, he received his share of attention. Certainly, the trip must be seen within the full context of Ma’s life, that is, his eight-year presidency, the Sunflower movement and his failed Economic Cooperation Framework Agreement, as well as his eight years as Taipei mayor with its posturing, accusations of money laundering, and ups and downs. Through all that, basic questions stand out: “What drives Ma? What is his end game?” Having observed and commented on Ma for decades, it is all ironically reminiscent of former US president Harry