As security professionals, we have a bit of a reputation for melodrama. A breach happens, we make a lot of fuss for a few weeks, and then we quickly move on to the next topic dominating our news cycles. Even when a breach seems pretty dire to a particular company and its customers, it's usually not the 'end of days' that we often predict it will be.
If you’re familiar with Stealth Security, you’ll know that one of the first issues we tackled for customers was detecting and mitigating automated or ‘bot’ attacks against web applications. As an ex-CISO who struggled with these attacks, I wanted us to build tools that would focus on that initial problem. Since then, Stealth Security has expanded our product roadmap significantly and increased our scope to help customers extend protection to their whole environment, including mobile applications and APIs.
Hi, Michael Barrett here, CEO and co-founder of Stealth Security.
As a security guy, I tend to think of the world through a relatively simple lens, and use mental models that have worked for our industry before. I have long suspected that we have been ignoring — or at least oversimplifying — the problem of web API security. And then, last week, there was a case-study making announcement about the discovery of the so-called Hell application, that was allegedly used by Uber to identify Lyft driver locations as well as which drivers used both services. I am not going to comment on the allegations themselves except to note that many CISOs run into situations occasionally that make them ask (usually just to themselves) “what were they thinking?”…
Hello, Michael Barrett here, co-founder and CEO of Stealth Security.
Recently, news has started to come out about the fact that an attacker known as the Turkish Crime Family has penetrated the accounts of many of Apple’s iCloud customers. The total number is still unknown but is claimed to be hundreds of million. At this point, rather than trying to monetize the breached accounts directly, the attacker is simply holding Apple ransom and is demanding bitcoin in return for not harming those customers. This use of an indirect ransom for monetization is a logical next step for attackers. Some commentators have claimed that the number of breached accounts is considerably smaller than the attackers claim. This could of course be correct, but in a real sense it’s irrelevant – this is about what the attacker might be capable of doing.
One of the pleasures of growing a small company is that every hire makes an impact, and if you can hire a really great person into the role, that impact can be huge. This is of course a truism. All teams consist of the best people for the job, all working harmoniously and effectively. When the right people are in them, they are an astonishing force for change.
We had the pleasure of having a strong team of co-founders. Between us, we have a diverse range of skills and experiences. But, as a company grows, another of the things that happens is that you start to zoom in on specific disciplines and look to exemplary performance in them. That’s been happening with us recently, with business development. It’s become clear in the last few months that it’s a topic where we really needed to accelerate our work. We expect it to be a vital component in our long-range success, and therefore an area where we needed more focus than could realistically happen between the co-founders. So, it was evidently time to add another strong leader to our team, someone who could focus solely on business development, and someone who had overwhelmingly strong success in that.