[ISN] Firm uses 'ethical hackers' to protect corporate systems

From: mea culpa (jerichoat_private)
Date: Tue Dec 15 1998 - 16:57:19 PST

  • Next message: mea culpa: "[ISN] The Fallacy of Cracking Contests (fwd)"

    December 14, 1998
    Firm uses `ethical hackers' to protect corporate systems
    Erik Espe   Business Journal Staff Writer
    
    "I'm kind of a security Nazi," said Jeff Moss.  "I take things to an
    absolute." 
    
    Mr. Moss, an "ethical hacker," is one of the weapons used by San
    Jose-based Secure Computing Corp. to test and retest the security systems
    of client companies such as Sun Microsystems Inc., UAL Corp., Citigroup
    Inc. and the U.S. Air Force. 
    
    Mr. Moss works out of Seattle, leading a team of 10 experienced hackers
    who invade the systems of clients, sometimes even reading confidential
    e-mail and data on customers. 
    
    Mr. Moss' title at Secure is "director of security assessment." His
    mission is to do everything he can to break into the systems of client
    companies. 
    
    "The client usually had an incident and is scared," Mr. Moss said. "They
    want to get an independent review so they know they're not crazy." 
    
    In the Internet age, Mr. Moss said, it's wise to be paranoid of hackers.
    No system is hacker proof. The best any security team can deliver to a
    company is a way of making it so hard for hackers to penetrate a system
    that the targeted company will be able to detect it and have enough time
    to take action. 
    
    "It can't make a system invulnerable, but you have to be able to detect a
    hacker," Mr. Moss said. "You might not be able to defend against a full-on
    attack, but we can make it so it takes at least two days to break in,
    which gives you enough time to do something." 
    
    Secure does this by building firewalls for clients. Firewalls are
    basically programs that protect one network from outside users who could
    try to access a company's intranet via the Internet. 
    
    Mr. Moss left a similar job at Ernst & Young LLP this year to join Secure
    Computing, so he could work in a firm whose entire focus was Internet
    security. While firewalls are being produced by a number of companies,
    Secure touts itself as the first in the marketplace, having developed the
    world's first firewall in 1994 for the National Security Administration. 
    
    It's the acquisition of employees such as Mr.  Moss and a complete
    revamping of 3-year-old Secure Computing that has brought this early
    player in the Internet security market back from the brink of collapse,
    according to CFO Tim McGurran. 
    
    "It's taken us a few years to get the company where it needs to be," said
    Mr. McGurran, Secure Computing's CFO. "I'm the only survivor from the old
    management team. I've got the scars to show you." 
    
    Secure first went public in 1995, in one of the strongest initial public
    offerings in the history of the Nasdaq exchange. 
    
    "We were one of the first Internet companies to go public in 1995," said
    Mr. McGurran. "Our stock went up from $6 to $48 in its opening day." 
    
    But Secure's initial rise was short-lived. 
    
    Shortly after its IPO in 1995, the company acquired three other Internet
    security firms:  Border Network Technologies, Enigma Logic and Webster
    Network Strategies. 
    
    Although the takeovers gave Secure valuable software to deliver an entire
    suite of solutions to clients, the company at the time didn't have the
    management expertise to merge with so many other firms at once. 
    
    Overwhelmed, Secure saw its costs rise and revenue drop. Although Secure
    had posted profits before its IPO, it was unprofitable through 1997. 
    
    "Here we were in August of 1996, having just gone public, doing three
    acquisitions, and the company imploded," Mr. McGurran said. "The burden
    with having to integrate all these firms caused the company to collapse.
    Wall Street was concerned about the company." 
    
    Secure's stock dropped back to $6 in April 1997. 
    
    By then, the board of the company already had taken action to stop
    Secure's bleeding. In late 1996, the board let go of every top manager at
    the company except Mr. McGurran. 
    
    In November 1996, Novell Inc. executive vice president Jeffrey Waxman was
    brought on board as Secure's new CEO. The company spent all of 1997
    streamlining its product line and restructuring its operations. 
    
    Employees including Mr. Moss--who was well-known for organizing Def Con, a
    hacker conference held annually in Las Vegas--were recruited. 
    
    "We have put together the world's premier group of security experts," Mr.
    McGurran said. 
    
    To cap the "new and improved" Secure Computing, the company moved its
    headquarters to San Jose from St. Paul, Minn. early this year. 
    
    The hard work has paid off. In the fourth quarter of 1997, ended Dec. 31,
    Secure posted its first profitable quarter since its IPO and has remained
    profitable since. Secure's stock has also steadily risen, closing at
    $20.88 on Dec. 7. 
    
    "We've broken out," said Mr. McGurran. 
    
    With 315 employees, the company provides both software and consulting
    services to its clients.  Sidewinder, the company's main product, prevents
    unauthorized users from getting through firewalls. Its companion product,
    SafeWord, enables authorized personnel to get through firewalls. 
    
    But the service that has been getting Secure the most attention is its
    "ethical hacker" division. 
    
    "They've leveraged that pretty well," Mr. Moss said. "The competitors we
    see are usually your Ernst & Youngs, IBMs and Andersen Consultings. 
    Compared to those companies, we're really small.  But because of the
    nature of the computer industry, [a small number] of us can hold our own
    against IBM. 
    
    "When it comes down to it, how many people do they have breaking into
    machines all day long?" 
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:56 PDT