When I waded into the cyber-security world last year, the first thing that struck me was, my god, so many companies. We’re talking about hundreds and hundreds of vendors—and every one of them is quick to assure you they’re indispensable for preventing a looming cyber disaster.
An average business customer, however, lacks the time and money to sort the saviors from the snake oil. That’s why, in cyber, there’s a strong case for faith in big companies: They have the resources to protect your business and, if a new security bell or whistle emerges, they will know about it. Meanwhile, customers won’t waste their time with flash-in-the-pan products.
One believer in big is Amit Yoran, the new CEO of Tenable, which sells software that looks into all nooks of a network to spot potential threats. Yoran, a veteran of Dell, told me there are around 1,500 cyber-security companies, but that 97% of them are minnows with less than $20 million in revenue—and many lack a compelling business case.
“There’s a lot of features masquerading as products and products masquerading as companies,” he said, echoing a refrain you’ve heard if you’ve spent any time in Silicon Valley. He’s got a point and, if he’s right, a lot of these “companies” will be out of cash and blow away by the end of the year.
But there’s another side to the story, which is that minnows produce a lot of innovation. In my years covering tech, I’ve learned some big companies are only really good at one thing: being big. Pre-occupied with public relations and customer lock-in, they can overlook good ideas all around them.
This big versus little debate occurs in any industry, of course, but in cyber it matters more since security is at stake. Thoughts? Robert and I will be at RSA in San Francisco this month, and we’ll be glad to hear them—from Big Cyber and small startups alike.
Jeff John Roberts
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You can reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Google beats back a botnet: Speaking of size, a Google executive shared some fun details about how the company’s Jigsaw service rescued Brian Krebs from a crippling DDoS attack. As the veterans of the tech giant discovered, “Defending a small site is really hard.” (Ars Technica)
The Secret Service has hackers? The agency does a lot more than protect the president. It also has some of the best cyber-chops in the country—as its phone-cracking facility in Tulsa, OK. attests. “The path of hacking is much nicer – from a policy perspective.” (Passcode)
If you break it, they will leak it. Cellebrite gained fame by supplying an exploit that the FBI used to crack an iPhone in the San Bernardino terrorism case. It also led people to warn that, whenever a company builds these sort of hacking tools, they will leak out on the Internet. Those people were right. (Motherboard)
So much for loyalty… A study says an insider economy is booming on the Dark Web where members-only clubs encourage employees to sell secrets about their companies for fun and profits. And it’s not just stock tips for sale. Even lowly cashiers are getting in on the action by selling customer credit cards. (Fortune)
Oh, and tax time is coming — and a new breed of W-2 scammers are on it.
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Fortune’s Robert Hackett breaks down some good news in the form of the $3 million in bug bounties Google paid out last year. If someone can identify that mysterious $100K winner, send us a tip…
Since its founding in 2010, Google’s “vulnerability reward program”—commonly referred to as a bug bounty program—has paid out a total of $9 million to security researchers. The rewards program encompasses the company’s websites—Google, YouTube, Blogger—and more recently, the Chrome web browser, the Android mobile operating system, the OnHub wireless router, and Nest connected home devices. Read more on Fortune.com.
Tech Industry Wants Trump to Calm EU Data Fears by Jeff John Roberts
A Guide to Back-Up Hard Drives by Time’s Alex Fitzpatrick
FireEye Shares Tumble 20% on Disappointing Growth by Fortune/Reuters
Hackers Hijack Hotel’s Smart Locks, Demand Ransom by David Z. Morris
Judge Lifts Secret Gag Order for WhatsApp Data by Jeff John Roberts
ONE MORE THING
MLB’s (hacking) Hall of Fame. $2 million and two draft picks. That’s what the St. Louis Cardinals will have to give the Houston Astros after a rogue employee raided his former team’s computers for precious scouting information. It’s the final chapter of a sports hacking scandal that also saw the employee go to prison. (Sports Illustrated)