Skip to Content

Threat Sheet—Saturday, September 5, 2015

Earlier this week I spoke with Orion Hindawi, co-founder and chief technology officer of Tanium, the world’s highest valued cybersecurity startup. His company was preparing to announce that it had raised a new round of funding—$120 million in venture capital—placing its latest valuation, according to a person familiar with the deal, at $3.5 billion. (A billion dollars more than Fortune‘s earlier report of a $2.5 billion appraisal.)

On the call, Hindawi made an observation that struck a chord with me. “Companies are spending more and more security,” he said. “But they’re getting hacked more and more—not less.”

Indeed, every day we hear of another company that has been ransacked, pillaged, plundered—and very often embarrassed. (Care to read the CEO’s emails, anyone?) And security upstarts are capitalizing handsomely on executives’ newfound fears—raising oodles of cash from investors and successfully hawking their wares across a panicked corporate America.

Fortune editor Alan Murray has compared today’s “cyber” bonanza to the “plastics” gold-rush in the late ’60s. But while cybersecurity sounds flashy and sexy—especially with that “cyber” prefix—it’s important not to forget that, within security, it is very often the least sexy things that keep you safest: Knowing what devices are on your network, applying software patches, checking endpoints for indicators or attack.

Tanium’s story is admittedly a bit refreshing in that regard, since is focuses mostly on those nuts and bolts aspects of security. Each time I meet with one of the firm’s executives, I hear about their disdain for “cyber” marketing hype and the latest fads. Who cares about attribution? they say. Forget about who hacked whom. What matters is understanding and protecting your IT environment. (Of course, the company’s stance could be viewed as an effective marketing strategy in and of itself.)

Does it really matter whether we can identify the building in China that housed the hackers responsible for trouncing a U.S. business or federal agency? Perhaps—especially now that the U.S. government may finally begin to exercise some muscle and place sanctions on overseas hackers (as reports suggest will be the case ahead of Chinese President Xin Jinping’s first state visit next month). But what’s most important, if you ask Hindawi, is knowing your own network. And many people fail even that test.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, or however you (securely) prefer. Feedback welcome.

THREATS

Tanium doubles in valuation. The cybersecurity firm valued at $1.8 billion less than a year ago is now worth $3.5 billion. The new appraisal arrives alongside a $120 million funding raise, the company’s third. (Fortune)

Fiat Chrysler announces another hacking-related recall. One month after recalling 1.4 million vehicles to address a security flaw that allowed researchers to take control of the automaker’s cars remotely, the company has announced that it will recall nearly 8,000 other hackable SUVs in the U.S. The latest vulnerability affects the cars’ radio software. (Reuters)

U.S. to sanction China ahead of Xi Jinping visit. The Obama administration is expected to impose a set of sanctions on Chinese companies and individuals as punishment for alleged economic espionage. The penalties are slated to arrive just before Chinese President Xi Jinping makes his first state visit to the White House. (Financial Times, Fortune)

Department of Justice releases new rules on electronic surveillance. Federal agents will now require warrants, in most cases, when using the cell tower spoofing equipment known as Stingrays. The tech can determine the location of a suspect’s device as well as intercept its communications. (Ars Technica)

Blackberry to acquire Good Technology. The struggling handset maker announced that it will acquire the mobile security firm for $425 million. Good’s CEO Christy Wyatt says the deal will help Blackberry secure the so-called Internet of things. (Fortune)

HP looks to sell its cybersecurity unit. The IT giant may sell its TippingPoint security business ahead of the company’s split later this year, according to reports. TippingPoint, which makes hardware for firewalls designed to protect corporate networks, is apparently not as central to HP’s strategy as its other security businesses, like ArcSight, which monitors networks for threats. (Firstpost)

ACCESS GRANTED

Fortune contributor Peter Suciu explains why Israel dominates in cybersecurity.

“A regional power devoted to ensuring its own survival, Israel has burgeoned into a high tech epicenter built around Internet security, anti-virus software, and other cyber defense technologies. Much of this is an extension of its self-reliance, and the added fact that since the creation of modern Israel, the nation has faced enemies on its borders.” Read more on Fortune.com.

TREATS

PILLOWFIGHT! 24 West Pointers concussed. (New York Times)

Never tweet. Drug lord El Chapo located? (Daily Mail)

The best Star Wars merch. Toy lightsabers, BB-8s, and Yodas. (Fortune)

Hit (and hit and hit) and run. Perverse incentives to kill pedestrians. (Slate)

Chimp vs. drone. “The use of the stick as a weapon in this context was a unique action.”  (Washington Post)

FORTUNE RECON

Here’s why Apple might need so much space for its Sept. 9 event by Jason Cipriani

Best beers for your labor day barbecue by Chris Morris

Why Microsoft isn’t developing Minecraft 2.0. by John Gaudiosi

ONE MORE THING

Be mesmerized by these wacky Soviet bus stops. These Siberian roadside attractions look like Burning Man art installations. (Messy Nessy Chic)

EXFIL

“Terms like ‘we located this phone using information from a confidential source’, which sounds a whole lot like they had an informant; it doesn’t sound like they were using a sophisticated electronic device forcing all phones in the area to report back.”

ACLU staff attorney Nate Wessler, describing the “inscrutable euphemisms” that law enforcement prosecutors use in courts to hide their use of surveillance technologies such as Stingrays, a type of tool that mimics cell towers in order to collect data from suspects’s devices. The Department of Justice recently changed its policies regarding Stingrays, and federal agents will now need a warrant to use them in most cases. (Guardian, Department of Justice)