Buyer Beware
And be smarter, too.
My big takeaway from the CrowdStrike Catastrophe: People buy cybersecurity software without understanding how it works (!?!)
There are an infinite number of ways to find anomalous behavior in endpoints. If a bug in your software update can cause serious world-wide business disruption, get you sued by both customers and investors, all while leaving your customers super extra vulnerable for days…the problem is not the bug. The problem is your software. Specifically, that way it’s built.
When building the Nemesis platform, I pursued an R&D path that didn’t require root access to eliminate the possibility of a CrowdStrike-like catastrophe. And because I’m a big believer in personal privacy, our software does not read nor access sensitive files. I’m also stickler for statistical significance, and as a result our software is off-the-chart accurate. Because I think PII should be ultra secure, I chose the same privacy-preserving cryptological protocols used in financial transactions to secure Nemesis’ data exchange. And to protect data in transit, Nemesis uses the same obfuscated coms methods that special forces use for assured coms in contested environments.
All of these design and security features are overkill. Why? Because I built my values into our tech. All founders inevitably do.
High integrity and extreme security are qualities purchasers rightly assume. Because who would build, fund and market a risky or marginally effective cybersecurity solution?
Pretty much everyone, it turns out.
领英推荐
Big Cybersecurity is counting on your laziness. And they’ll keep making false promises and semi-effective/blatantly risky solutions as long as you keep buying them.
The way out of this unvirtuous cycle is threefold:
1.?????? Purchasers need to understand what they’re buying
2.?????? Cybersecurity companies need to quit lying
3.?????? Market incentives need to align for high-integrity products (which take longer to develop) to receive adequate R&D and working capital.
I don’t see any forcing functions currently in play to make these three points reality. And since I’ve got my hands full with other evil plans to save the world, maybe you, dear readers, could take up this cause?
CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. NAMED AN EXPERT IN INTERNET ASSET & DNS VULNERABILITIES AND THREAT INTELLIGENCE
6 个月Beautifully stated.
Crafting brands humans love ?? | Driving demand with data-driven creativity ?? | 25+ years of ROI magic | Empowering teams & solving #CX puzzles—pain or pleasure, #B2H (Business2Human) always wins
6 个月And thus the problem with throwing $$ at technology and calling it a complete cybersecurity program…
Building AI Factories, Open Source & Cloud Native
6 个月Thanks for leading from the front on privacy and transparency Gentry! ?? This will be the model for both the Small & 'Big Cybersecurity' industry going forward.
GenAI & Cyber Strategist | Board Member | Tech Author & Public Speaker | Digital Transformation
7 个月Great perspective! And, the overturning of chevron doctrine is a fact today…
Cybersecurity & Resilience for Strategic Leaders & Tactical Operators | Growth & Innovation Advisory | Critical Infrastructure Specialist | ???????????????????????????? | EMEA ?? US ?? NATO ?? ?? ??? ??? | Let’s connect!
7 个月Thank you for the post. I agree that there is extreme amount of BS related to product specs.