Wake Up! The time to care about IoT security is now!

This posting is following up on the recent release of our report titled, “The State of IoT Security” which can be found here: stateofiotsecurity.com.   The public response to this report has been humbling and exciting; we have definitely hit on an issue about which many of you care.  However, we have also received responses that did not surprise me, but have nonetheless made me think about the role of the security community in solving this problem.  

As a security expert, I understand the fatigue associated with discussions on the security of IoT devices; frankly, I have felt same way.  However, after observing our customers being hit relentlessly by botnets of IoT devices, our team decided to look into this matter ourselves.  This study changed the way I think about IoT Security, and I hope you will take a few more minutes to read why. I will start with my argument and three key points, then follow up with a few more details about our study.

My Argument

IoT security is not a security issue, it is simultaneously a public safety and a national security issue.  The security community must make solving these issues a priority.

  1. At a macro level, IoT security is one of the most critical challenges of our time.  The security, or lack thereof, of any individual device has no impact, just like a single drop of water.  However, the macro effect of an infinite number of water drops has shaped the face of the earth by creating mountains, valleys, and oceans.  Similarly, at scale, the security of the larger IoT ecosystem will have profound impacts on national and economic security for every country.  It is these types of complex, macro-level security problems which are the hardest. As a security community, we can not afford to give up.
     
  2. The operation and maintenance of the largest sensor grid in the world comes with extraordinary capabilities and responsibilities; we are not paying attention.  The sensor grid associated with the rapidly growing consumer IoT infrastructure can collect audio, video, motion, energy consumption, location data, and much, much more.  Whoever operates this grid has access to an extraordinary volume of high-quality data and control over each and every device.  We are concerned as a nation about China running our telecommunications infrastructure, but we are not concerned about Chinese companies running consumer IoT infrastructure?  I would argue that the consumer IoT infrastructure will be, if it is not already, more valuable than any other infrastructure.  We must realize the value that this infrastructure has from a strategic perspective and prioritize our actions accordingly.
     
  3. Nobody is accepting responsibility for IoT security.  We have proven that neither manufacturers nor retailers are accepting the responsibility to develop and sell safe, secure consumer IoT devices.  Nor is the government taking responsibility for oversight.  The security community as a whole has just given up. In the soft gooey center of this lack of accountability, consumers are deploying billions of new devices every year.  As a security community, it is our job to push responsibility and accountability for security, and we are failing.  As a starting point, I suggest that retailers must take ownership of IoT security before government mandates action.

About Our Study

Our tests were not sophisticated, esoteric hacking, instead they were simple, boring security tests that anyone even considering security would have performed.  We performed these tests through rigorous, exhaustive review of each individual device to collect real, hard data on the lack of security on these devices, the results of which we are excited to share in this report.  Our findings are the result of analyzing over 1.25 million communications to more than 3,000 external servers from 12 off-the-shelf IoT devices.

What we found, on one hand, was not surprising.  Many of these devices are not secure.  Much of the associated infrastructure is not secure.   Several of the Android applications are borderline dangerous.  Yes, it is scary to think that some stranger could watch your child sleep (easy to do with some of the devices we reviewed). We also found that someone could set off the alarm on your security system repeatedly to drive you crazy just by pasting a URL into their browser.   We also proved that we could write a simple, five-line computer script to get visibility into every time a lightbulb or an outlet was turned on or off, which could be accomplished by anyone that has access to any network that your mobile phone has connected to.  It is scary to think that someone could intercept traffic from one of your devices and get information such as your birthdate, e-mail address, telephone number, or even your passwords. As a part of our study, we found that all of these things are simple to accomplish on one device or another. 

These things are scary, but they are nothing compared to what we, as security experts, worry about on a macro level.  

What happens if we take a global perspective on these devices and we consider the impact of not just one or two insecure devices, but billions of them? While it may be an inconvenience if our thermostat stops working on a cold night, what if every thermostat in a large metropolitan city caused a massive power surge and took down the power grid? What if millions of smart lightbulbs and outlets caught fire at the same time? What if a foreign intelligence service could have millions of cameras and security systems capture audio and video on command?   Think this could not happen?  We found that the extent to which the manufacturers and infrastructure associated with these devices communicate with, or is related to, China is shocking and has significant national security implications.

Now, our report is not all doom and gloom.  We ultimately would like to ask a simple question…what if the general public could do something small and change the future? 

We are talking about consumers and retailers taking a stand to require that manufacturers and the platforms used by these devices have at least considered security and where the data of U.S. citizens is being stored in the development of their devices and the associated infrastructure. 

Surprisingly, by requiring a basic level of security, there is no need to hike costs to consumers. The insecure devices we reviewed were priced similar to the secure ones, but retailers appear unaware or unconcerned about differentiating these devices to consumers, despite the clear marketing advantage, and a critical need to demonstrate that they do indeed care about the privacy and security of their customers.  

We are excited to have finally released our report and share our findings with the community.  I hope you will take the time to read through it and let us know your thoughts!  You can access the report at http://www.thestateofiotsecurity.com and make sure to follow us on Twitter at @darkcubedcyber as we release more content associated with this report in the coming days and weeks.

The Start Of Something Great…

Warning:  This was not written by a marketing company!  We believe if we are truly going to be a force for good in the cyber market, we need to start being honest.  So, here are my unfiltered initial thoughts on our product launch and why we decided to build out a SaaS offering in the first place.

My team and I have spent the last four years dedicated to the mission of making cyber security more affordable and accessible to companies of all sizes. While this seems like a small thing, it has not been an easy road.  There are lots of reasons for this, but to name a few:

  1. Cyber security is a very crowded market
  2. There are massive marketing budgets being spent by cyber startups making it hard to stand out from the crowd
  3. It is hard to create a new approach when you see an entire industry moving in one direction and you want to do something different, something creative. 

We started with a business model that focused on installing easy-to-deploy on-site sensors for our customers and had some great early success.  However, we quickly ran into a few key challenges. 

  • First, as technologists know, every network is different and things seem to work differently in every one.  
  • Second, when something does break, it is difficult to get access to the hardware.  When you are trying to make things easy on customers, asking them to reboot machines or troubleshoot problems is not something you want to do. 

Over the past few years we have built some amazing customer relationships, signed some big customers, and lost customers for a myriad of reasons, some our fault, some not.  This is to be expected in the lifecycle of a startup. 

As we continued to grow in 2017, our team was increasingly bothered by the fact that impact we can make on the community at large was significantly limited by an appliance-centric business model.  We didn’t just set out to sell an awesome security product, we set out to change the world.  That seems hokey, but it is true.  We believe it is time for a different approach to cyber security that provides companies of all sizes access to enterprise-grade cyber capabilities without the overwhelming investment and requirement for the highly skilled personnel that most cyber security products require. 

As we started to look to our options, the clear choice was to roll out a new service-oriented technology stack that focused on our key priorities.  First, we needed to allow customers to instantly sign up and access Dark Cubed.  With all of the marketing and noise in our industry, the proof is in the pudding…the faster we can get our customers access to Dark Cubed the better.  Second, we needed to provide the ability for customers to send us data or drop in a simple, easy-to-install sensor to collect data for us.  There are plenty of approaches to accomplishing this goal but building a system that makes this process easy is, well, hard.  Finally, we needed to make cyber security information actionable.  This requires allowing customers to look into the details of their network traffic, benefit from enterprise-grade threat intelligence and predictive analytics, and then block threats quickly and easily.  This was our mission and as of today, we have reached our first major milestone.

So here we are, seven months after deciding that we needed to stretch ourselves and accomplish something that we haven’t seen any other cyber security company accomplish yet: a new approach to cyber security that works for companies of all sizes that is easy to use and actually provides value at an incredible price point.  Can we do everything? No, but we aren’t trying to.  We are trying to do what matters in a way that actually works for all of the organizations that have been abandoned by today’s cyber security market because they don’t have enough money, people, or time. 

What is it we are actually doing you ask? Well, we are providing an online service that will receive network data that you send (or we can send out a simple, easy-to-install hardware sensor), identify threats targeting you, and then allow you to block traffic with a click of the button or even automatically if you so choose.  Now, I hear you, none of the individual things we have accomplished are all that innovative, but allowing all of this to happen within minutes, without required large investments or a team of cyber experts?  That is innovation.

Today, we officially launched our new approach to Dark Cubed using a “software as a service” business model, therefore, subjecting ourselves to the forces of the market.  This launch is the result of countless hours of hard work, evenings, weekends, blood, sweat, and tears, but it is now here. We are excited to start showing it off to new customers.   The most exciting thing about this product launch is that we see it as the beginning of a much more strategic roadmap, with many creative innovations coming. 

As "launch day" draws to a close, I am humbled by the amazing outpouring of support and encouragement from friends, family, customers, and the community at large.  If you are reading this, thank you for your support and your time...and know that it is deeply appreciated by our team!

If you have any questions about Dark Cubed or our product, drop us a line at info@darkcubed.com.  We look forward to a conversation with you!

 

2018 Is The Year We Make Information Actionable!

If we assume that security isn’t a security problem but really a resource problem, then how can we start to address it from a defensive perspective.  The most important thing we can do is to develop actionable information that can be acted on in an automated fashion. There is some great thinking going into this concept within the IACD initiative at The Johns Hopkins University Applied Physics Laboratory (see here: https://www.iacdautomate.org/), but I think it is also important to talk about what we can change today—right now—to make a difference in cyber security.

Fixing the Imbalance

I often talk about the imbalance between what larger companies with larger budgets and more people can do versus the other 99% of companies—this disparity must be addressed immediately, and we can’t let perfect be the enemy of good. It is great in theory to say that we need to find a way to start forcing smaller companies to invest in cyber security, but that isn’t reality. Smaller banks, hospitals, doctor’s offices, investment firms, and electrical utilities just simply do not have the resources to approach cyber security in any form or fashion that is similar to their larger counterparts—and I would argue they never will. However, there is a shift in mindset that needs to occur around how those companies with the ability to invest can support those that can’t. While many of these companies are in fact competitors, having a business ecosystem that can maintain the trust and confidence of its consumers is a greater good. Further, pretending that the fortunes and futures of these companies are not linked in a number of ways (supply chains, vendors, partners, etc.) is like an ostrich sticking its head in the sand. 

Making Information Actionable

So, the key question is how can we make information actionable and make a difference today?

There are two parts to this question: (1) What “information” are we talking about? (2) What does it mean to make that information “actionable”? First, when it comes to information, and as I stated in a previous blog posting, the information we are discussing has to do with the infrastructures being used by the “bad guys.” The purpose of sharing this information should be focused primarily on requiring more resources for the bad guys to be successful. Today, an attacker can set up a fake DocuSign phishing attack, hit a thousand companies over the course of a couple weeks, and have success compromising 20 of those companies. Such a small amount of resources were required here with a big payoff. The information in this case would be the domain name and URL of the phishing attack and the IP address of the server that houses it. When a phishing attack like this occurs, it is almost always due to a compromised host that can then be used for other purposes by the attacker. 

So, how do we make this actionable? Actionable to me means that once anyone becomes aware of this phishing attempt, the infrastructure gets “burned” and anyone that comes into contact with that infrastructure is able to block communications to and from that infrastructure. Now, it is easy to say that much of this work has been accomplished with threat intelligence platforms, information sharing, and great sites such as PhishTank, VirusTotal, and a myriad of others—but here is where the rub occurs: 

Most smaller companies (99% of the companies by our calculations) have no ability to benefit from these capabilities because they don’t have a team of security analysts that can consume the information. They don’t have Splunk or ArcSight or AlienVault or (name your SIEM) installed. They have no ability to purchase or consume threat intelligence. They have very limited firewalls or other security infrastructures installed. They are surely not logging network traffic or netflow and archiving it in any searchable form. Spoiler alert: Many of the largest companies aren’t doing most of this very well either. 

Launching Something New

Dark Cubed is on a mission to change the world in cyber security by developing the capability to generate, share, and act on this information—all without assuming that our customers will have the time or ability to manually take action. We automate the sharing of real-time network information and make it fully anonymous to protect our customers. We have developed innovative algorithms and machine learning capabilities that identify threats in our customers’ networks in near real time, we integrate years of threat intelligence and lessons learned into our monitoring, and we allow for our customers to be automatically protected from threats that would previously have slipped in under the radar. 2018 is going to be a big year for Dark Cubed. We are getting ready to launch a new capability and it is going to be big. This new capability came out of discussions among our team about how we can better help companies of all sizes be successful in our mission of changing the future of cyber security.

Stay tuned for more information as we begin to announce what we have been working on!

A Notice to Dark Cubed Customers on the Equifax Data Breach

By now, you have likely heard about the cyber breach announced by Equifax today, September 7th, 2017.  You can read the full release from Equifax here: https://www.equifaxsecurity2017.com.

This blog posting summarizes our initial thoughts on this incident and what it means to you, our customers.  In summary, this breach resulted in a massive loss of personal information potentially for 143 million people in the United States.  It is more likely than not that your information was included.  You should consider if you are prepared personally for the effects of this breach and if your company is prepared for a breach to your sensitive data.  Our team at Dark Cubed is watching vigilantly for signs of such attacks amongst our customers and take our role in being your partner seriously.  For more information on this data breach, read on!

First, it is clear that this was a breach that provided an outside party with access to a significant data set held by Equifax.  In the public press release, Equifax states that this was an incident “potentially impacting approximately 143 million U.S. consumers.”  If that sounds like an incredibly large number, it is.  Considering that in 2016 the United States had a population of approximately 323 million people this estimation means that three out of every four adults in the US are potentially impacted by this breach.  

Second, the data breach contains sensitive information.  According to the release, the data to which the attackers gained access “includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.”  Probably less interesting to most readers, but something significant is this line in their notification, “Equifax also is in the process of contacting U.S. state and federal regulators and has sent written notifications to all U.S. state attorneys general, which includes Equifax contact information for regulator inquiries.”  This sounds like boring, legal jargon, but the United States is a country that does not have a national data breach law.  This means that 48 states – that is every state except for South Dakota and Alabama – each has their own law and requirements for a company when a data breach affects residents of that state.  Think about the scale and complexity of the effort faced by Equifax working with every individual state to follow the letter of the law in each and every location.  In addition, many of these states have provisions that allow residents to sue companies when such an event occurs.  Let me be clear, we are only seeing the tip of the iceberg on this incident and it is going to be a significant event for the future of cyber security in the United States.

Third, to date there has been very little data released about the details of the breach, this is to be expected.  According to the press release, the breach occurred in Mid-May and was discovered on July 29th.  Most readers will probably be surprised that notification of the general public occurred today, over 30 days later, but they shouldn’t be.  Following the discovery of the breach, an outside firm was likely brought in to perform forensics.  This process was not a short one and likely took a minimum of a week or two.  Once a breach is confirmed, many states require a notification within 30 days.  This indicates that this breach was likely confirmed internally on or around August 8th, 10 days after it was discovered.  The data accessed, according to the press release, was “certain files,” while CEO of Equifax states in his video message it was “data files.”  These files were accessed through a method broadly defined as “a U.S. website application vulnerability.”  In addition they are claiming that they “found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”  This final statement likely means one of two things.  Either (A) the attackers were able to exploit something such as a SQL Injection to pull data from servers and didn’t gain access to the systems themselves or (B) Equifax may not have been storing the data necessary to “find” evidence of such activities and therefore can make this claim.

Finally, it is important to note the actions being taken by Equifax following a breach.  They are following the textbook on what to do following a breach and it is clear they have learned the lessons from those companies that have gone down this road before them.  Their activities have included:

  • Engaging a firm to perform a forensics review
  • Establishing a website to provide monitoring services to their customers
  • Establishing a call center to support concerned customers
  • Sending written notifications to all affected
  • Working with law enforcement
  • Notifying U.S. state and federal regulators
  • Notifying all U.S. state attorneys general

It is clear that the scope and scale of the actions required by Equifax following this incident are staggering and the costs associated with this response are going to be enormous.  For perspective, the Home Depot breach in 2014 likely cost the company around $179M and that breach only affected 50 million credit card numbers and around 53 million e-mail addresses[1].

So the real question is what does this breach mean to you?

First, it is more likely than not that your personal information was included in this breach.  If attackers use this information, they could attempt identity theft or other scams.  You should make sure that you are monitoring your credit files at the credit bureaus and monitor your credit cards and bank accounts for suspicious activities.  Fortunately, Equifax will provide this for free for a year to all affected. (it is the least they can do)

Second, it is very highly likely that other scammers will exploit this event to try to capture your information.  Never give your personal information to anyone over the phone or to a website that you have not verified as being legitimate.  If you are told to visit a website in response to a breach (such as Equifax’s own website for this incident: www.equifaxsecurity2017.com) never click on a link in an e-mail to that website.  It is better to cut and paste the domain name or manually type the domain name in the browser.  We have already seen indications that spammers have shown interest in this event.  For example, the domain name released by Equifax was registered on the 22nd of August, however many variants of that domain name were registered today by a different service, likely on behalf of Equifax.  This delay is likely the result of some form of an oversight by the company in not considering the fact that a good attacker could use the domain name “equifaxsecuvity2017.com” to trick unwitting customers; notice the “v” instead of the “r” in security.  Our assumption was that Equifax’s mass registration of these variants was in response to an individual registering the name “equifoxsecurity2017.com.”  Interestingly enough, visiting that url brings up a website that tells the user “You're probably looking for https://www.equifaxsecurity2017.com/” and then asks the question “Why was I able to register this after the Equifax breach announcement??”

equifox.png

Finally, you should certainly be considering if your own infrastructure is exposed to an attack and if you have adequate protections in place.  Of course, being a Dark Cubed customer is a great start!  You should also consider if you are prepared to respond in the event a data breach occurs within your company or organization.  A good way to evaluate your preparedness is to get into a room with your leadership team and to walk through what would happen if you discovered a data breach.  Here are some key questions to consider:

  1.     Who would be responsible for managing the incident?
  2.     Who would support the forensics and analysis?
  3.     What data are you collecting that could help determine the breadth of the attack?
  4.     Is your law firm prepared to support you?
  5.     Do you know who to contact in law enforcement?

If you have any questions related to this incident, don’t hesitate to reach out to our team at info@darkcubed.com and we will help you out.  Thanks for being a great customer; we are honored to have the opportunity to continue to serve you!

Swimming Upstream at Black Hat

Recently I was one of the many tens of thousands of attendees converging on Las Vegas at Black Hat, the massive annual cyber security conference.  One morning of the event I found myself walking down a long venue hallway while thousands, and this is no exaggeration, I mean thousands of attendees were walking the opposite direction.  

The whole corridor was filled with people heading to the expo floor to see the new cyber security technologies on display and learn how AI, machine learning, magical mystery boxes, and other toys would help them finally secure their network.

How Do You Sniff Out Cyber Threats?

I read recently that the nose isn’t very good at maintaining awareness of the smells around us constantly, however it excels at detecting changes in smells.  Kind of strange to think about, but it explains how someone can live in a house with a deadly natural gas leak for hours or days and not realize it.  This may be a strange thought to start out a blog on cyber security, but thinking about how we relate to the world around us can help to develop new ways to improve the speed, scale, cost, and accessible of security. So how do you sniff out cyber threats?

The Cyber Security Context Challenge

In my last blog posting, I spoke about the importance of thinking about cyber security as a resource problem rather than a technology problem. I challenged readers to think about speed and scale as a solution for the resource problem. This posting expands on that discussion by considering the importance, or lack thereof, of “Context.” My assertion is that while context may matter in some situations, it is one of the biggest impediments to implementing effective cyber security today.  

The cyber security community is primarily made up of geeks, technologists, and nerds that typically can’t help themselves from going down a rabbit hole when it comes to digging into a problem. This growing community of men and women are on the front lines of protecting our payment systems, preserving our privacy, and keeping the valuable intellectual property from getting sucked out of the servers of companies of all sizes.  

Rethinking The Approach to Cyber Security

Everyone knows that cyber security is a big problem and most of what we hear about in the media is just how big of a problem it truly is: the average cost of a breach is $4M (http://fortune.com/2016/06/15/data-breach-cost-study-ibm); the global economic impact of cyber crime is $450B (http://www.cnbc.com/2017/02/07/cybercrime-costs-the-global-economy-450-billion-ceo.html); there were 4B data records stolen in 2016 alone (http://www.nbcnews.com/storyline/hacking-in-america/more-4-billion-data-records-were-stolen-globally-2016-n714066). Those are definitely some big numbers! Now, rather than wringing our hands over the size of the problems and challenges, let’s spend a little time thinking about a solution.

Expanded Threat Information is Almost Live!!

Friday is a big day for Dark Cubed!  We are preparing to launch a new feature that has been in the works for quite a while, and I couldn’t be more excited!  As I approach my one-year anniversary at Dark Cubed, I have enjoyed taking a few minutes to look back over time and see the incredible progress we have made.  From the rapid growth of customers, the new features implemented in the product, to the features requested by our amazing customers such as automated notifications, one-click blocking, and multi-level reporting.

SMBS and Cyber Security: A Real Challenge

Make no mistake: a proper cyber security strategy is essential for all companies that deal with intellectual property, customer data, financial information, and other sensitive materials. However, all too often small and mid-sized companies can feel lost in the marketplace since the majority of mainstream cyber security companies only offer services with a hefty price tag attached.

Yes, cyber security solutions can be expensive. But so are cyber attacks.

What is Grizzly Steppe? Dark Cubed Explains Russian Hackers, Elections, and Data-Driven Analytics

Two days before New Years, something interesting happened in the world of cyber security. The Department of Homeland Security released a report on hacking activities by Russian Intelligence Services related to activities against the U.S. Government. The report was somewhat interesting, however DHS also released a set of indicators in a .csv file with 956 lines of data. As the CEO of a new cyber security startup focused on using data in smarter, more interesting ways, this data tugged and pulled at me in a way that I did not expect. Over the next two days, in between (and through) family events, football games, and dogs grabbing food off of the counters, I sat on a stool in my in-law’s kitchen and tuned out the world. There was something about this analysis that I could not ignore.

How An Information Sharing Environment Can Better Predict Cyber Threat Trends

With sophisticated hacking schemes gaining velocity, maintaining an organization's cyber security can feel demanding. Few know that reality better than the federal government. In response to the events of September 11, 2001, the Department of Homeland Security, together with Congress, began to develop methods by which to gather crucial information on illicit cyber activity and disseminate it to other government agencies within the national security enterprise and private networks considered as critical infrastructure. Known as the Information Sharing Environment (ISE), DHS endeavored to boost inter-agency cooperation and reduce attitudes clinging to parochial interests in order to better protect the country from future cyber peril.

Cyber Security Monitoring In 15 Minutes? Really???

If you've read anything about Dark Cubed, you know that we pride ourselves on being different. We have built a powerful cyber security platform that is easy to install and use.

"no way." It's too simple.

Most people hear claims like that and think, “no way.” It's too simple. They are jaded. I don’t blame them. Most people discount those claims as marketing hype… if it is powerful, it cannot be easy to install or use. It has to be hard and expensive.

I have a Firewall, so I am protected, right??

Mike owns a financial advisory firm. He helps people save for life’s big events like college and retirement and knows each one of his clients personally. His team consists of 15 employees with a range of responsibilities, from providing investment advice to making trades and other administrative activities. As a result, Mike's company collects some really important personal information like social security numbers, bank account numbers, balances and transaction instructions. 

The Value of Shared Data Analytics

Here at Dark Cubed, we are focused on a new approach to cyber security that works for companies of all sizes. A key part of our mission is to use elegant engineering to simplify the deployment and use of sophisticated security capabilities. One key component behind Dark Cubed is our ability to provide enhanced protection for our customers through near real-time data analytics and predictive algorithms. As we continue to deploy Dark Cubed to more customers, we are ramping out our data science and analytics capabilities, both in-house and through partnerships. Two of the partnerships we are excited about are with the University of New Haven (focusing on IoT and Mobile Malware applications, www.unhcfreg.com) and George Mason University (focusing on data analytics and visualization, https://ece.gmu.edu).

Reflections on Last Week

I was on the road last week and had plenty of airplane time to catch-up on some overdue reading and reflection.  The conclusion of the week was marked by a rather interesting event that caused a relatively significant event on the Internet with the DDoS attack against the Dyn’s architecture.  Now, just to warn you, this isn’t a posting about how we could have fixed it and how we are the magic bullet for cyber security…we aren’t that obtuse (although many other cyber security companies are seizing this as a marketing opportunity).  Anyway, while at home this weekend and in between baseball games and kid birthday parties, I had a chance to reflect on the week and our vision at Dark Cubed, I was struck by the impact of three events from the week.

Lessons Learned From Protecting the 2016 Republican Convention

Last month I spent the week in Cleveland, Ohio – the home of the Rock and Roll Hall of Fame, Great Lakes Brewing Company, and LeBron James.  I wasn’t there to enjoy the sights, rather, Dark Cubed had been provided the opportunity to demonstrate our technology at the Republican National Convention as a member of the Cyber Security Operations Center.  Here are some of my thoughts resulting from supporting this historic event, regardless of your political leanings.

Great Press For Dark Cubed!!

We want to send a  huge thank you to a number media outlets for highlighting the hardworking team behind the scenes at the Republican National Convention (RNC) this past week. Rarely do we hear a success story woven into media coverage around cyber security. Instead, we read about data breaches, millions of dollars lost and encroaching Russian hackers. Advancements to the security measures at the RNC this year allowed the collective team to weave a story of success into the more common cyber security narrative.