
Lessons from Norse's impending implosion - dsr12
http://www.robertmlee.org/no-norse-is-not-a-bellwether-of-the-threat-intel-industry-but-does-hold-lessons-learned/
======
coldcode
Also read the linked article from Krebs. How can people scam over and over and
still find suckers to invest in yet another scam?

~~~
VonGuard
In a culture where entrepreneurs who've "failed fast" many times over are
considered to be thoroughbreds, is it any wonder investors can be taken for a
ride by over-confident assholes? Frankly, the security industry has a lot of
smoke and mirrors companies, and always has. It's a complex industry with an
almost impossible stated goal; "make things perfectly safe."

So, the security market is largely about tools bought by people who don't know
anything about security, built by people who know they're building stuff
that's only a half-measure, and sold to people looking for a perfect solution
in a world where nothing even remotely like that can exist.

The best security companies tend to come from really good, really smart
hacker/programmers, not from smart business guys who move fast and take heads.

Norse looked pretty. That's pretty much the whole story right there. People
who don't understand security could look at the map and go, "Neat! It looks
like a movie!" That's the entire fucking story of this company. They sold
something pretty but ultimately useless. It could have been useful, but they
had no interest in making it useful because making it useful took resources
away from making it more pretty.

~~~
jtmoulia
> but they had no interest in making it useful because making it useful took
> resources away from making it more pretty.

I did most of the original work implementing Norse's honeypot map. I was hired
as a contractor, and it took about a month of part time work. Given that the
map hasn't changed much, my experience is that Norse put few "resources" into
the map.

