in my mind, in the sense that they attacked something that we thought was air-gapped: the Swift network, the money transfer network. These guys had the intention of stealing a billion dollars, and that’s a very different proposition than stealing tens of thousands or hundreds of thousands of dollars’ worth of credit card information off credit cards. But when you start stealing a billion dollars, now we’re talking a different league here. And so I think with these three examples, it’s less about the volume. Those three examples took it to a different level here.
Xconomy: So I imagine there is increasing appetite or awareness or demand for services like yours. Can you give me some vital statistics about the company right now? How big have you gotten, how much money have you raised, how many offices do you have? Help people gauge the size of Recorded Future.
CA: As with any other private company, we’re trying to be coy about that stuff. But the stuff that you can figure out without too much Googling around is that we’ve raised about $30 million in total. Actually it’s been a good while since we raised money. Hopefully that’s a good thing. You could probably dig around on LinkedIn and figure out that we’re some 120 people or so in total. And so that’s probably not the best kept secret. We’re in four or five different offices. You’ll find us in Boston and Washington, DC, in Gothenburg in Sweden, as well as in London, U.K. We’ve got a little bit less than 25,000 people who receive our Cyber Daily every day. We think that’s very cool. That’s probably the largest intel brief that goes out in the world. That’s larger than some of the big military briefs. At least, it’s the biggest civilian intel brief that goes out there. And then [we have] hundreds of customers, and that’s probably the only thing we’ll will say about that.
Xconomy: What do you guys do to keep getting better at what you do? Do you have an R&D division, or are you constantly reinventing you or your software and your infrastructure?
CA: In intel, in all software, you have to keep improving. Cyber is sort of unique in the sense that you have a sentient opponent who is literally trying to fiddle with the data that you’re trying to measure. And that happens in a few other sort of places, maybe in trading bots and Wall Street, there are a few places this happens. So that means—and this is true in intel in general—as you collect intel data, your adversary may literally try to change what you’re measuring. He might change his targeting. He might change the methods that he uses. He might change lots of different things. If you sit still, not much interesting is going to happen. And if nothing else your competitors are going to come up and catch up. So you have about nine different reasons to keep inventing very fast here.
And so yes, we try to do a lot of different things where we run a core collection apparatus here just like any intel agency would. And we keep investing and improving that. That’s sort of the number one.
Number two then, collecting new types of data. We do that all the time. If you think about it in military terms, people think about all source analysis, trying to get lots of different angles on the same problem set. So adding more types of data to what we do, trying to figure out how we can do what I call pre-connecting the dots for our customers, because that’s the hard part. So we probably have some 30 billion dots, 30 billion rows in our database. And that’s a lot, when you’re going to sit down and say who actually did Attack A or who was targeted in Attack B. When you start with 30 billion of anything, it’s really hard. So we try to connect those dots.
And now we come to what you talked about before, machine learning and other techniques to try to actually help people make sense of this data. But we’re also firm believers in enabling the human in all of this. There is no easy button here where you just push a button and out comes an answer. But we like to think about enabling the humans, the analysts. And we talked a lot about creating cyber threat, intel “centaurs” who are enabled through our machines, our systems, to be smarter analysts.
Xconomy: Are there any misconceptions about cybersecurity that particularly annoy you?
CA: So, two. One on the target side and one on the attacker side.
On the target side, I think everybody would love to think that they’re a target of choice, that they’re very special, and that somewhere there is somebody sitting in a dark cave and trying to figure out how to attack you. In reality it’s bots. These scanner systems are going up and down, up and down the Internet and looking for something that’s vulnerable. And as soon as they find something, they go to work. People like to think that they’re a target of choice. In reality they’re probably a target of convenience.
On the other hand, in terms of the attackers, people like to think that attackers are super hyper advanced. And yes there are a few places that are super hyper advanced. But even the super advanced sort of people or organizations are unlikely to apply the most advanced methods in there. The most advanced methods, you’re unlikely to want to burn. You will actually keep them for the time when you really, really need them . Regardless of who did Stuxnet—we could argue about that all day—but in that attack. some pretty juicy stuff was used. But they’re burdened with it because the code is out there then; it was there for everybody. Not only was [it] sort of showing the hand of what’s possible; somebody showed in a very clever way that you could jump into an air-gapped facility. That had not been done before.
But an attacker is more likely to find some more basic methods and just try to reuse them and reuse them and reuse them, in a more sort of mechanical fashion, and to attack those targets of convenience.
Xconomy: To wrap up, what’s the most fun thing about your job, and what’s the most challenging thing about your job?
CA: If you think about it, there are very few places where, in a commercial environment, you get to walk in the door in the morning and come in and chase bad guys, criminals, nation states, what have you. And try to outsmart them and try to figure out how we can make the Internet a safer place. In terms of what we do for threat intel, I think we’re pretty damned unique, and there are very few places where you get to walk through the door and have a database of 30 billion records and try to figure out how to grow that in clever ways and how to use that data to figure out the intents and capabilities of the bad guys. It’s pretty unique and pretty fun.
Xconomy: But what gives you a headache by the end of the day? By the time you’re walking out that door you probably are feeling differently, right?
CA: It’s probably exactly what I just said—the same things. It’s very, very, very hard because the bad guy is sitting on the other end, and is not sitting still. But I think if you’re going to be an entrepreneur, you can’t worry about headaches. There are going to be headaches every day all the time. And headaches are to be got rid of.
