Legendary hacker Marc Maiffret, who recently started a security venture after leaving eEye Digital Security, has shifted gears and merged his new firm with a more established one, DigiTrust Group, a company run by a friend he met back in high school.
DigiTrust plans to soon roll out managed security services for small- to medium-sized firms.
Maiffret, 27, last fall quietly left eEye, the company he founded at age 17, and during a sabbatical laid the groundwork for starting up Invenio Security, a boutique consulting firm that provided security consulting and training to medium to large businesses, as well as penetration testing, application security assessments incident response, malware analysis, and even personal security services for individuals. (See Maiffret Starts New Security Venture.)
After recently moving from Orange County to Los Angeles for Invenio, Maiffret says he reconnected with Jason Lidow, a friend he met on the hacking scene back in the day, but who was not up to no good like we all know I was for a couple of my teenage years, Maiffret says. I remember even when we first met he already wanted to start a security company and wouldn't put that at risk messing around like I did. It just took me longer to see clearly what I wanted to grow up and do, whereas I think he knew from the moment he got into learning security.
Lidow has been running for the past decade DigiTrust, a firm that performs security assessments and remediation for companies in the $20 million- to $200 million-sized range, as well as vulnerability research. He runs one of the most successful Southern California security consulting companies and had the same sort of vision as I did for starting managed security services targeted at the SMB market, Maiffret says.
So Maiffret says he shut down Invenio and folded it into DigiTrust, where he will serve as director of professional and managed services, perform vulnerability research, and help launch DigiTrusts first managed services offering for smaller businesses, an area he and Lidow see as underserved. A lot of [larger] managed services firms say they do it all. But they just analyze logs, Maiffret says. We want to make sure were not just reading logs, but are doing actionable things to prevent and remediate problems.
Lidow, whos the founder, CEO, and principal of the firm, says teaming up with Maiffret was a no-brainer. Hes a master on the product side, and the synergies were obvious with our services, Lidow says.
Small businesses are starting to realize that its not just the big guys that are getting targeted. At the end of the day, when [attackers] want to get access to financial information or Social Security numbers, were seeing them [start to] attack smaller businesses with less resources by default to defend themselves, he says.
Lidow says DigiTrust to date has customers in the nonprofit, education, financial services, accounting, and insurance industries, as well as some law firms.
Marc and DigiTrust Group seem to be saying, we can come in and give you a basic, holistic protection, from perimeter to endpoint, and we'll do a lot of hand holding and help your IT guys understand what's going on on the network, says Paul Roberts, senior analyst for enterprise security with The 451 Group . Their goal is to become a respected MSSP in southern California first, and then build out nationally from there. So this will be a long road to haul and something of a change for someone like Marc, who is really coming from a product background, not a services background.
Maiffret is known for his colorful history (and hair) as a teen hacker/phone phreaker who was raided by the FBI in 1998 and later went on to co-found eEye, where he discovered several critical Windows vulnerabilities and later was part of the team of researchers at eEye that was one of the first to detect (and later name) the first major Microsoft worm, Code Red. (See From Script Kiddie to CTO.)
Kelly Jackson Higgins, Senior Editor, Dark Reading