Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:10 AM
Connect Directly

Maiffret Merges Startup With DigiTrust Group

Founder and ex-CTO of eEye joins forces with former high school hacker pal to offer security services for small- to medium-sized businesses

Legendary hacker Marc Maiffret, who recently started a security venture after leaving eEye Digital Security, has shifted gears and merged his new firm with a more established one, DigiTrust Group, a company run by a friend he met back in high school.

DigiTrust plans to soon roll out managed security services for small- to medium-sized firms.

Maiffret, 27, last fall quietly left eEye, the company he founded at age 17, and during a sabbatical laid the groundwork for starting up Invenio Security, a boutique consulting firm that provided security consulting and training to medium to large businesses, as well as penetration testing, application security assessments incident response, malware analysis, and even personal security services for individuals. (See Maiffret Starts New Security Venture.)

After recently moving from Orange County to Los Angeles for Invenio, Maiffret says he reconnected with Jason Lidow, a friend he met on the hacking scene back in the day, but who was not “up to no good like we all know I was for a couple of my teenage years,” Maiffret says. “I remember even when we first met he already wanted to start a security company and wouldn't put that at risk messing around like I did. It just took me longer to see clearly what I wanted to grow up and do, whereas I think he knew from the moment he got into learning security.”

Lidow has been running for the past decade DigiTrust, a firm that performs security assessments and remediation for companies in the $20 million- to $200 million-sized range, as well as vulnerability research. “He runs one of the most successful Southern California security consulting companies and had the same sort of vision as I did for starting managed security services targeted at the SMB market,” Maiffret says.

So Maiffret says he shut down Invenio and folded it into DigiTrust, where he will serve as director of professional and managed services, perform vulnerability research, and help launch DigiTrust’s first managed services offering for smaller businesses, an area he and Lidow see as underserved. “A lot of [larger] managed services firms say they do it all. But they just analyze logs,” Maiffret says. “We want to make sure we’re not just reading logs, but are doing actionable things to prevent and remediate problems.”

Lidow, who’s the founder, CEO, and principal of the firm, says teaming up with Maiffret was a no-brainer. “He’s a master on the product side, and the synergies were obvious with our services,” Lidow says.

Small businesses are starting to realize that it’s not just the big guys that are getting targeted. “At the end of the day, when [attackers] want to get access to financial information or Social Security numbers, we’re seeing them [start to] attack smaller businesses with less resources by default to defend themselves,” he says.

Lidow says DigiTrust to date has customers in the nonprofit, education, financial services, accounting, and insurance industries, as well as some law firms.

“Marc and DigiTrust Group seem to be saying, ‘we can come in and give you a basic, holistic protection, from perimeter to endpoint, and we'll do a lot of hand holding and help your IT guys understand what's going on on the network,” says Paul Roberts, senior analyst for enterprise security with The 451 Group . “Their goal is to become a respected MSSP in southern California first, and then build out nationally from there. So this will be a long road to haul and something of a change for someone like Marc, who is really coming from a product background, not a services background.”

Maiffret is known for his colorful history (and hair) as a teen hacker/phone phreaker who was raided by the FBI in 1998 and later went on to co-found eEye, where he discovered several critical Windows vulnerabilities and later was part of the team of researchers at eEye that was one of the first to detect (and later name) the first major Microsoft worm, Code Red. (See From Script Kiddie to CTO.)

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • complink 1725|eEye Digital Security} Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 6/5/2020
    How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
    Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
    Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: What? IT said I needed virus protection!
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-06-05
    The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
    PUBLISHED: 2020-06-05
    The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
    PUBLISHED: 2020-06-05
    In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
    PUBLISHED: 2020-06-05
    In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
    PUBLISHED: 2020-06-05
    In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.