Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:10 AM
Connect Directly

Maiffret Merges Startup With DigiTrust Group

Founder and ex-CTO of eEye joins forces with former high school hacker pal to offer security services for small- to medium-sized businesses

Legendary hacker Marc Maiffret, who recently started a security venture after leaving eEye Digital Security, has shifted gears and merged his new firm with a more established one, DigiTrust Group, a company run by a friend he met back in high school.

DigiTrust plans to soon roll out managed security services for small- to medium-sized firms.

Maiffret, 27, last fall quietly left eEye, the company he founded at age 17, and during a sabbatical laid the groundwork for starting up Invenio Security, a boutique consulting firm that provided security consulting and training to medium to large businesses, as well as penetration testing, application security assessments incident response, malware analysis, and even personal security services for individuals. (See Maiffret Starts New Security Venture.)

After recently moving from Orange County to Los Angeles for Invenio, Maiffret says he reconnected with Jason Lidow, a friend he met on the hacking scene back in the day, but who was not “up to no good like we all know I was for a couple of my teenage years,” Maiffret says. “I remember even when we first met he already wanted to start a security company and wouldn't put that at risk messing around like I did. It just took me longer to see clearly what I wanted to grow up and do, whereas I think he knew from the moment he got into learning security.”

Lidow has been running for the past decade DigiTrust, a firm that performs security assessments and remediation for companies in the $20 million- to $200 million-sized range, as well as vulnerability research. “He runs one of the most successful Southern California security consulting companies and had the same sort of vision as I did for starting managed security services targeted at the SMB market,” Maiffret says.

So Maiffret says he shut down Invenio and folded it into DigiTrust, where he will serve as director of professional and managed services, perform vulnerability research, and help launch DigiTrust’s first managed services offering for smaller businesses, an area he and Lidow see as underserved. “A lot of [larger] managed services firms say they do it all. But they just analyze logs,” Maiffret says. “We want to make sure we’re not just reading logs, but are doing actionable things to prevent and remediate problems.”

Lidow, who’s the founder, CEO, and principal of the firm, says teaming up with Maiffret was a no-brainer. “He’s a master on the product side, and the synergies were obvious with our services,” Lidow says.

Small businesses are starting to realize that it’s not just the big guys that are getting targeted. “At the end of the day, when [attackers] want to get access to financial information or Social Security numbers, we’re seeing them [start to] attack smaller businesses with less resources by default to defend themselves,” he says.

Lidow says DigiTrust to date has customers in the nonprofit, education, financial services, accounting, and insurance industries, as well as some law firms.

“Marc and DigiTrust Group seem to be saying, ‘we can come in and give you a basic, holistic protection, from perimeter to endpoint, and we'll do a lot of hand holding and help your IT guys understand what's going on on the network,” says Paul Roberts, senior analyst for enterprise security with The 451 Group . “Their goal is to become a respected MSSP in southern California first, and then build out nationally from there. So this will be a long road to haul and something of a change for someone like Marc, who is really coming from a product background, not a services background.”

Maiffret is known for his colorful history (and hair) as a teen hacker/phone phreaker who was raided by the FBI in 1998 and later went on to co-found eEye, where he discovered several critical Windows vulnerabilities and later was part of the team of researchers at eEye that was one of the first to detect (and later name) the first major Microsoft worm, Code Red. (See From Script Kiddie to CTO.)

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • complink 1725|eEye Digital Security} Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Why Cyber-Risk Is a C-Suite Issue
    Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
    Unreasonable Security Best Practices vs. Good Risk Management
    Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
    Breaches Are Inevitable, So Embrace the Chaos
    Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Current Issue
    Navigating the Deluge of Security Data
    In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2019-11-15
    qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.
    PUBLISHED: 2019-11-15
    Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt t...
    PUBLISHED: 2019-11-15
    Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
    PUBLISHED: 2019-11-15
    Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicat...
    PUBLISHED: 2019-11-15
    Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.