IronNet, Founded by Former NSA Director, Shuts Down

IronNet, a once-promising cybersecurity startup founded by a former NSA director and funded by cyber and defense investors, has shuttered and laid off its remaining staff following its collapse. From a report: In a regulatory filing published Friday, IronNet's president and chief financial officer Cameron Pforr said the company had ceased all business activities as it prepares for Chapter 7 bankruptcy, effectively liquidating the company's remaining assets to pay its remaining debts. The Virginia-based IronNet was founded in 2014 by retired four-star general Keith Alexander, soon after he departed as the former director of the National Security Agency during the biggest leak (at the time) of government secrets by former contractor Edward Snowden. IronNet provided corporations and government agencies with technologies aimed at helping to defend against cyber threats, and using large data sets and analytics to automate threat intelligence. Its other products were designed to protect critical infrastructure.

Security guy cannot secure funding?

[memory_register]

How IRONic.

They were warned not to use

[Tablizer]

Area 51 tech, but they couldn't keep their tentacles, I mean hands to themselves.

Re:

[Tablizer]

That implies there was at least one non-stupid alien person conspiracy. I wanna see that one.

What kind of idiot hires an NSA director

[Eunomion]

to protect their privacy? Hire sex offenders to run women's shelters while you're at it.

Promising CyberSec?

[LostMyBeaver]

I've evaluated tech from many companies and interviewed many cybersec professionals. The overwhelming majority of my findings is that the cyber security believes security is achieved by adding tools and devices to systems rather than correcting or improving system design.

Here is an example. I presented an insecure system for auditing. There were two core weaknesses.
1) The system communicated between modules on an open network using plain text protocols
2) The system used weak ciphers for HTTP communication.
As a bonus,
3) The system use the source from OpenVPN for key exchange (that code is criminally bad)

Every cybersecurity professional or organization who audited the system made endless suggestions as to what products and services should be bought. At least 75% of all recommendations would have no impact and many would have negative impact.

By comparison, when presenting the problem to computer science graduates and software engineering firms and describing some of the known problems, most recommended modifying the code to use HTTPS with secure ciphers and CI/CD to notify the build manager of patches to the protocol stacks, pull, rebuild and recommend use of new best practices for ciphers, hashes, and key exchange algorithms. In addition, some recommended binding to appropriate ports, employing ACLs and moving the backend network to a private domain. Some suggested moving to containers and recoding against a service mesh and appropriately employing an ingress to limit attack surface area.

CyberSec firms are basically a scam. They tend to have no clue how systems are built and often end up building systems which make things worse.

Consider that most of Cisco's cybersec junk runs on outdated Linux kernels and in many cases run on VMs with VM drivers that are easily exploitable. Some even run on NetFilter and don't provide kernel updates more than once or twice a year.