Thomas Ptacek | July 9th, 2008 | Filed Under: Feature, Uncategorized
Thanks to Rich Mogull, Dino and I just got off the phone with Dan
Kaminsky. We know what he’s going to say at Black Hat.
What can we say right now?
Dan’s got the goods. You know that scene near the end of High
Fidelity where Jack Black listens to the skate punk’s electroclash
demo? Yep. It’s really f’ing good.
This is strong year at Black Hat: Dowd and Lawson in
particular have awesome talks linked up. But Dan may have Best of Show
here.
If you were running DJBDNS before, you’re safe. If you made
fun of me for running DJBDNS: sucker.
Ryan Russell pointed out earlier on our blog that Dan takes a
lot of crap for doing so much public research. You can’t be in the
public eye for long without taking fire from people who write
shellcode instead of Black Hat talks and press releases. Ryan is
right: it’s not fair. I don’t know how you can give Dan crap about his
work after this.
I think Dan should come clean on this and publish the details. The 30
days he’s given before Black Hat won’t make much of a difference. But
his reason for not doing it is at least plausible. And he did the
work. So, it’s his call.
I think I owe Chris Eng $100 now.
104 Comments
Dave G. | July 9th, 2008 | Filed Under: Feature, Matasano, Navel Gazing
“If we just get this hardware layer 7 firewall to market in 3 months we’ll be funded in 4 and we’ll be millionaires in 24 months tops!” — Thomas Ptacek, shortly before I give the two weeks notice that became 6 weeks at Symantec.
Matasano has been around for over three years now, and we are not millionaires. The company’s original goal was to create a new way for companies to solve the internal access control nightmare (that still persists, in spite of NAC). In 2005, our thought process was the typical startup blueprint: We have a great team, a great idea, lets go get some funding and build a product company.
I could probably write a series of blog posts on the VC process, but during both the due diligence process and our independent conversations with customers, we had a common question keep coming up. “This product {sounds great, sounds impossible, is the holy grail}. So… How do I manage it?”
When a product doesn’t exist yet, it is really easy to talk about how you manage it. And since it was a common hurdle, we kept coming up with more and more clever answers to the problem. So, now we had a revolutionary new idea for the firewall, and we also had an incredibly sophisticated management interface. This would be great except we just kept evolving the product to the point where we would have needed a ton of funding to proceed. Also, we learned that we probably know more about the business that we want to build than anyone else.
So, after regrouping, we realized that the common thread in most of our conversations with potential customers was The Management Question. So, we went back to a lot of the folks we talked to and drilled down. We found that even now, in 2008, organizations are still struggling to manage what is arguably the most ubiquitous security product on your network. The firewall.
Yes, the problem of managing firewalls isn’t as fascinating as figuring out how to perform line speed, full decode of protocols and making stop/go decisions at 10Gbits. Instead, we are solving a real operations problem. The type of product where you don’t make everyone’s life more difficult when you deploy, but instead make everyone’s life better.
The obvious question is, “3 years… really?”.
“We have a team of kernel developers working on a web-app… two months, tops.”
This wasn’t three years spent dedicated to application development. The application was built in spare cycles. The fact of the matter is, while we were building this product, we were also building a consulting business.
We started the business based out of Jeremy’s apartment. This was great for me, as the commute was about 10 minutes (Jeremy lived one block further away from me than the old @stake office). Jeremy eventually moved, and we decided to move the office to my apartment. The commute got better, but running a business from your (or at least, my) home is a big quality of life hit for everyone involved. Just ask Dino and Jeremy, they worked on opposite sides of what used to be a dining room table, with Dino having to squeeze in between the air conditioner and the table with like 2 inches to spare. Mostly though, it is hard to feel like a real company when there isn’t an office. It is also hard to feel like a company when you are three people (after Dino and Window left us!). It is also really hard to feel like a company when a customer calls the business line at 10PM to leave a voicemail and gets me answering the phone with the television blaring in the background.
So, we got an office. Then Chicago got an office. Both of these offices were unbelievably humble. The first New York space had four people working inside of a 100 sq. ft. office. The Chicago office wasn’t much bigger. Also, water leaking from the ceiling. Also, it was above some weird print shop. But you know what. Also, it started to feel like a real company.
We also started hiring. Almost like Clockwork, we would get more work as soon as we hired someone (which, basically meant that we still had a gap). Also moving the real company dial.
“Corporate blogging is a total waste of time.” — Dave Goldsmith
At this point, we would cue the Montage:
Offices of the non-leaking variety for Chicago. Hiring amazing people. Holy crap, we have a benefits person. More great customers. Lots and lots of blog posts (almost one a workday since the inception of the company). Dedicated developer for Playbook. Bigger offices for New York and Chicago. 401k’s?! Crazier and crazier consulting projects. Which lead to blackhat talks. Which lead to even crazier projects. UI Designers cost how much? Horribly… horribly… awesome. Tom calling me to tell me that if we don’t do X in Y time frame the company will surely collapse. Jeremy looking at me like he is going to stab me in the neck if we don’t start hiring more people.
In spite of everything I just ranted about, services is and will continue to be a great business for us. Not only is the work exciting and ever-changing, we just wouldn’t get the same level of visibility into the real life challenges that modern enterprises face.
That being said, we started Matasano with the goal of selling security products. And as of July 2nd, 2008… we do.
ps: It would be absurd if I didn’t take a moment to thank Adam, Alex, Craig, Dan, Dino, Duncan, Eric, Erin, Kim, Max, Mike, Jeremy, Jess, Timur, Tom, Window, Wes, all of our customers, partners and trusted advisors.
8 Comments
Chris | July 7th, 2008 | Filed Under: Feature, Uncategorized
Hello! My name is Chris Rohlf and I just joined the Matasano team. I will be working on various different client projects from the NYC office. I have spent the last 5 years in the security world working on various things from R&D to operations at both government and corporate organizations. Most of my interest and work has revolved around reverse engineering, and vulnerability discovery on different platforms. Some of you may have read my personal blog in the past [EM_386] where I blog about reversing, vulnerabilities, programming and my general security related opinions.
Most recently I worked in an operational role where I got to see first hand the security threats and challenges that a large enterprise faces every day. But now I look forward to putting my prior research experience to work at Matasano.
12 Comments
