Event
Summary
The creation
of @Stake, a new security venture, has taken the hacker group known as the L0pht
under its wing as their Research and Development division. Who are these beacons
of the security underground? Will they put Trojan horses in your network and
divert your payroll to their own bank accounts? Should you trust them? What
would your mother say if you hired a hacker?
Market
Impact
Due to the huge information security compromises that eCommerce sites and Internet
Portals have been experiencing, network and system security exposures have become
increasingly important in the world of information technology. With an increasing
amount of security exposures on the horizon, we predict that the market for
security consulting services, still in its infancy, will exceed $2 billion by
2002. Considering the expanding market, Battery Venture's recent investment
in the L0pht in the formation of @Stake is simply good business.
@Stake
is a new type of security consultancy, at least from a marketing perspective.
From a delivery perspective, @Stake/the L0pht has been securing networks for
corporate America for years. Last year, the L0pht audited an eCommerce site
for one of the biggest financial institutions in the world. This site continues
to withstand on-going Denial of Service attacks and routine network attacks
and has yet to be compromised. With that in mind, we think that @Stake is a
viable organization to examine when evaluating security outsourcing vendors,
along with Ernst & Young, Deloitte & Touche, and Arca Systems .
User
Recommendations
When it comes to hiring consultants, what is typically most important to IT
decision makers is the deliverables that can be achieved, and the timeframe
in which it takes to produce them.
Before
hiring any security consultancy, make sure you understand what deliverables
you are looking for before signing any purchase orders or contracts. Are you
looking for an Architecture Plan, a Service Level Description, or a Network
Vulnerability Assessment?
If you have any doubts about a security consultancy's capabilities, ask them
for references that include names and phone numbers.
If you do hire @Stake, don't worry, they won't show up in ski masks. Oh, and
don't forget to ask to see the lock-picking demo.