Resilient Systems News

Former Raytheon CEO Bill Swanson has joined our board of directors.

For those who don't know, Resilient Systems is my company. I'm the CTO, and we sell an incident-response management platform that...well...helps IR teams to manage incidents. It's a single hub that allows a team to collect data about an incident, assign and manage tasks, automate actions, integrate intelligence information, and so on. It's designed to be powerful, flexible, and intuitive -- if your HR or legal person needs to get involved, she has to be able to use it without any training. I'm really impressed with how well it works. Incident response is all about people, and the platform makes teams more effective. This is probably the best description of what we do.

We have lots of large- and medium-sized companies as customers. They're all happy, and we continue to sell this thing at an impressive rate. Our Q3 numbers were fantastic. It's kind of scary, really.

Posted on October 2, 2015 at 2:06 PM • 19 Comments

Comments

Clive RobinsonOctober 2, 2015 4:29 PM

@ Bruce,

For those who don't know, Resilient Systems is my company.

Does this mean you own the company or you work for the company?

Bruce SchneierOctober 2, 2015 5:44 PM

"Does this mean you own the company or you work for the company?"

Work for, have equity. If anyone can be said to "own the company," it's the VCs.

Chu ToiOctober 2, 2015 7:31 PM

So any comments on the Wikipedia article about this:
Swanson's Unwritten Rules of Management and plagiarism

Bruce SchneierOctober 2, 2015 10:10 PM

"So any comments on the Wikipedia article about this: Swanson's Unwritten Rules of Management and plagiarism"

No. I know nothing more than that article.

Clive RobinsonOctober 3, 2015 3:24 AM

From the article in Fortune, it appears Bill Swanson is a fan of "offensive security" with,

Swanson said one of the lessons learned at Raytheon is that smart companies have to use both "sword and shield" to address cyber threats. "In cyber warefare you don't sit there as a goalie in a dart game." You have to do unto others so they can't do unto you."

Hmm what you might expect from a MIC defence contractor, but in many parts of the world there is a very fine line... take care on that one.

HarperOctober 3, 2015 6:57 AM

@ Mr. Schneier

I've two questions to you:

I.
How do you reconcile your incident response business with your skeptical views on preventive and indiscriminate data retention?

I mean, from what I understand, you need a lot of monitoring and logging (and thus data) to detect an attack and respond to it properly.

II.
How can your company be trusted when you have to comply with US law?
If the USIC and USLEA want you to cooperate (even in malicious ways) you can't really refuse that.

Silent Circle has moved their HQ to Geneva, Switzerland due to the more friendly legal environment in Switzerland.

As a non-US company, I would not hire Resilient Systems to be my IR partner. Sorry for that.

Bruce SchneierOctober 3, 2015 7:44 AM

"How do you reconcile your incident response business with your skeptical views on preventive and indiscriminate data retention? I mean, from what I understand, you need a lot of monitoring and logging (and thus data) to detect an attack and respond to it properly."

We have nothing to do with that part of incident response. We don't monitor. We don't log. That's not our thing.

What we are is an incident-response coordination platform. We provide a single place for an IR team to assign tasks, monitor the situation, and figure out what to do. We have lots of data, like every privacy regulation on the planet. We partner with threat feeds and provide that data. We keep records of what your IR team did and why, so that when you're sued after the fact you can demonstrate that you dealt with the situation. We also link back to various security products, allowing for automatic response when possible.

Our customers choose their level of monitoring and logging. They did it before we came along, and they'll do it after. It has nothing to do with us.

"How can your company be trusted when you have to comply with US law?"

What would the compliance be? We're not useful in eavesdropping. We're not useful in network attack. We're a coordination system. Think of us as a social network, optimized for incident response. We're not collecting data that any law enforcement or intelligence agency would want. That's not what we do.

One of the reasons I was attracted to this business is that it allowed me to sidestep this whole NSA business. I didn't want to get into the situation where the FBI demanded I do something that was against my principles. So I chose a business in the security space that wasn't in the business of saving user data, looking at packets, and so on.

Bruce SchneierOctober 3, 2015 7:45 AM

"From the article in Fortune, it appears Bill Swanson is a fan of 'offensive security'...."

He is. I'm not.

I'm not a fan of vigilante justice. I understand why it it's compelling and so many people want to do it. I think it's bad for society.

HarperOctober 3, 2015 10:43 AM

@ Mr. Schneier

Many thanks for your detailed and clarifying reply.

I'm glad that there are people like you on this planet. This gives me hope.

All the best for you and your company. :-)

FabrizioOctober 3, 2015 1:03 PM

Hey Bruce, maybe you open a branch of Resilient for non-U.S. customers in Europe? That could scatter doubts and expand your business worldwide.

Bruce SchneierOctober 3, 2015 6:02 PM

"Hey Bruce, maybe you open a branch of Resilient for non-U.S. customers in Europe?"

We already have a UK office that covers EMEA. We have relationships with VARs all over Europe and the Middle East right now.

We're working on opening an office in Asia, and another in South America.

Costas TsalikidisOctober 3, 2015 11:53 PM

I can think of one use case a TLA would have for your product - to monitor your clients to see if they have discovered that their systems have been penetrated by that TLA. In theory the TLA could do it themselves, but only if the penetration was comprehensive enough to catch general comms in addition to whatever their primary goal was.

FabrizioOctober 4, 2015 9:52 AM

@Bruce

Shame on me. I should have read your company website more carefully before suggesting the opening of an office in Europe.

But you know, UK-based companies are not that trusted as you might be thinking - at least from the point of view of a company based on Continental Europe. That's sad but the result of UK politics.

For your offices in Asia and South America, my bets are as follows:

Asia: Singapore or Hong Kong

South America: Montevideo, Uruguay or San José, Costa Rica

Frank WilhoitOctober 4, 2015 4:12 PM

Bruce,

You surely realize that this kind of product is what might be called trophy software -- people will happily buy it to make themselves look conscientious (e.g., utilities will buy it to get brownie points with their state public-utilities commissions). This means that your market saturation point may arrive very suddenly. Best have a plan against that eventuality.

Also, if your sales are as good as you say, then at some point IBM (or CA, or less likely HP) are going to try to buy you. How will you feel about that?

SimonOctober 5, 2015 7:29 AM

You need to be careful of your unconscious bias. Referring to a non-technical HR / legal person as "her" you are reinforcing the stereotype that women are less likely to be technical.

ChadOctober 6, 2015 2:21 AM

Hi Bruce,

We are a Resilient customer and currently not a happy one. I would love to give you a short summary of our experience and why we are already looking for alternatives.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.