It’s been 3 years now since I left my beloved company, WunderFleet. We built it with passion and always focused on keeping security as high as we possibly could. After all, we were managing millions of customers with personal information, creating 20 million vehicle bookings every year.
We are cloud-based.
In the age of clouds, we focused on cloud security for the most part. On the local network side, we were much weaker than on AWS, using all the standard practices like API gateways, delivering with SSL, keeping software up to date, using SSH only, inviting external penetration testers, and writing every line of code with possible vulnerabilities in mind.
It would have been way easier to break into our local network by sending HR a free lunch coupon including a phishing link. Nothing against HR, you are great ;-) The attacker could then take over one developer’s computer after the next until they find the SSH keys connecting to the database. And yes, only 3 people out of 160 had those.
The jungle of cybersecurity solutions
While searching for solutions, we found lots of great ones to solve our problem and let us know if someone breaches our network. To our surprise, the solutions all had one thing in common: they could not be ordered on demand but rather through custom sales and had a complex setup.
All we needed at the time was some visibility, and I wanted to order it on the page right there.
Source: honeyd releasesRethinking Network Security
Imagine a device you plug into your network and suddenly you know when somebody pokes around!
We could not find a device like this and discovered some amazing open-source software instead. There are lots of honeypots out there, and we decided to go with Honeyd. It’s free, it’s quickly set up, and should do what we wanted. But on what device would we run it?
Our network did not have any local servers or computers that were always on, despite having multiple machines running. Besides that the latest release had been from 2007.
Buying a small device would be an option, but who would take care of it? We did not have any kind of uptime tracking for this physical device and would not even have known if it was online or not, despite it being functional using smoke tests.
We realized that we did not have the time to set it up professionally and left the topic alone. Other founders probably feel the same way while having outside pressure to reach their goals and getting the core business on track.
3 years later: Still no "Order Now" device. So it’s time to build it!
