Never Go Full Hack-Proof

I really enjoy watching new security companies come to the market because their enthusiasm and clever attempts to solve hard problems is inspiring to everyone. However, the line between great new technology and shooting yourself in the foot with insane marketing fodder can be defined by the simple phrase, "Hack-Proof." TrustPipe didn’t get that memo.

There are few things that irk a security professional more than someone claiming "perfect security" or that their magic dust/snake oil will solve hacking completely. But, as we see, that's exactly what some marketing person thought was a great idea to get the attention, and vitriol, of an entire technology space. If attention was what they were shooting for: mission accomplished.

For another example of marketing-over-detail, here's a quote from their FAQ that also makes a technical person's stomach churn:

"TrustPipe is based on a fundamental breakthrough in the analysis of digital data that enables it to understand Internet traffic at the "DNA" level."

The frustrating part is that I want to like TrustPipe and am super interested to actually hear details rather than marketing jabber. Luckily, Tim Greene did a pretty great write-up for NetworkWorld that gives some actual detail to what is going on here:

"The company's goal is to make TrustPipe available for any device — phones, tablets, computers, industrial controls systems, light switches, thermostats, the entire Internet of Things."

"This is possible in part because the entire body of expressions to identify all malicious events across all operating systems is just 1.5MB plus a 500kB engine to scan traffic, Evers says."

Well, that’s pretty close to the “it sounds too good to be true” category of information security. If the founders of this company didn’t seem to have some great pedigree — and patents — I’d be a lot more skeptical than I currently am.

The product its self seems to be priced really, really low. $5.00 a license for consumer usage — and 5 years of updates, apparently — is unheard of for just about any security product. Only Windows XP SP3 is currently being sold on their site but plenty of platforms and operating systems are promised to be on the way including Mac OS X, Linux, OpenBSD, and other Windows versions.

I am eager to see and hear more about this company and their technology. It's great they've seemed to come up with an original way to help prevent some large scale problems, but this needs to obviously be vetted further than their development team and a few boutique customers.

So, TrustPipe folks, please ditch the lame, unintelligible marketing speak and start finding interesting ways to pitch your product without the promises that will only eventually lead to sorrow for you or your customers.