Implementing Evil

16 years in the making


Sixteen years ago, I walked into my co-founders’ security startup looking for an engineering job. Appearing as an awkward teenager, with a black t-shirt, discman, red hair, wide skate pants, disregard for school , the works. Somehow, he thought it was a good idea to hire me as an engineer. Our products where among the first state-full and deep-packet inspection firewalls, VPN gateways and email servers — made for the emerging “always-on” internet connected IT environments.

As part of April fools 2003, we implemented filtering for the “evil bit”. Proposed by AT&T as a joke, the “evil bit” would allow hackers to mark their network traffic as “evil” — allowing security devices to more easily identify their activity as malicious. Not surprisingly, it did not end up being a popular feature. Its pretense though, has never been more relevant.

After a short run in consulting, I’ve spent most of my twenties as either part of or building cyber intelligence practices. First as a technical operator, then collection analyst and eventually leading global intelligence operations across 16-countries for #threatintel market-leader iSIGHT Partners. We used our insight into the threat landscape to create intelligence that helped our customers to detect, prevent and respond to malicious activity. A tad more involved, but the same principle as the “evil bit”.

Operationalising cyber intelligence is a lot harder.

For one, even with the exceptional visibility we had at iSIGHT Partners, we could only see a part of the threat problem. If you are to align defences against your threat reality, you need a consolidated view of insights from your own team, your industry partners, government and commercial intel providers. Then you can use that consolidated view to service the operational, tactical and strategic information needs that inform and enable your IT security.

Secondly, cyber intelligence is not just an artefact. It’s a practice. Like security operations, incident response and risk management — it requires people, process and technology to be effective. Ensuring that the right security controls, decisions and strategies are informed by what todays and tomorrows “evil bit” looks like.

We founded Intelworks to help address these challenges. Allowing organizations to take back responsibility and control of their threat reality, by consolidating insights from a diverse range of sources. Empowering the analysts at the core of the intelligence practice and enabling real-time integration into security control.

We’ve came a long way since our startup many years ago. Far from being completely grown up still, we know now how to dress ourselves, have the respect of our team and customers and have a clear vision for this industry. We believe Cyber Intelligence is the key enabler in aligning IT security efforts with threat reality. Intelworks open-source and commercial technology products will help drive this vision forward.

- My name is Joep Gommers, founder and CEO of Intelworks.