What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary(blog.gitguardian.com) |
What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary(blog.gitguardian.com) |
os.system(args[1])
At least by a factor of 10:1 compared to other governments, much less a company like BeyondTrust.
How can somebody let national security hinge on something that's not a "core competency" of the government itself? U. S. National. Security.
Now BeyondTrust isn't a recent startup of some kind, they appear to have been truly building trust for decades so they are probably about as well established as any contractor could be.
I don't think they just crumbled at the first state-sponsored attempt who knows when. But too late now, other states have upped the ante and it has not been matched.
All the contractors in the world combined are unlikely to accomplish enough mitigation going forward.
Probably going to require a lot more than just one government in the world combined now too.
Plus, look at Wikipedia:
Symark was founded in 1985 as a VAX/VMS utility software company in Los Angeles
Acquisitions
2009: Symark acquired the Windows-based business of BeyondTrust in 2009 for approximately $20 million[14] and they adopted BeyondTrust as the new company name.[15]
2011: BeyondTrust acquired software from Likewise Software.[16]
May 2012: BeyondTrust acquired Vulnerability Management Pioneer eEye Digital Security.[17]
December 2012: BeyondTrust acquired Blackbird Group.[18]
September 2014: Veritas Capital acquired BeyondTrust for $310 million.[19]
October 2018: Bomgar acquired BeyondTrust from Veritas.[20]
>The original BeyondTrust
>In 2003, AutoProf introduced the AutoProf Policy maker, which was the first commercial product[10] to build upon Microsoft's built-in Group Policy Objects
>Bomgar's first private equity investors, TA Associates, placed a majority investment in Bomgar in May 2014.[28]
>In April 2018, Francisco Partners announced that it acquired Bomgar from Thoma Bravo,[29] which owned Bomgar since June 2016.[30] Financial details of this deal were not disclosed.
>Bomgar now operates under the name BeyondTrust.[31][32]
This looks like recent history has been so full of deals, that could very well be a strong red flag when an established company tries to act like a more risk-tolerant young startup. Especially in security.
And if they didn't actually do it intentionally, yikes.
When you think about it, for almost 10 years until at least 2018 it's hard to imagine that number of deals taking place without all kinds of key top people totally preoccupied with dealmaking rather than security no matter how that company started out. Otherwise far less stock deals would have taken place.
Plus when you think a little more, the USA has plenty of untapped talent to be leveraged into an overwhelming government force itself if the will was there.
When the level of security needed escalates beyond the ability of money-making technologies to provide, you're going to need some non-shareholder-rewarding approaches or the job will never get done.
Now there are some really wealthy shareholders out there of many kinds, but if they haven't been able to afford it, who can you turn to?