SentryBox has been discontinued. Thank you for being part of the journey — learn more in our blog post
It’s been 3 years now since I left my beloved company, WunderFleet. We built it with
passion and always focused on keeping security as high as we possibly could. After all, we were managing
millions of customers with personal information, creating 20 million vehicle bookings every
year.
We are cloud-based.
In the age of clouds, we
focused on cloud security for the most part. On the local network side, we were much weaker than on AWS, using
all the standard practices like API gateways, delivering with SSL, keeping software up to date, using SSH
only, inviting external penetration testers, and writing every line of code with possible vulnerabilities in
mind.
It would have been way easier to break into our local network by sending HR a free lunch coupon
including a phishing link. Nothing against HR, you are great ;-) The attacker could then take over one
developer’s computer after the next until they find the SSH keys connecting to the database. And yes, only 3
people out of 160 had those.
The jungle of cybersecurity
solutions
While searching for solutions, we found lots of great ones to solve our problem
and let us know if someone breaches our network. To our surprise, the solutions all had one thing in common:
they could not be ordered on demand but rather through custom sales and had a complex setup.
All we needed
at the time was some visibility, and I wanted to order it on the page right
there.
Source: honeyd releases
Rethinking Network Security
Imagine a
device you plug into your network and suddenly you know when somebody pokes around!
We could not find
a device like this and discovered some amazing open-source software instead. There are lots of honeypots out
there, and we decided to go with Honeyd. It’s free, it’s quickly set up, and should do what we wanted. But on
what device would we run it?
Our network did not have any local servers or computers that were always on,
despite having multiple machines running. Besides that the latest release had been from 2007.
Buying a
small device would be an option, but who would take care of it? We did not have any kind of uptime tracking
for this physical device and would not even have known if it was online or not, despite it being functional
using smoke tests.
We realized that we did not have the time to set it up professionally and left the
topic alone. Other founders probably feel the same way while having outside pressure to reach their goals and
getting the core business on track.
3 years later: Still no "Order Now"
device. So it’s time to build it!
