IronNet was founded by the former Director of the National Security Agency (a four-star General). The company raised over $427M in funding from some well-known investors. Such star power should have provided IronNet with powerful tailwinds. Sadly, they recently filed for bankruptcy and became the first public cybersecurity company to go bankrupt in over a decade.
What you may not know about the story is that the founding data science team came from DARPA, supporting a program called Network Defense, many of whom were L-3 employees that I hired and worked with closely for many years. The L-3 employees helping Network Defense split into two groups, half leaving L-3 to join IronNet and the other half joining Cybraics (including myself). IronNet capitalized in Oct. 2015 (raising more than $32m), and Cybraics in Jan. 2016 (raising more than $8m). Both teams were highly talented and focused on finding APTs in network traffic using machine learning.
Unfortunately, the market for finding nonobvious network intrusions is actually small. Governments may pay a premium for advanced threat detection. However, commercial entities perform a cost-benefit analysis to minimize costs while anticipating cybersecurity breaches rather than investing any amount required to prevent a breach and eliminate risk. Yet, advanced threat detection involves machine learning, which is very costly. Therefore, building a competitive product or service to work within the commercial cost-benefit analysis is complex.
This tension between market realities and the cost of machine learning may have factored into IronNet’s demise. There is some evidence to support this assertion. Amazon Web Services (AWS) cut off the company’s access due to unpaid bills. According to the President and CFO, IronNet began falling behind on AWS payments around twelve months ago and amassed nearly $480,000 for overdue invoices (with only 60–70 customers). I bring this up because Cybraics had similar problems using machine learning for threat detection. While we made it out alive (being acquired in 2022), the path was filled with challenges.
I mention all of this not to place blame (especially at the feet of the data science team). The cybersecurity market is unforgiving. If the former Director of the National Security Agency can raise $427M and hire a world-class data science team and fail, anyone can. Instead, this article highlights the realities of using machine learning for product development, especially a cybersecurity product. Simply put, machine learning is expensive, and you should never solve a problem with it that can be solved without it. A segment of the DARPA Network Defense team epitomized this philosophy by distilling some complex machine learning models into rules or computationally simple algorithms, even amidst criticism. The internally designated and self-styled “low-hanging fruit team” emerged organically in the Network Defense program at DARPA. However, portions of the program’s leadership criticized these heretics because they challenged the status quo of using the most novel and complex solutions. Still, the low-hanging fruit team was creating commercially viable solutions.
The goal should never be to use machine learning. The goal is problem-solving. Factors like cost, solution efficiency, and customer value should always guide the path forward, not just the allure of cutting-edge technology. Cybraics ultimately combined a mixture of very simple and some very complex solutions. We kept two eyes on the problem (most of the time) and worked off complexity as often as possible.