Security Experts:

Security Startups: Interview With Defense.Net Founder and CTO Barrett Lyon

Security Startups Feature on Defense.Net

Company: Defense.Net  |  Who: Barrett Lyon, Founder and CTO

SecurityWeek: How did you start out in the computer field and in particular, security?

Barrett: As a child, I had a lot of interest in computers and became very interested in Unix. Unix is hyper-focused on security – the way you can configure the machine, the network, etc. Inherently learning about Unix and the Internet you become aware of the things you can do – and not necessarily the good things. I was quite a mischievous kid - the high school teachers were treated quite badly… I went low down for a while and as I started growing up I realized that people’s lives and their business rely on computing and that hacking is not something that has no consequence. I still had the urge to learn and tinker – unfortunately, I have a talent of breaking things – so I ended up working for a small security firm in LA. We were doing this thing called the “firewall”. We were installing Gauntlet- the first commercial firewall. I got to learn the ins and outs of that, and shortly after, I got interested in pen-testing and so as a 19-year old I became a pro pen-tester. This was back in 1998 and the Internet was ripe for hacking. Being hired from insurance companies to military outfits and being allowed to penetrate their networks without getting into trouble was lots of fun.

Photo of Barrett Lyon of Defense.Net
 Barrett Lyon, Founder and CTO of Defense.Net

SecurityWeek: What brought you to found Defense.Net?

Barrett: In 2003 I founded Prolexic, the first business that did DDoS mitigation as a service. I realized that there were a lot of ways to fortify the network without having to actually grow the network. It made sense this way to protect businesses in case of an attack. I was told it was a bad idea, and that academics don’t like it, but reality is that it worked enough at that time to keep businesses online for awhile. I ended up leaving Prolexic and started building my own video CDN called BitGravity. The idea was to eliminate the cables and instead, have paid access to all the content that existed. At that time there was no video in scale as we have today - the Internet was predominantly HTTP, and SSL was used in very limited circumstances. From there I continued to XDN which helps manage multiple CDNs. I was heavily into content delivery which is very much focused on stability - marketing the product to people in large enterprises. Nobody was thinking then about the security. In 2003 it was acceptable were the site not working for 3% of the users, today that’s not acceptable. After learning the non-security part, the media side, it gave me a view on how to protect against DDoS better. I spent 8 years to work on this idea and improve the technologies. Essentially this led to me to start Defense.Net in December 2012.

SecurityWeek: What does Defense.Net do?

Barrett: We do DDoS mitigation as a service. Similar to what Prolexic does but in a much different fashion and with a different protocol. One of the big problems Prolexic faced when we started was not the egress side, meaning, getting the traffic in - but once you clean the traffic - how you get it out. Proxy servers or tunneling that traffic has huge side effects so those solutions are not that feasible for businesses today. What we did was build a new protocol, called IP Reflection, which returns traffic to customers. IP Reflection can actually send back the traffic without a tunnel, without encapsulation, and without proxy servers. In this technique, the headers are re-written to re-route the packets through our network, so we look like an ISP to the customers. When the traffic comes in to us, we clean it, scrub it and then reflect the traffic back to the customers. We have the equipment to do this within micro-seconds per packet, we can run on a VM or on an existing security equipment such as load balancers or routers. We support any protocol that runs on IP, such as VoIP, video streaming and even DNS. Since we’re not impacting the customer’s network it looks as if the attack magically disappears. We built a 0.5Tb network to deflect the attacks against us. Our plan is to handle in the next year a 2000Gb attack.

SecurityWeek: How did you get your idea off the ground?

Barrett: I had a private lab, which I called Lyon’s Lab, where I would tinker with things. Getting the protocol to run wasn’t easy at first. It took 8 years to figure out. I also knew that the market had to be in the right place. I went to raise funding with Dave Cowan, the co-founder of Verisign who mainly does security investments through Bessemer Venture Partners. I’ve got an amazing team on the technical side, and Dave paired us with the CEO, Chris Risley, who was the perfect guy for the job. Two weeks later, we were funded.

SecurityWeek: Who are your biggest competitors?

Barrett: Prolexic (recently acquired by Akamai) and Verisign. The reality is that if all the banks use Prolexic or Verisign and they get hit by an attack – then all of the banks have a problem. What is needed are more providers focusing on DDoS as a core business.

SecurityWeek: What's your business model?

Barrett: There’s a monthly recurring service charge and a small installation fee. Once you sign up with us, we just bill you monthly. We strive to keep it simple and not take advantage of people when they’re under attack.

SecurityWeek: What are your markets?

Barrett: Any business, organization or critical infrastructure provider that relies on uninterrupted and high-performance Internet connectivity. Right now, we’re focusing on the financial services industry, but we are also seeing demand from multiplayer online games down to political websites. Apparently today’s protest tactic of choice is DDoS.

SecurityWeek: Where do you think your field is going on from here?

Barrett: It’s very clear that DDoS attacks are moving towards the application layer. Currently app-layer attacks are not that advanced – the attackers can’t hide themselves. These attacks require that the bot be connected to the servers, so it’s easier to take them down. As a result, attackers are now trying to get around it. At the BlackHat conference last summer there was a demonstration on bypassing DDOS-app mechanisms. Longer term, I see that attacks are getting larger, and not necessarily because of compromised PCs.

I think that the Internet of Things is going to be a very powerful weapon for people to exploit. Almost all TVs have networks and so do cars, phones, audio receivers and even light bulbs. They’re all new, untested, and they’re getting IP addresses, making them vulnerable to attacks. However, these devices don’t have a User Interface so you can’ttell their state – whether they’re connected or hacked. We’ve become incredibly dependent on the Internet, its backbone and services. We’ll see a lot of interesting stuff in the next few years.

SecurityWeek: Are you hiring? What do you look for when you hire?

Barrett: We’re hiring for all facets of the business – operations, networks, engineering, and sales. I look for people that are passionate about what they do. It’s also important that they’re somewhat of a rounded individual. They might live and breathe DDoS and C, but they should also have hobbies that expand their minds outside of work. I look for people that are pleasant to work with.

SecurityWeek: Any tips for other entrepreneurs starting out?

Barrett: Really believe passionately about your idea so that nothing can get in your way. Sounds a bit like a cliché but just let go and work as hard as you can. Eventually, your work will pay off as you envisioned it. The pay might not be financial, but it comes as the experience of the process. And oh, take time to breathe.

Read More Security Startup Interviews Here

view counter
Noa is a private consultant specializing in building thought leadership teams within tech companies. She is one of SecurityWeek’s first columnists with previous columns focusing on trends in the threat landscape. Her current interest lie on the business-side of security. Noa has worked for Imperva as a Sr. Security Strategist and before that, as a Sr. Security Researcher. She holds a Masters in Computer Science (specializing in information security) from Tel-Aviv University.