Norse Corp disappears shortly after CEO is asked to step down

Ex-staffers and background investigation paint a dark picture for the media darling of the threat intelligence space

hack attack map
Norse Corp.

Update: Sam Glines, co-founder of Norse Corp, sent a statement to Salted Hash. It's posted in full on page two of this article.

Over the weekend, Norse Corp, a company that was one placed towards the top of any threat intelligence vendor list, went dark.

On Saturday, investigative journalist Brian Krebs, citing sources familiar with the situation, said that Norse Corp CEO, Sam Glines, was asked to step down by the board of directors. The same sources told Krebs that employees were told that they could report to work on Monday, but that there was no guarantee they'd be paid for their work.

Less than a day after Krebs published his article, Norse Corp's website was offline, and attempts to email the company failed. The ever-popular Norse attack map was online for some of the weekend, but that too had gone dark by Sunday evening.

Speaking to Krebs, his sources said that Norse Corp assets would be merged with Solarflare. Emails to Solarflare seeking comment were not returned by the time this story went to publication.

Update: Solarflare emailed Salted Hash to say they had no comment. But Solarflare CEO, Russell Stern, told Brian Krebs that "there has been no transaction between Norse and Solarflare."

Norse Corp was once a media darling, heavily cited for their reports on Iran last year, and prior to that, the company gained international headlines for their research into the Sony Pictures hack.

However, each time Norse Corp grabbed media attention, they were met with brutal backlash from the security community, and the common charge was that their assumptions and supporting data were flawed.

In the aftermath of Norse Corp's disappearance, the topic of flawed data and assumptions has once again resurfaced in a blog post written by ICS expert, Robert M. Lee.

The latest developments at Norse Corp follow a round of layoffs at the start of the New Year, and Krebs' story digs further into the situation by adding that nothing so far should have come as a surprise:

"A careful review of previous ventures launched by the company’s founders reveals a pattern of failed businesses, reverse mergers, shell companies and product promises that missed the mark by miles."

Adding to this, Krebs spoke to a senior data scientist at Norse Corp, Mary Landesman, who said the data used by the company isn't great, adding that it's "pretty much the same thing as if you looked at Web server logs that had automated crawlers and scanning tools hitting it constantly."

"But if you know how to look at it and bring in a bunch of third-party data and tools, the data is not without its merits, if not just based on the sheer size of it."

Data is what made Norse Corp what it is. But if there are issues with the data, that could be problematic for Norse Corp customers who relied on it for security decisions and risk analysis. Now that the company has gone dark, it's unclear how this will impact their customers.

Jason Belich, former Chief Architect at Norse Corp, who calls himself the "Co-Creator of the Cyber Threat Intelligence Industry" on LinkedIn, disputed Krebs' story, making him the only Norse Corp employee to defend the company after the news broke.

Interestingly enough, while he came to the company's defense online, he isn't actually an employee, he was let go during aforementioned layoffs in January.

Belich said that Landesman wasn't a credible source, because she was employed by the Norse Corp sales and marketing team. Her title, he says, "never anything more than an affectation, as no one on that side of the house was ever allowed access, rightly or wrongly, to core data or to production processes."

He says her comments were invalid because as a "remote employee, who never appeared in the office more than a handful of times, she never had any sort of pulse on the production teams nor the day-to-day operation of the company, nor anything other than the sales efforts."

Belich also had several other complaints about the Krebs article, but in a Twitter exchange between the two, Krebs took Belich to task for not making his thoughts known prior to publication.

Both Krebs' story and the post made by Belich are worth reading as things unfold with Norse Corp.

Looking for additional comment, Salted Hash reached out to KPMG, the investor who gave Norse Corp $11.4M last September, however the company has yet to respond to inquiries.

Update: KPMG sent the following comment: "The terms of our investment with Norse remain confidential and we have no further comment to make at this time."

While Belich seems to be a supporter of Norse Corp given his defense, has questions of his own about what happened at the company, and said that he would be re-working his LinkedIn profile to "de-norse-ify" it all.

In his post responding to Krebs' story, Belich outlined his issues:

"What is genuinely frustrating about this story, is there is literally nothing in it about the actual problems and failures which led to Norse's current situation: /Why/ is Tommy Stiansen such a secretive bastard?  Why has Norse garnered so much hate? How did such a toxic corporate culture develop that caused so many former employees to want to speak out? What were the blunders which caused a finance under-run?"

On the original article by Krebs, Belich goes into more detail in the comments section, which appeared after the other linked post was made.

A soft landing:

While the status of Norse Corp is still unknown, it’s important to remember that if there are problems, then the blame should fall on the shoulders of management.

The company has several highly-skilled employees who will need a job sometime in the very near future it seems, and none of them are to blame for anything that might've happened to the company.

For those at Norse Corp currently looking for a new career:

Twitter is hiring; Motorola Solutions is hiring; and Mozilla is hiring security people too. Mandiant also said they're hiring.

Over the weekend, Salted Hash was informed of positions open at Carnegie Mellon University [a second position is here], Grant Thornton, BNY Mellon, PNC, and Giant Eagle.

1 2 Page 1
Page 1 of 2
7 hot cybersecurity trends (and 2 going cold)