Norse Corp disappears shortly after CEO is asked to step down

Update: Sam Glines, co-founder of Norse Corp, sent a statement to Salted Hash. It’s posted in full on page two of this article.

Over the weekend, Norse Corp, a company that was one placed towards the top of any threat intelligence vendor list, went dark.

On Saturday, investigative journalist Brian Krebs, citing sources familiar with the situation, said that Norse Corp CEO, Sam Glines, was asked to step down by the board of directors. The same sources told Krebs that employees were told that they could report to work on Monday, but that there was no guarantee they’d be paid for their work.

Less than a day after Krebs published his article, Norse Corp’s website was offline, and attempts to email the company failed. The ever-popular Norse attack map was online for some of the weekend, but that too had gone dark by Sunday evening.

Speaking to Krebs, his sources said that Norse Corp assets would be merged with Solarflare. Emails to Solarflare seeking comment were not returned by the time this story went to publication.

Update: Solarflare emailed Salted Hash to say they had no comment. But Solarflare CEO, Russell Stern, told Brian Krebs that “there has been no transaction between Norse and Solarflare.”

Norse Corp was once a media darling, heavily cited for their reports on Iran last year, and prior to that, the company gained international headlines for their research into the Sony Pictures hack.

However, each time Norse Corp grabbed media attention, they were met with brutal backlash from the security community, and the common charge was that their assumptions and supporting data were flawed.

In the aftermath of Norse Corp’s disappearance, the topic of flawed data and assumptions has once again resurfaced in a blog post written by ICS expert, Robert M. Lee.

The latest developments at Norse Corp follow a round of layoffs at the start of the New Year, and Krebs’ story digs further into the situation by adding that nothing so far should have come as a surprise:

“A careful review of previous ventures launched by the company’s founders reveals a pattern of failed businesses, reverse mergers, shell companies and product promises that missed the mark by miles.”

Adding to this, Krebs spoke to a senior data scientist at Norse Corp, Mary Landesman, who said the data used by the company isn’t great, adding that it’s “pretty much the same thing as if you looked at Web server logs that had automated crawlers and scanning tools hitting it constantly.”

“But if you know how to look at it and bring in a bunch of third-party data and tools, the data is not without its merits, if not just based on the sheer size of it.”

Data is what made Norse Corp what it is. But if there are issues with the data, that could be problematic for Norse Corp customers who relied on it for security decisions and risk analysis. Now that the company has gone dark, it’s unclear how this will impact their customers.

Jason Belich, former Chief Architect at Norse Corp, who calls himself the “Co-Creator of the Cyber Threat Intelligence Industry” on LinkedIn, disputed Krebs’ story, making him the only Norse Corp employee to defend the company after the news broke.

Interestingly enough, while he came to the company’s defense online, he isn’t actually an employee, he was let go during aforementioned layoffs in January.

Belich said that Landesman wasn’t a credible source, because she was employed by the Norse Corp sales and marketing team. Her title, he says, “never anything more than an affectation, as no one on that side of the house was ever allowed access, rightly or wrongly, to core data or to production processes.”

He says her comments were invalid because as a “remote employee, who never appeared in the office more than a handful of times, she never had any sort of pulse on the production teams nor the day-to-day operation of the company, nor anything other than the sales efforts.”

Belich also had several other complaints about the Krebs article, but in a Twitter exchange between the two, Krebs took Belich to task for not making his thoughts known prior to publication.

Both Krebs’ story and the post made by Belich are worth reading as things unfold with Norse Corp.

Looking for additional comment, Salted Hash reached out to KPMG, the investor who gave Norse Corp $11.4M last September, however the company has yet to respond to inquiries.

Update: KPMG sent the following comment: “The terms of our investment with Norse remain confidential and we have no further comment to make at this time.”

While Belich seems to be a supporter of Norse Corp given his defense, has questions of his own about what happened at the company, and said that he would be re-working his LinkedIn profile to “de-norse-ify” it all.

In his post responding to Krebs’ story, Belich outlined his issues:

“What is genuinely frustrating about this story, is there is literally nothing in it about the actual problems and failures which led to Norse’s current situation: /Why/ is Tommy Stiansen such a secretive bastard?  Why has Norse garnered so much hate? How did such a toxic corporate culture develop that caused so many former employees to want to speak out? What were the blunders which caused a finance under-run?”

On the original article by Krebs, Belich goes into more detail in the comments section, which appeared after the other linked post was made.

A soft landing:

While the status of Norse Corp is still unknown, it’s important to remember that if there are problems, then the blame should fall on the shoulders of management.

The company has several highly-skilled employees who will need a job sometime in the very near future it seems, and none of them are to blame for anything that might’ve happened to the company.

For those at Norse Corp currently looking for a new career:

Twitter is hiring; Motorola Solutions is hiring; and Mozilla is hiring security people too. Mandiant also said they’re hiring.

Over the weekend, Salted Hash was informed of positions open at Carnegie Mellon University [a second position is here], Grant Thornton, BNY Mellon, PNC, and Giant Eagle.

On Thursday, February 4, Sam Glines, co-founder of Norse Corp, sent Salted Hash the following statement. It is reproduced below for the record, with no additional editing or comment.

“I’m writing this statement as the co-founder of Norse, not as an employee as I am no longer with the company, as reported.

“This past Saturday, an article written by Brian Krebs appeared on his blog krebsonsecurity.com. In this piece, the writer conducted an ‘investigation’ into what happened at Norse as a result of layoffs that took place in January. In this investigation, the writer brought forward information, from over 15 years prior, to the point where a former employee described Norse as a ‘scam’.

“It is true that Norse was forced to let go many talented people in January. There were mistakes made by myself that led to these layoffs. Norse was in the latter half of 2015 running at an aggressive monthly burn to put out groundbreaking product and capabilities. Unfortunately, we were building ahead of very near-term revenue.

“This, coupled with lesser than expected sales in 2H 2015, and the delay in our planned Series B financing led to the perfect financial storm that drove the need to cut back our workforce. And I take full responsibility for these mistakes.

“There were inaccuracies in the article. I was never an owner of a shell company, and wouldn’t know the first thing about setting one up. Second, I was not a founder of any of the companies mentioned, aside from Norse. I was an employee of Nexicon for about 18 months. The history presented in the article with respect to Cyco/Nexicon is wrong, yet it is lauded as “investigative journalism.”

“Unfortunately, none of that information was ever run by any company representative or knowledgeable source for review or verification. If it had been, we would have gladly provided those corrections. All the company ever heard in advance from this blogger (and a few other reporters at the time) was that they wanted to speak with Norse about the January layoffs, and subsequent rumors being spread by sources who wouldn’t be named; another wanted to explore why previous employees had been let go. Norse was open about the fact that the company would not be able to comment on employee issues (even if it wanted to) for privacy reasons.

“I do want to address the implication that the company was somehow conducting less than above-board operations. The word ‘scam’ was used as a direct quote from that same former mid-level employee, who was extremely angry after she was let go. The assumption by readers, who trust this blogger, is that if it’s printed, it must be true.

That did incredible damage to Norse and every person or entity affiliated with it, not to mention that this terminology is an insult to every employee, former employee, investor, and customer of Norse.

“Norse counts customers who purchased product and renewed their annual services because of the incredible value delivered. The company has major enterprises, governments, and multiple defense intelligence agencies as clients. And these clients invest significant financial resources to extract the incredible value that the company’s technology and people bring to bear. Institutional investors conducted deep due diligence on the technology before deciding to invest.

“I think constantly about the sacrifices and the effort put forth by all current and former employees who tirelessly and without complaint worked incredibly long, hard hours to put out trailblazing product, market and sell, and provide customer support in the fledgling field of cyber threat intelligence, a market that is still, in my view, relatively immature.

“I think about our investors who believed in what we were doing and where we were going, and we were exposing significant cyber threats that could not be found elsewhere. Finally, I think about Norse customers, who worked closely with our teams to develop the capabilities that were difference-makers for their teams of intelligence analysts.

“Ultimately, I was not able to push the company far enough around the corner to realize the success that I consistently believed was within our grasp. It was incredibly difficult for me to have had to let go employees in January. That is never easy and I take personal responsibility as CEO for that decision and all that led up to it. It was one of the most difficult days of my career.

“Prior to this article, however, significant deals were being closed and other strategic discussions underway. But as soon as this article/blog was posted, everything quickly began to fall apart. Deals were terminated or paused. And all this based on what everyone was reading in black and white from one of the most trusted names in security/tech reporting.

“A lot of people have been hurt. And, in addition to demonstrating how today’s media can be manipulated by persons to suit their purposes or personal vendettas and how facts can be misrepresented to lead an entire industry astray; the events of this week also show how much power a disgruntled employee can wield on an employer.

“This isn’t a case of white-collar crime or fraud or anything illegal; this all comes down to someone who was let go, became angry about it, then set about doing some poor ‘investigating’ and piecing together in a way that works for them, and then getting others to join their crusade.

“This blogger enabled her to be quoted as calling the company a ‘scam’ very publicly. People latch on to things like that, assume they are true, and run with it. Employees aren’t bound by the same restraints, privacy concerns and legalities that corporations are, so in cases like this there’s little a small or mid-sized company can do to defend itself.”