Cyber defense is hard – as FireEye has just been reminded…

Henry Harrison

By Henry Harrison



…not of course that they needed any reminding. For many, it’s a counsel of despair: if FireEye can get hacked, then we all can. There’s no point even trying to protect against a well-resourced attacker.

Here at Garrison, we’re not willing to give up like that. For one thing, we’re too competitive just to admit defeat. For another, the unique techniques of today’s well-resourced attacker become tomorrow’s mainstream toolkit. That’s why we aim to deliver solutions that will stand up even to highly sophisticated well-resourced attackers.

But it’s easy to make that sort of bold claim, and we’re far from the only people who do. Much harder is to back it up with meaningful arguments and evidence. So here are ours, in a nutshell:

  1. Our founding principle is that our core security controls should not be implemented using software – they should be implemented using lower-complexity non-Turing-machine techniques. See
  2. We have detailed security designs and tests, and we’re happy to share those (together with our source code) with customers for them to pick apart
  3. We have customers (typically government organisations, who can’t afford to take the “nothing can be done” attitude) who do indeed look in detail at our designs, our security tests and our source code as well as carrying out their own in-depth red-team testing against our technology.

For our customers, nothing less will do.

For many other organisations, we’re told that what we do is overkill. Well – time will tell.