About Umbrella Security Labs
At Umbrella Security Labs we thrive on continual innovation. But we don’t simply look at data from new threats and ask ourselves, “If we had known that before, what would we have done differently?” We look at our extensive data collection network built on top of the largest security infrastructure and predict what’s coming next. We’re a team of world-class engineers, mathematicians, and security researchers, and we’re taking an innovative and proactive approach to security research. More than any other area of technology, we see history repeat itself most often in information security. The way we have traditionally defended against malware has become a cycle: new technologies are created and adopted, attackers leverage the opportunity to expand the attack surface and security solutions are released in reaction to the latest threats. But this method is tired, and we can do better. Our goals are simple: Continually innovate ahead of the pace of technology change and build the best security protection and security delivery network platform possible without compromising performance or productivity.
Core Values and Beliefs
Enable security without negatively impacting productivity or the end user experience
Security has long been described as the ultimate balance of risk and functionality. The more functionality in your security solution, the greater your security risk profile. While there are certainly segments of the market that are more exposed to this balance than others (like heavily-regulated industries), security doesn’t have to be a trade-off. Everything we do when building new systems takes this challenge into consideration. We strive to ensure that productivity, user-experience, and functionality aren’t decreased because of security. There are two distinct groups we consider when we think about our users: the end-users who are being protected, and the admin-users who are responsible for administrating the product and protecting the networks. Protection for the end-users should be as seamless as possible, with minimal (if any) impact on performance. Where applicable, this protection should be informative and transparent. Admins deserve simple deployment and easier management. We seek to take extremely complex technological challenges and display them in an elegant interface that streamlines all the knobs, tuning and guessing that other solutions require.
Ship early, ship often and iterate – reliability always before features
The mantra of shipping early, often and iterating is very popular among companies utilizing agile engineering processes. This is most common in cloud services due to the nature of deployment and the fact that updating on-premise software and hardware is far more cumbersome. We firmly believe in shipping frequently and iterating on our technology, as our goal of staying ahead of the pace of change is paramount to our success. However, we strive to never impact reliability for the sake of adding features. Our cloud R&D puts reliability at the forefront of all iterations, modifications and advancements.
Experiment, learn, adapt, evolve, repeat and disrupt
Research is about experimentation, trialing, learning from results and adapting to those results. With our massive, globally-distributed network and its potential for data collection, we are positioned to make a huge impact on security research, cloud delivery and scale. We strive to be disruptive of existing technology by continually questioning how we can do things better. Despite our team members’ many years of collective experience, as an organization we’re young and agile. We’re not shackled to antiquated approaches to security research or development, so we can consistently look at data with fresh eyes and new ways of thinking.
Make decisions based on data, experience and creativity – collide ideas and outpace technology change
To answer hard questions, we’ll use data, algorithms, results analysis and our collective experience in security. But there’s also a place for creativity. We believe that it’s critical to create a workplace where our team’s diverse set of talents, viewpoints and expertise can collide to create solutions or assist with making important decisions.
Be transparent – present data based on facts, demonstrations, evidence and reason
It’s a popular belief that security companies and researchers report on events in a manner that is over-hyped, exaggerated and miscommunicated. Often, it’s true. Some security companies seek to grab the media’s attention with sensational blog headlines. We can say with confidence that we intend to do things differently. We will present information driven by evidence and technology facts, and prove it through demonstrations. This will not include hearsay, rumors or obvious predictions around events or circumstance. When there is cause for alarm, we will present reason and advice that’s based on facts stemming from our data. We aim to provide proof-points, relevance and prevalence with all posts, and you can hold us to that. Note: We’re human. Fun humans, at that. So expect to see interesting and graphical data demonstrations and a bit of humor injected into our posts occasionally.