'

Security firm Cygilant apologizes after social media meltdown

A painful lesson in how not to do social media.

(Image: File photo)

There's an old adage that seemed appropriate this morning: "Talk s**t, get bit."

That's exactly what happened to Boston-based cybersecurity firm Cygilant, which went off the deep end last night on Twitter by mocking several security researchers, calling one of them a "wannabe" professional, among other things.

It was a painful lesson in how not to do social media. Here's how it went down.

A tweet posted by Matt Nelson, a well-known security researcher and senior operator at security firm SpecterOps, described a possible, undisclosed flaw in Microsoft's SCCM, which system admins use to remotely control and patch their fleet of devices. Cygilant quoted Nelson's tweet with comments promoting its own, rival patching service -- something frowned upon in most industries, but especially egregious in the security community.

"This is why you should use our Cygilant patching service," the tweet said. "Security is done right with us."

Nelson's colleague, Matt Graeber, another prominent and respected security researcher, chimed in and called the tweet "without substance."

And that's when the insults started.

"Even wannabe security professionals don't understand how to patch properly or how our in-house built agent is better than the [Microsoft System Center Configuration Manager] solution," Cygilant replied.

The company dug its heels in further, accusing Graeber of needing to be "enlighten" [sic] to have a better understanding" about patching. The company later threw more insults.

"Cute you need help with the attack," said Cygilant. "Would you like to schedule a call so we can help you secure your systems? Or do you just want to try and start beef on Twitter?"

From there, it took mere minutes for the wider infosec community to pile on in defense, but Cygilant began firing back with its own pithy, disrespectful comments.

"Thanks for the free marketing, kids! #HowYouDoMarketing," said one of the tweets.

Fact check: That isn't how you do marketing.

The company's tweets have since been deleted, but the internet never forgets.

Graeber took screenshots of the tweets and posted them with the new #IAmEnlighten hashtag, which trended for several hours following its debut.

Exactly what led to Cygilant's social media meltdown isn't clear: To anyone watching, the company was tweeting nonsensical tweets and picking fights with every researcher that joined the discussion. Many fired back with their own pithy tweets. Others used the medium of memes to make light of the situation.

In a tweet on Friday morning, Cygiliant "acknowledged" its previous tweets were "harsh and aggressive."

The security community, in my experience over the past few years covering infosec, can at the best of times be a highly supportive place of like-minded security professionals who, more often than not, put politics and differences aside for the sake of working to make the world safer and more secure.

That's why so many are looking at last night's social media meltdown with a mix of hilarity but also bewilderment.

Others spoke of their anger and frustration at Cygilant for acting with apparent disdain for fellow security professionals.

"As a veteran of infosec for over 10 years, I have never seen a company show such disrespect for our community, then state they were happy and thankful for using the uproar for marketing purposes," said Greg Linares in a message.

He also criticized the company for issuing "quite possibly the weakest 'apology' (and I use apology in the loosest sense here) as a means to end."

"We dont stand for this, and quite frankly I hope Cygilant learns from this," he told ZDNet.

Others chimed in about the company's reaction.

"I knew nothing about @Cygilant before. I know now that you have a childish social media person who insults security professionals who do great work for this industry. Not a good look," said 001SPARTaN, who saw the tweets unfold.

Cygilant researcher director Neil Weitzel defended the tweets, saying that the company's tweets were trying to convey that its own patching solution is the "less insecure" option in the space. Others pointed out that the company's own web server hadn't been patched against a disclosed security vulnerability.

"I'm certain that, whatever their original message was, it's been lost with insulting respected researchers, a complete tone deaf "marketing" approach, and gross unprofessionalism," said TinkerSec in a tweet.

Amit Serper, principal security researcher at Cybereason, said in a tweet, responding to Cygilant's Weitzel, who claimed the company got "tons of following" from last night:

When reached for comment, a Cygilant spokesperson upgraded this morning's tweet of acknowledgement to an apology:

"In a response retweet attempting to highlight a key difference in Cygilant's patch management service and SCCM the messaging and points completely missed the mark. This, of course, has been addressed within Cygilant and we will continue to work toward regaining the security community's trust."

"We at Cygilant work diligently to educate and share our knowledge with the community in our pursuit of helping improve cybersecurity. In this effort, we acknowledge that we used language that upset some people and sincerely apologize if we hurt anyone's feelings. We promise to do better in the future."

Graeber gave his final words on the matter, in a tweet:

Cygilant walked away from the incident with a few extra followers and some minor social media buzz. But the company will now likely be remembered for all the wrong reasons.

This should be an incident remembered by every security company of how not to do social media -- especially to your peers.

Serper, a well-respected and leading voice in the infosec community, told me that the security industry "does not forgive and does not forget."

"If there's ever an example of that -- it happened last night."

Got a tip?

You can send tips securely over Signal and WhatsApp at 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More