The internet security group Shadowserver has a vital behind-the-scenes role; it identifies online attacks and wrests control of the infrastructure behind them. In March, it learned that longtime corporate sponsor Cisco was ending its support. With just weeks to raise hundreds of thousands of dollars to move its data center out of Cisco's facility—not to mention an additional $1.7 million to make it through the year—the organization was at real risk of extinction. Ten weeks later, Shadowserver has come a long way toward securing its financial future.
On Wednesday, the IT security company Trend Micro will commit $600,000 to Shadowserver over three years, providing an important backbone to the organization's fundraising efforts. The nonprofit Internet Society is also announcing a one-time donation of $400,000 to the organization. Combined with other funding that's come in, these large contributions make it possible for the the group to continue in a more sustainable way without becoming dependent on a single backer again. It also keeps the internet at large that much safer.
"It’s clear that we’re a bunch of geeks and engineers, and we’re really good at that, but we’re not fundraising people," Shadowserver founder Richard Perlotto says. "We were seriously worried that because we have always flown under the radar that not enough people and organizations would realize our needs—especially since we started this at the beginning of the Covid-19 epidemic in the US. It was very gratifying to see the overwhelming support."
Shadowserver has quietly worked on numerous facets of internet security since 2005. The group scans more than 4 billion IP addresses every day and compiles activity reports for national computer emergency response teams, or CERTs, in 107 countries and more than 4,600 network operators around the world. The organization also hosts a massive repository of 1.2 billion malware samples and other threat intelligence data that it makes freely accessible to anyone. And Shadowserver actively works to track bad actors online and contain their attacks, collaborating frequently with law enforcement groups around the world and other incident responders.
"We felt like it would be the right thing to do to help out in some way if we could," says Robert McArdle, director of Trend Micro's forward-looking threat research team. "The mission of what Shadowserver is trying to do and what Trend Micro is trying to do is remarkably similar. It’s always about making the internet as a whole a safer place, because no one organization has all those pieces of the puzzle. That often means we would be in groups that are collaborating together on tackling some specific threat, and I can pretty much guarantee you before I walk into an initial meeting that there’s going to be someone from Shadowserver at the table."
McArdle says that Trend Micro plans to work even more closely with Shadowserver now, but that the company's financial contribution doesn't come with specific requirements for the organization's collaboration or priorities.
"The internet depends upon voluntary, collective action to make us all secure," Internet Society president and CEO Andrew Sullivan said in a statement. "Shadowserver's approach gives every network operator the tools to improve their own network security. It's the way to make sure the internet is secure and trustworthy for everyone."
Though Shadowserver has been an unobtrusive presence in internet security for a long time, its consistent involvement in crucial security operations ultimately raised its profile when it came forward for support. In March, Shadowserver received a one-time $400,000 donation from Craig Newmark Philanthropies and $400,000 over four years from HDR Global Trading Limited, which operates the BitMex cryptocurrency exchange. Perlotto says that in addition to all of these large donations, the group has also gotten annual commitments totaling more than $250,000 from companies and CERTs around the world that rely on the data Shadowserver collects. And the group has also received a total of about $45,000 in grassroots support from individuals and small businesses.
"We don’t think people should have to pay to be told they’re victims of cybercrimes," says David Watson, a longtime member of the Shadowserver Foundation Europe. "Attackers are getting more sophisticated and more capable and none of the organizations can individually fight them by themselves. So these kinds of partnerships and collaborations allow everyone to contribute their piece of the puzzle."
Shadowserver has made significant progress on funding, but the group is still in the process of securing enough recurring donations to cover the annual budget over the long term. The goal was always to move away from a single funder to have stability through diversity; now Perlotto and Watson say the group is turning to building a more open and transparent organization.
"Now that we're close to achieving the minimum funding goals to ensure sustainability into 2021, the second stage is to look at how we create a community governance model, as opposed to the black box we had before when we only had funding from Cisco," Perlotto adds. "We stepped away from being a hobby project a long time ago; there's no reason for us to be completely secret. I think it's a good thing. It’s a natural evolution of where we need to go."