Thankfully, in spite of the media buildup going into the Sochi Olympics of 2014, the Games looks like it will wrap up without a serious a security hitch (well, if you exclude Russia losing to the US in ice hockey and ultimately, again, to Finland). Maybe Putin & Co hired the 7 Israeli cutting-edge cybersecurity companies I recommended to help lock down the games.
The point is: just like today’s elite athletes, hackers and cyberterrorists have also upped their games. The tools, techniques, and technologies that were once the sole domain of governments to wage both offensive and defensive campaigns are now being employed by hackers all over the world. Target had 40M credit cards stolen. Crowdfunding leader, Kickstarter just announced its site has been compromised. Our information is under attack.
Moving from keeping bad guys out to monitoring behavior within the network
Here’s the interesting thing from a software and security standpoint: much technology and intellectual power has been devoted to preventing the bad guys from getting into the network. But once they’re in, many large firms have no idea that they’re there. These guys are free to slowly plan their attacks, steal valuable information, and destroy whatever they like.
In fact, the Mean Time to Know (MTTK) — the time elapsed from when a hacker enters a network until the network operator knows he’s there — can be up to 4 years and 10 months (like this case of hacking from the Chinese People’s Liberation Army Unit.)
This is about to change, though, in part due to the work a newly-emerged Israeli startup is doing. Cybereason launched earlier this month, with the news that it had secured a $4.6 million round of venture funding from Charles River Ventures.
When I sat down to speak with Cybereason founder, Lior Div — who lead a unit within Israel’s prestigious 8200 intelligence unit — it was clear that the hackers have already won. Well, sort of.
Div’s point is that with the billions of dollars poured into firewall software over the past few decades to prevent network intrusion, the hackers are still getting in. That’s inevitable.
But there is something we can do about it.
Cybereason: Identifying malicious operations
Where the opportunity is for newer cybersecurity companies to make a difference is what they do AFTER a hacker enters a network.
For example, some of the recent hacking incidents didn’t come from hackers entering corporate networks via a security hole. Numerous cyberattacks are launched by logging in with users’ existing passwords. Once in the network, it’s traditionally been hard to see what’s going on.
But, Cybereason can determine if something fishy is going on. For example, if an employee who normally logs into a network to use office productivity software like Word and Powerpoint all of a sudden starts using software development tools, well, Cybereason will identify this as suspicious activity.
Cybereason’s roots may be in the military but Div and team built his company with experience gained as a contractor to the Israeli government. His technology is almost like a Google Analytics of network behavior. It has the ability to sniff out what Div calls, Malops, or malicious operations as part of a larger cyber attack.
To understand today’s hackers, you have to get comfortable with the idea that these are bad guys with agendas — Cybereason’s Lior Div
Why so much cybersecurity technology comes out of Israel
Israel has emerged as a hotbed of startup activity in the cybersecurity space. So, what makes Israel uniquely suited to be a developer and exporter of some of the most powerful tools to combat today’s cyberterrorism?
Again, Div responds:
[Cybersecurity technologists] are integral parts of specialized groups inside the goverment sector. As an employer in the field, we collect and hand pick the top talent for this stuff. In Israel there is a culture that pushes you to explore your talents by enabling you to start in the army when you’re 18 years old and learn on the job (Some of my most formidable experiences came from my first, on-the-job training which lasted for almost half a year, getting tested on what I was learning every single week). This type of culture encourages an entrepreneur to do extraordinary things in pursuit of excellence.
With the renewed focus on protecting the enterprise, there’s been a flurry of activity investing in what look to be the next-generation winners. OurCrowd investors invested in NativeFlow in 2013, which helps to solve the Bring Your Own Device (BYOD) problem. With NativeFlow’s solution, IT managers at large firms can both protect the firm’s important assets (information) while allowing employees to use the devices they choose.
There’s plenty of opportunity to improve how we identify, prevent, monitor, and remove the bad guys. Necessity is the mother of invention, and that’s what’s driving the cybersecurity market right now.