A Virtual Iron Dome: Israeli Cybertech Wins Fans at Home and Abroad

Hundreds of thousands of dollars have been invested in about 250 Israeli cyber firms, and this is just the beginning.

Cyber attack (illustrative).
Dreamstime

If there’s a particularly hot field in Israeli high-tech these days, it’s cybersecurity. Around 250 to 300 Israeli companies specialize in cyber, including 30 formed in the past year. In the past four months, Israeli cyberstartups have raised about $80 million, and don’t forget the $400 million in exits. So the annual Cybertech conference in Tel Aviv is the place to be this week.

Last November, Microsoft paid $200 million for the Israeli startup Aorto, whose technology identifies unusual activity in a company’s computer network. Three years ago, Cisco spent $5 billion to buy NDS, whose software lets cable and satellite  broadcasters deliver encrypted content.

It was the largest acquisition ever of an Israeli company. Last September, CyberArk Software raised $85.8 million in an initial public offering on Wall Street; the stock has surged ever since.

Israel’s cyber reputation is closely linked to its vaunted military and intelligence capabilities, but Gadi Tirosh, managing partner at cyber-investor Jerusalem Venture Partners, says Israel’s prowess extends beyond army vets.

“It’s customary to think that everyone in cybersecurity comes from 8200 or 81,” he says, referring to two army intelligence units whose graduates have played a key role in Israeli high-tech. “But our figures show that just 20% of entrepreneurs come from these units. Often they’re people who come from big companies like Check Point or RSA.”

Cyber encompasses some 20 areas that give any budding entrepreneur lots of options.

Authentication, the step of verifying a user every time a computer is booted up, emails are accessed or payments are made online, is the oldest and simplest form of computer security. User names and passwords are the traditional way of restricting access to authorized users, but the system of course is far from foolproof and identity theft is widespread. So even in this primitive and hidebound segment there’s room for innovation.

One way is to replace passwords with pass phrases sequences of unrelated words; for example, “pond red elephant.” That increases the number of letters, making them harder to decode. Such a phrase may also be easier to remember.

Another approach, called two-factor authentication or FA2, requires the user to input a second password sent by text message. But that’s just the start, Tirosh says, noting that new identification methods are being developed all the time.

There are biometric methods based, for example, on fingerprints, a system already used on some Apple and Samsung smartphones. There is also identification based on the unique rhythm each user has when typing. The Israeli startup IsItYou uses facial identification.

People trying to fake their way into a computer network are usually hackers who with increasing ease have been able to fake their locations.

Suitcase full of cybertech

“We’ve invested in a company called Coronet that can identify if the WiFi or cellular network the user is connected to is faked, whether they’re operating from a regular access point or not,” says Tirosh. “At one time, if I wanted to buy equipment that mimics a cellular antenna, I had to buy a suitcase [of equipment] for hundreds of thousands of dollars. Today you can buy the equipment for $500.”

Cloud computing, in which a user’s software and databases are stored on remote servers and accessed over the Internet, has opened vast new possibilities for hackers, so it’s keeping the information-security industry busy. Cloud services are becoming a big business for the likes of Amazon, Microsoft, Google and IBM, but for all the advantages they offer businesses and consumers, they also come with risk.

Ofer Schreiber of YL Ventures, a venture capital investor half of whose portfolio is invested in cybersecurity startups, says cloud computing demands more complex cybertechnology.

“Cloud companies are responsible at the physical level. They provide servers, but who’s responsible for security?” adds Alon Maimoni of FortyCloud, which was formed in 2012 and already has customers in the United States, Europe, the Middle East and the Asia-Pacific region.

“We conducted a trial and set up a server with Amazon. Within a day it had been attacked 1,000 times. Our solution is making the public cloud private. It’s a little like creating a private network in the cloud.”

Paz Eshel and Shiran Shalev of the U.S. venture fund Battery Ventures say most companies employ dated cybertechnology that provides only partial protection against unauthorized entry into networks.

But nowadays, rather than spreading a virus and hoping that a user takes the bait, hackers are choosing their victims, which makes last-generation defenses obsolete. The software that was used to break into computers operated by the U.S. discount retailer Target in 2013 in order to steal credit-card data could not have been detected by anti-virus software, Eshel and Shalev say.

There is an asymmetry in such attacks that gives the attacker a built-in edge. The network is like a balloon that has to be protected all over while the hacker need only prick one point to succeed. Advanced persistent threats, ones where the hacker can wait weeks or months to get his result, make the challenge of warding off attacks even harder.

Defenses therefore must be based on patterns of behavior and analytics. The software has to know the normal pattern of operations on a particular network, warn of anything out of the ordinary, isolate it and put up walls. That’s the new cybersecurity approach of recent years.

And then there’s the threat that can be posed by an insider, a so-called compromised user. This involves the theft of information by a company employee or the theft of his or her identity by an outsider to steal information. For example, Edward Snowden, as an employee of the U.S. National Security Agency, exposed embarrassing and sensitive documents to the public.

Behavior analysis

This is where the Israeli startup Fortscale has positioned itself. “It turns out that 85% to 95% of all attacks are carried out by using employees’ identities. It doesn’t matter that much if it really involves an employee of the company or someone pretending to be him," says Fortscale CEO Idan Tendler.

"The only prospect of identifying such an attack is through behavior analysis of the user, since each user has specific habits and behavior patterns. We can see for example if the employee logged on at an unusual time like 2 A.M., whether the employee accessed the information from a network that he usually doesn’t access, or whether the connection to the organization’s network lasted longer than usual.”

Tendler says Fortscale’s software checks into what part of the company the employee works. “An employee in the finance department doesn’t act like an information technology staffer,” he notes.

Black Phone, which develops particularly encrypted Android smartphones, has identified the place where the cybersecurity threat to companies is potentially the highest. About two-thirds of companies around the world let their employees take their company phones home, Black Phone notes. Yet 78% of IT managers say employees aren't cautious enough about who uses their phones, or they don't follow company security procedures. More than half admit that information security is sometimes sacrificed for the sake of efficiency.

Not surprisingly, there's an inherent tension between employees and IT departments, between information security and ease of use, between use for work  and use for private purposes.

Fortunately, there's a variety of approaches to address the problem, including one offered by the Israeli startup Cellrox, which creates two totally separate work spaces on smartphones — a personal one and a work one. Another Israeli company, Nativeflow, encrypts work-related information using standard applications, while a third called Mobiwol supplies a firewall for Android phones.

Another cybersecurity challenge involves electronics that aren't computers, at least not in the conventional sense. Everything from household appliances to power turbines are being linked to the Internet, becoming smart devices. So they're also becoming vulnerable to cyberattacks.

This emerging category of the Internet of Things also encompasses the automotive industry, where cars are increasingly smart and connected, but also exposed. Aware of the risk, General Motors has a cybersecurity center in Israel.

The Israel Electric Corporation recently opened its own “cyber gym” — its training and simulation center for clients at home and abroad. The company says it uncovered 47,000 cases of malware in its computer systems in 2014 alone.

All this has brought to the fore a new cyber-category called SCADA — supervisory control and data acquisition — to monitor critical infrastructure for rogue software. Since Iran's nuclear program famously uncovered the Stuxnet computer worm five years ago (ironically probably developed by the U.S. and Israeli governments), SCADA has become a major cybersecurity focus.

Schreiber of YL Ventures says protecting critical infrastructure from cyberattacks is a fast-growing sector.

“These are considered very attractive targets for attackers because of the huge damage they can cause,” he says. It's a particularly daunting challenge for cyber companies because of the sophisticated enemy.

“Many attacks on facilities are financed by hostile countries," Schreiber says. "The technological challenge in this field is huge, as are the opportunities.”