U.S. and Israeli Startups Lead the Way in New Cyber Security Tricks

With corporate giants facing high-profile hacks in recent years, companies are desperate for ideas to make sure financial, personal and corporate data stay safe.

Tova Cohen
Send in e-mailSend in e-mail
Cybersecurity experts are nervous following two potential cyber attacks in the space of three days.
Cybersecurity experts are nervous following two potential cyber attacks in the space of three days.Credit: Reuters
Tova Cohen

REUTERS – With firewalls no longer seen as enough of a defense against security breaches, companies are looking at new tools to foil hackers trying to enter a computer network.

U.S. and Israeli startups are leading the way, with new approaches such as "honeytraps" that lure a hacker to fake data or "polymorphic" technology that constantly changes the structure of applications running on a computer.

Some of the technology is still in the early stages and it remains to be seen whether it will be good enough to outfox the hackers.

But with corporate giants such as Sony and Twitter facing high-profile hacks in recent years, companies are desperate for new ideas to make sure financial, personal and corporate data stays safe.

"We view this [deception technologies] as a $3 billion market over the next three years, with Israel and Silicon Valley being the epicenter of this innovation wave," said Daniel Ives, a senior technology analyst at FBR Capital Markets.

TopSpin Security, Illusive Networks, Cymmetria and GuardiCore in Israel, as well as California-based TrapX and Attivo Networks, are among a handful of start-ups forging ahead with deception technology. Israel's Morphisec and U.S. Shape Security are developing "polymorphic" systems.

Many of those companies use techniques partly developed in the U.S. and Israeli military that were taken to startups by veterans such as Gadi Evron, the head of Cymmetria and of Israel's Computer Emergency Response Team.

TrapX Security offers DeceptionGrid, a technology using fake information that triggers a security alert. Its clients include Israel's central bank, U.S. hospital chain HCA, Bezeq, Israel's largest telecoms group, and Union Bank of Israel, according to Asaf Aviram, the company's sales director for Israel and emergent markets.

TopSpin Chief Executive Doron Kolton said his clients include one of Israel's top five banks, a large U.S. hospital and a mobility technology company. The product is resold by Optiv Security in the United States and Benefit in Israel.

While still a fraction of the overall cyber security market, Gartner, a leading technology consultancy, sees 10 percent of businesses using deception tactics by 2018.

But Gartner analyst Laurence Pingree noted that they "have so far had only nascent adoption" as many of the companies don't yet understand the technology. "Educating security buyers on its usefulness will be crucial," he said.

Some in the industry note that several companies including FireEye and CrowdStrike tried to launch similar products three or four years ago before pulling back, although analysts say the technologies have improved greatly in the past two years.

"A lot of companies are looking at it but it's still early days," said a security executive with a Fortune 500 company. He said deployments were quite limited, with most trials where businesses test the product on a limited basis at no cost.

Others said hackers may quickly be able to detect the traps.

"They will be challenged by the fact that [some] hackers are so sophisticated they might detect decoy servers or fake data," said Ziv Mador, head of research at Chicago-based cyber security firm Trustwave.

The technology could offer a second layer of defense to firewalls, which cannot always block malicious attempts, he said, and did not rule out Trustwave offering deception tools in the future.

TopSpin's Kolton also noted that deception would be "part of a bigger solution" and to "be combined with other things."

The system developed by TopSpin, whose investors include Check Point Software Technologies co-founder Shlomo Kramer, engages attackers once they have penetrated the network. It leads hackers to decoys by sprinkling "breadcrumbs," such as fake credentials.

While the idea of a honeypot is not new, in the past they were used to alert IT administrators that there was a hacker in the system. With more advanced technology they slow the hacker and set off tools to stop them getting further into the system. If they follow the trail to the trap, the company knows they are a hacker.

"When someone hits a honeypot it's malicious activity," Kolton said.

Attivo's website says their system lures attackers into revealing themselves when they start to look for "high-value assets". It also promises no false-alarms, a problem with traditional detection systems.

Other tools are being developed that would prevent hackers from penetrating a network entirely.

Morphisec, backed by Jerusalem Venture Partners, Deutsche Telekom and GE Ventures, has developed technology that randomly changes the structure of applications running on the computer.

"When an attack seeks its target it expects to find a certain memory structure. With Morphisec it finds something different," Morphisec CEO Ronen Yehoshua said.

While these new ideas have mainly been generated by start-up companies, investors say bigger, more established security players are interested.

"I'd say that many antivirus companies are already looking into building similar technologies on their own or buying them," JVP managing partner Gadi Tirosh said.

Click the alert icon to follow topics:



Automatic approval of subscriber comments.

Subscribe today and save 40%

Already signed up? LOG IN


Palestinians search through the rubble of a building in which Khaled Mansour, a top Islamic Jihad militant was killed following an Israeli airstrike in Rafah, southern Gaza strip, on Sunday.

Gazans Are Tired of Pointless Wars and Destruction, and Hamas Listens to Them

Trump and Netanyahu at the White House in Washington, in 2020.

Three Years Later, Israelis Find Out What Trump Really Thought of Netanyahu

German soldier.

The Rival Jewish Spies Who Almost Changed the Course of WWII

Rio. Not all Jewish men wear black hats.

What Does a Jew Look Like? The Brits Don't Seem to Know

Galon. “I’m coming to accomplish a specific mission: to increase Meretz’s strength and ensure that the party will not tread water around the electoral threshold. If Meretz will be large enough, it will be the basis for a Jewish-Arab partnership.” Daniel Tchetchik

'I Have No Illusions About Ending the Occupation, but the Government Needs the Left'

Soldiers using warfare devices made by the Israeli defense electronics company Elbit Systems.

Russia-Ukraine War Catapults Israeli Arms Industry to Global Stage