He Was a Hacker by 15. Now This Israeli Wants to Revolutionize Cybersecurity

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
At age 15, Pavel Gurvich was consulting for companies. Now his company Guardicore wants to dethrone Israel’s biggest cybersecurity firm
At age 15, Pavel Gurvich was consulting for companies. Now his company Guardicore wants to dethrone Israel’s biggest cybersecurity firmCredit: Eyal Toueg
Amitai Ziv

Most high-tech companies are trying to reduce their office space these days. But Guardicore, one of the fastest-growing firms in Israel, just rented three floors in the heart of Tel Aviv, a space more than double the size of its current offices, which are almost empty these days, given the coronavirus.

“We began in a small apartment in Tel Aviv, really underground,” said the company’s founder and CEO, Pavel Gurvich. “But from the first day, we, the founders, decided that no matter what, we’d eat lunch together. And then you know that even if you’re angry at someone, at noon you have to spend time together.

“That’s how we created our own language. All it takes is a few grunts for us to communicate and  understand each other. It’s part of the company’s DNA.” 

“Even when we recruit people from abroad, they come to Israel for two weeks for orientation, and then it’s as if they’re mentally aligned with us. Once a year, we bring everyone here.”

The coronavirus has caused a lot of problems for this organizational culture, which is based on personal contact. Slack and Zoom don’t bridge the gap, Gurvich admitted.

Slack and Zoom work, but they are not ideal for a company built on direct communication, says Guardicore founder Pavel GurvichCredit: Mark Lennihan/אי־פי

“On Zoom, you get a narrow section of the person for a limited time,” he said. “For us, it’s very hard to make the transition to remote work. I think it’s easier for organizations that were decentralized to begin with. 

“Still, it does make it easier to recruit staff from all over. In that sense, the coronavirus really has flattened the world.”

Guardicore’s expertise within the field of network cybersecurity is a hot one – the compartmentalization of communications networks so that each unit within an organization is independent, thereby preventing attackers from moving easily across organizations’ computers.

“For laymen, I analogize this to protecting a submarine,” Gurvich said. “You build it in compartments so that one hole won’t sink the whole sub. The engine room is separated from the living quarters, and so forth.

“We build segments within the IT system. Today, every organization is a submarine that someone is trying to sink. We divide it into subnetworks that limit the damage.”

The company does this strictly through software, with no physical rewiring required and no necessity for external connections.

“One of our customers is a large German bank,” Gurvich said. “One day, the German regulators came along and said it had to separate the app’s testing environment from its operating environment. This is the most necessary, logical step imaginable, but think how complicated it is for the bank to separate the two networks. 

Gurvich compares it to the two internet systems used by the Israel Defense Forces - one open and one closed: “It’s a bit like the IDF’s green and red networks. They have completely separate infrastructure.

“A bank like this has 1,000 or more servers. In the old world, you’d have to sync the different networks - the communications division, the security personnel and the app’s owners, each would have to have their own system - and then start laying cables. We make it possible to do this without anyone having to touch anything.”

Aside from dividing a network, Guardicore also makes communications between the servers visible which is vital for defending networks against covert cyberattacks.

“It’s a bit like mapping a terrorist organization in the intelligence world – outline the graphs of communications between individuals or organizations,” he said. “If the website’s server suddenly sends a request to the customer service server, that isn’t supposed to happen, and Guardicore will be able to sound an alarm.” 

Guardicore has so far raised $110 million from major investors like Battery Ventures, Qumra Capital, TGP, Cisco and 83North. Another early investor is former Prime Minister Ehud Barak, whom the founders met in an unspecified security context. “We didn’t meet him at a golf club,” Gurvich said.

“We raised $60 million in the first quarter of 2019, and the vast majority of the money is still in our coffers.”

Guardicore is growing at a rapid pace and most of the capital it has raised is still in its coffers Credit: Guardicore

He attributed this relatively low burn rate to significant sales, estimated at tens of millions of dollars a year. Nevertheless, Guardicore is likely to exploit the positive momentum in the market to raise additional funds in the coming quarters.

“What’s happening with the coronavirus is that we’ve started to put our software not just on servers, but also on employees’ end-user computers, and then it’s possible to maintain control and decide that a certain employee is permitted to access one server but not another.”

This enables what is known as a zero-trust network, in which every employee is permitted to operate only on those parts of the network that he needs.

A member of the hacking group Red Hacker Alliance, who declined to give his real name, using a website that monitors global cyberattacks.Credit: Nicolas Asfouri / AFP

“We haven’t laid off a single employee during the coronavirus, and our growth plan is to reach 300 employees in 2021,” Gurvich continued. “The truth is that I’m trembling with fear over this, because I want to preserve who we are, how we think about our customers and how we talk to each other. And it’s not easy at that size.”

Do you still interview every employee?

“I don’t always manage to interview them, but no one enters the company without my talking to them.”

‘What are you doing this summer?’

Gurvich comes to work almost every day. His office is decorated with pictures of his children, an old Marantz amplifier connected to new speakers, a few bottles of whiskey and a small library that includes George Orwell’s “1984” and an old edition of Karl Marx’s “Capital.” 

He was born in Russia and immigrated to Israel from Moscow in 1990. His father, who had a PhD in physics, started off in Israel by working in a computer store.

“We had a computer before we had a washing machine,” Gurvich said. “First a refrigerator, then a computer. I was a gifted child, as you can imagine. I studied math and physics in high-school.” He then studied computer science at the Academic College of Tel Aviv-Yaffo.

A formative event in his life occurred when, as a teenager, his parents bought him a cell phone. “It was a Mango, this big,” he says, signaling the old phone’s large size with his hands. “It had SMS,” he recalled, “I found myself reading material about this communication protocol. I researched and researched and discovered a mix-up in the protocols that resulted in my seeing all the text messages on the Partner network on my computer. 

“I called the company and warned them about the problem, and they didn’t really believe me, perhaps because I was in tenth grade. In the end, they invited me to their offices. I entered a room with several other people and explained the exploit to them, and when I was about to leave, one of the people who were standing there asked me, ‘What are doing this summer?’”

That man was Sharon Besser, then the owner of an information security company called Publicom, which was later bought by Comsec. Thus, even before being drafted into the IDF, Gurvich did a “tour” of cyber duty, consulting and doing security testing for commercial companies. Today, their positions are reversed – Besser works at Guardicore as its vice president for business development.

A meet up for graduates of the IDF's Unit 8200 in Tel Aviv two years agoCredit: Tomer Appelbaum

In 2001, Gurvich was drafted and completed one of the intelligence corps’ cyber courses. He was then stationed in Unit 81, Military Intelligence’s technological unit. 

“I was assigned to be coder, I wasn’t involved purely with cyber,” he said. “But at night, I would go to the cyber unit to see what they were working on. At one point, a major named Nadav Zafrir” – who later became head of the army’s most famous technology unit, 8200, and is now a prominent cyber entrepreneur – “decided to transfer me there. 

“I’m not a typical army guy, but the impact of this, an ordinary soldier being involved in sensitive operations, was formulative. I had an advantage there. I was surrounded by graduates of Talpiot,” an army training program for recruits who have demonstrated outstanding academic ability in the sciences. “They were super-smart guys, but they had never before encountered a real civilian network.” 

“People think about complex cyphers and how to break them, but perhaps in the real world some worker has a file on their desktop with all their passwords? I was drafted into the army after having seen every network in the country – telecom companies, banks, manufacturing companies and all the rest. So I knew where things go wrong.”

What exactly Gurvich did for the army we’ll find out, if at all, only in another 50 years. But when he was just a lieutenant, the group he was part of received the Israel Defense Prize.

“The prize brought prestige, and led them to realize that you can produce a lot of data with a small budget. So then they said, ‘Let’s let these guys go wild.’ They set up a new unit and transferred me to it. 

“I got a position and rank tabs from Shahar Argaman” – who later commanded Unit 81 – “along with a congratulations: ‘Now you’re an officer.’ From there, I served 13 years in the army.”

In the army, he met Ariel Zeitlin, Guardicore’s co-founder, who now serves as its chief technology officer. For Zeitlin, too, Guardicore was the first and only thing he has done since being demobilized.

Good hackers and academic freedom

“One of our investors told us we ought to have someone who understands marketing and introduced us to Dror Sal’ee,” Gurvich said. “Sal’ee was vice president for marketing at Anobit, and we were truly happy to have been introduced, because we didn’t understand that at all.” He became the company’s third founder.

Guardicore's founders Ariel Zeitlin (L), Pavel Gurvich (C) and Dror Sal’ee (R)Credit: Eyal Toueg

“They’re the smart ones; I’m the one with the gray hair,” Sal’ee said with a smile. Before starting work at Anobit (which was later sold to Apple), he had held senior positions at several start-ups.

Like his partners, he too came with a relevant military background. “I served in 8200,” he said. “In the room to my right sat Shlomo Kramer, who later become a founder of Check Point. And in the room to my left was Nir Zuk, who later became a founder of Palo Alto Networks.”

Aside from its commercial work, Guardicore has one of the most active research units in the Israeli cyber business. This unit enjoys “academic freedom” to investigate anything it pleases in the digital world, regardless of its connection to the company’s product line.

In October, for instance, the unit’s researchers discovered a weakness at Comcast, the largest cable television service in the United States. This weakness enabled one of the company’s remote controls to be turned into an eavesdropping device from quite a distance away, and it affected 18 million units. After Guardicore made the problem known, it was fixed.

The research unit employs 10 people, and recently recruited Amit Serper, one of Israel’s most productive hackers. Most of these employees are very expensive.

“This research brings us an insane amount of exposure, and it’s a way of communicating with potential customers instead of buying billboards,” Gurvich said. “In this way, they hear about us as security experts. Very often, the research is plugged into the product, which enables our customers to be the first to get protection against a certain weakness, even before it’s publicized,” he added.

No more boxes

The cyber field is currently undergoing a massive transformation. In the past, every organization had two critical products: the antivirus protecting the endpoint computers and the firewall that protected communications to and from the organization. However, over time, the antivirus has almost disappeared, since the technology it uses, based on existing signatures of hackers, turned out to be too slow for handling the fast pace of offensive innovations. Companies such as Symantec and McAfee, who used to be the giants of this field, shrunk and were replaced by a new generation of companies offering products based on an the analysis of file behavior and on artificial intelligence. For example, the American company CrowdStrike and the Israeli company SentinelOne very quickly became significant players, each worth billions.

Guardicore believes that a similar process will happen in the firewall market, and they are seeking to make inroads into this changing market. The first reason underlying this change is that organizations are gradually getting rid of “boxes’ of any kind, transferring all computation to a cloud platform, including cyber-protection. 

“Future organizations have no place for boxes,” determines Zeitlin. “We’re dismantling some of them and other companies are dismantling other parts.” The second reason is that traditional firewalls are unsuitable for modern work habits, which include large volumes of data being transmitted, a massive usage of cloud infrastructure and remote working from home, where firewalls do not provide protection. 

“We hear from our customers that traditional security companies do not understand the current challenges facing organizations,” explains Sal’ee. “The world has changed a lot and we were lucky to encounter the market at this juncture. Otherwise, it would be impossible to beat the giants in this field.”

“This market, worth an annual $17-20 billion, is the one we are changing” adds Gurvich. “There’s a lot of talk now, for example, about ransomware. How does that work in practice? Someone invests a lot of effort into infecting the CEO’s computer, or even better, that of his secretary, and from there the invader spreads to all neighboring computers. A cyber-security solution such as a firewall doesn’t defend against such scenarios, since it protects communication between an organization and the outside world, not between its own terminals.”

A ransom note from an Iranian cyber gang focused on ransom attacks and has hit at least 80 Israeli firms.Credit: Check Point

Guardicore obviously isn’t the only player in this new field. Companies such as Cato Networks are changing firewalls too. Guardicore protects communication within an organization. Other players will change other components used in traditional solutions. “Usually, in server farms with heavy communication you need fridge-size boxes just for monitoring the flow of data” adds Gurvich. Guardicore offers an alternative solution, based only on software.

If you look at Check Point and Palo Alto, they seem to be doing very well

Gurvich: “I just saw a series on Bloomberg about the record industry. That also took a while before it disappeared since the market has momentum. But as soon as kids like me used an MP3 player, they never bought records again.”

Nir Zuk, who founded Palo Alto, and Gil Shwed, who founded Check Point, are divided over the way forward for this industry. What is your take on this? 

“I respect Nir for his culture of innovation. Palo Alto constantly acquires technology. It has a vision for the cloud domain through traditional technology. But Check Point is a global company that’s decided that its headquarters and management would be here, which is why that’s the model I prefer. Even though we have people all over the world, we are Israelis who live here and wish to build an international company based in Israel. We offer our employees a place with insane technological challenges and the ability to impact a product that can change a very large market.”

Click the alert icon to follow topics:

Comments