A year ago, Axonius – an Israeli cyber unicorn that has raised some $400 million so far – launched an internal initiative named AxoniusX. Similar to Google X, the inspiration for the name, the idea was to develop innovative products that would turn into new business directions for the company. At the head of the new group of 22 employees, stood Amir Ofek, who joined up after selling his previous start up. “The idea was to get to new products from inside the company itself, and not necessarily to go and make acquisitions,” said Ofek.
Axonius is one of a very small group of Israeli unicorns – private firms valued at over $1 billion – in the Israeli cyber market, which concentrate on mapping and defending devices connected to computer networks, whether in companies, hospitals or factories – related to the so-called Internet of Things. This group includes Armis Security, Claroty and ForeScout Technologies. These cyber IoT companies, armed with hundreds of millions of dollars from investors, have expanded in the past few years far beyond their original business, whether through acquisition, or by launching new products they developed internally – such as in the case of AxoniusX.
This has led to what is a rare situation in the Israeli high tech sector: An arms race and swift competition between a number of so-called unicorns – who are rushing to enter new businesses and technological arenas – and, along the way, are not afraid to step deep into the territory of their rivals.
“A few of these companies were successful and became the leaders in their categories, and then began to expand and cover other business areas,” said Ofer Schreiber, a partner and the head of the Israel office of venture capital fund YL Ventures, which has invested in Axonius. “Everyone is looking for more complementary capabilities. It’s the way to build large companies. Axonius, Armis and Claroty – if all of them continue to grow they can all become companies worth many billions of dollars,” said Schreiber.
A web of things
The starting point for these companies is the basic problem all organizations face, which is only getting worse: The huge number of devices and components connected to the networks inside organizations, whether they are high tech firms or banks, or plants and hospitals. A huge and complex web of IoT (Internet of Things) devices of all sorts and types with different softwares, communications protocols and operating systems. The list includes security cameras, printers, laptops, alarm systems, air conditioner control systems and cloud storage servers, sensors and controllers in factories and monitors and MRI machines in hospitals, to name just a few examples.
It is hard to map out and identify exactly which is connected to what and who can expose the organization’s entire network. This is a serious headache in terms of information security: After all, it is almost impossible to protect what you can’t see. This is why every collection of network-connected devices is a very tempting entry point for hackers. This is why it they prove such fertile ground for a huge number of companies in Israel and elsewhere – and Israel has some of the most prominent players in the defensive cyber world.
- Israeli Ministry Illegally Shared Biometric Images of Millions With Unknown Agency
- ‘The Big Money Is Here’: The Arms Race to Quantum Computing
- Why Every Democracy Should Fear Israeli Spyware
One is Armis, which was acquired in 2020 by the Insight Partners venture capital fund at a company value of $1.1 billion. So far it has raised $600 million, and is valued today at $3.4 billion and has 600 employees. The firm focuses on scanning, mapping and protecting the various devices on an organizational network, and over the years it has expanded into the industrial sector too, along with critical infrastructure and hospitals.
“The problem is that there are an enormous number of devices and assets in organizations, but the control over them is terrifyingly small,” said Nadir Izrael, the co-founder and chief technology officer of Armis. “From the beginning, we wanted to provide a holistic solution, to build a sort of Google Maps of the organization, of all the devices and connections between them.” Now Armis is acting to expand, maybe by acquiring other firms or into other businesses, that include accessing a long list of other information sources about what is happening on the organizational network.
A similar process can be seen at Axonius, which is now valued at $2.6 billion and employs 490 people. It focuses on Cyber Asset Attack Surface Management (CAASM) – the management and mapping of all the devices and equipment on the organization’s network – including servers, software, smartphones and computers. Axonius’ product, even though it is considered to be a “cyber firm,” is not necessarily just a classic defense security product – instead it is really an organization IT product. Similar to Armis, Axonius does not focus on a specific industry and markets its products to different industries, including the medical and industrial sectors.
“This service is related to the visibility of devices in the organization, the locating of major gaps and covering them. It is really mapping of the entire infrastructure of the whole organization, a form of warehouse management for all the equipment in the organization,” said Ofek. “This is a complex and gray area, and we decided to concentrate on dealing with this complexity.” In its search for business directions, one of the things Axonius offers is a new product developed within AxoniusX – a product for management and security of “Software as a Service” (SaaS) cloud-based applications in the organization.
Armis and Axonius are challenging another prominent player in the sector – ForeScout, the oldest and largest of the other firms in terms of revenues and the number of employees – over 1,000. ForeScout is also originally Israeli, but today is under American management. It had its IPO in 2017 and went private again in 2020, when it was acquired by the Advent International venture capital fund for $1.43 billion. ForeScout, which has often suffered from an image of being older and obsolete compared to the younger unicorns, is also playing the entire field: It works on mapping, visibility and security for IoT devices and other properties in the organization, similar to Armis and Axonius – and it has also expanded into the industrial, medical and operating sectors. At the beginning of this year, it even bought the Israeli cyber startup CyberMDX, which provides solutions for the cyber-protection of medical equipment in hospitals, for a few tens of millions of dollars.
This is a similar move to that taken by medical-industrial cyber firm Claroty, which has raised $635 million to date, has reached a valuation of $2B and employs 450 workers. It originally focused on protecting industrial systems and critical physical infrastructures – factories, production lines, water and energy infrastructures. Recently, for example, the company exposed security gaps in Rockwell Automation’s controllers for production systems. But Claroty is also working hard on expansion, sparing no expense. In December Claroty bought Israeli firm Medigate, which produces cyber protection for medical equipment in hospitals, for $400 million.
The company is concurrently developing a lateral system providing protection and visibility to organizational IoT systems as well, to protect “anything connected between four walls,” according to Yaniv Vardi, Calroty’s CEO. ”Our strategy is simple: Protect the physical world when it connects with the virtual world,” says Vardi. This will bring Claroty, which grew out of the factory and critical infrastructure field, closer to the original purviews of Armis, Axonius, and Fourscout.
Thus these four companies, each beginning at a different starting point, gradually expanded by acquisitions and development of new products, and are now competing on many fronts. Their goal is ultimately similar: To be a broad platform protecting a broad range of devices connected to the internet, in all industries and sectors. “The companies are going in similar directions, simply because that’s what customers want,” Izrael concludes.
But the four Israeli unicorns, for all the money and interest they have drawn, are not alone, not in Israel and not elsewhere. Microsoft, which acquired Israeli firm Cyber X for $165 million in 2020, also offers security for IoT, including hospitals, factories, and critical infrastructure. Sysco, Palo Alto and Sentinel One have all launched products in these fields. Nozomi and Dragos are both prominent international firms currently competing with Claroty in the field of IoT security in industry. American firm Jupiter One competes with Axonius, and this is of course but a partial list.
The local market also has a slew of startups active in these field. For instance, Sternum and Securi-things in IoT, Signavio which focuses on hospitals, SIGA and SCADAfence in factories and infrastructures. Accordingly, the acquisitions and consolidations process has been ramped up in recent years, and many others were bought out, such as Vdoo, purchased by Jfrog for $300 million, Readyflow, sold last week to a Turkish conglomerate, and Indigi, sold to Tenable in 2019.
Apart from competition which always exist, there are other dangers facing the group of Israeli unicorns. For instance, it is not always easy to sell cyber products to traditional industries such as factories and hospitals. Clients there are in no hurry to spend money on cyber solutions, and processes are antiquated and regulation-heavy.
And perhaps the most significant challenge, which is true for the industry as a whole, is the fall of prices in public markets, the cooling down of the hi-tech industry and the fear of a drop in venture capital investments in growth companies. Cyber companies, despite having armed themselves with cash and many having been bought by foreign funds, still depend to a large degree on external funding and investments. The companies that don’t meet their goals, may soon discover that the crisis may strike at them too. “I see it as a wave, which only the strong will survive,” says Claroty’s Vardi. “Companies that raised funds at a valuation not reflective of their numbers, or which fail to meet the goals they set themselves – will crash with the wave.”