Cybersecurity st Startup observatory f o r 1 Financial Services S O
Israel Edition Meet the participating companies:
Gold
Silver Meet the participating companies:
Bronze In collaboration with:: Smartrev Cybersec Cybersecurity Innovation Partners
www.smartrev-cybersec.com
SC www.cyberstartupobservatory.com Cyber Startup Observatory Israel 4 The purpose of the Cybersecurity Startup Observatory is to collaborate to build a safer financial industry and to help solve important problems leveraging innovation. Find out more and tell us what matters to you by visiting us at:
www.cyberstartupobservatory.com
This publication has been prepared for general guidance on matters of interest only and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, Smartrev Analytics Consultants SLU, its members and employees do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.
© 2018 Smartrev Analytics Consultants SLU. All rights reserved. In this document, “Cyber Startup Observatory”, “Startup Observatory” and “Smartrev Cybersec” refer to trademarks belonging to Smartrev Analytics Consultants SLU.
The information provided by the participating startups and companies belongs to them. They remain the sole and exclusive owner of any information provided to Smartev including without limitation, with respect to any intellectual property rights, copyrights and trademarks. Smartrev Analytics Consultants SLU have received explicit written permission to publish all the information included in this report.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 5 Contents
Preface...... 7 Introduction...... 10 The Israeli cybersecurity landscape in financial services...... 14 Behavioral biometrics, the state of the art...... 19 Innovation: Startups...... 23 Cyber risk management strategies...... 31 Innovation: Startups...... 34 BGP hijacking...... 42 Startups...... 46 AI and ML in cybersecurity...... 57 Innovation: Startups...... 62 Developing cyber crisis response capabilities...... 84 Innovation: Startups...... 90 IoT, an explosion of connected possibilities...... 99 Innovation: Startups...... 103
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 6 Preface
During recent years the financial services industry has been the target of different types of attacks coming from hackers, organized crime groups and sometimes even nation states. The sophistication, severity and effectiveness of such events have substantially increased during the last year with record data breaches, massive personal information ending up on the dark web and widespread ransomware, phishing and DDoS attacks.
Our goal with this publication is on the one hand to bring awareness to the financial community of the severity of these new threats, the quickly evolving strategies, tactics and tools used by hackers and criminal organizations and on the other hand to highlight the available tools and solutions to address those challenges and the incredible innovation that is coming from some markets all around the world.
Firstly, we would like to express our sincere gratitude to all the participating startups and their teams for their fantastic solutions and their contribution not only to this observatory, but also to the industry and the society as a whole. All of them contribute to keeping our companies and lives cyber-safe.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 7 This publication has been reviewed by a group of senior cybersecurity executives coming from different corners of the world with a wealth of experience on the topics covered. We would like to thank all of them for their valuable feedback which has been absolutely instrumental in elevating the tone of this observatory in terms of quality, technical depth and global scope. In particular, we would like to thank:
• Michaël Frippiat, CISO, Axa Luxembourg • Amir Schwartz • Stéphane Nappo, Global Chief Information Security Officer & Board Advisor at Société Générale IBFS • Emmanuel Benzaquen, CEO of Checkmarx • Shahar Alon, BD and Partnerships Director at Checkmarx
The improvement from the first version of the Observatory has been substantial and this is only due to your suggestions and ideas.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 8 Finally, it would be unfair not to thank my co-editor Maite Ortega, our colleagues Alicia Peña and Carlos Rivas for their infinite patience and support to the preparation of this publication, the startup observatory web and many other key “bits and pieces”, David Bailey for his valuable advise and top-notch proofreading services and of course to the fantastic Unsplast photo repository (https://unsplast.com) for their fantastic pictures which have been used in this publication. Our gratitude goes to all the photographers for their invaluable material.
Jose Monteagudo Maite Ortega Chief Editor Co-Editor [email protected] [email protected]
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 9 Introduction
This is the first edition of the Cyber Startup Observatory and is dedicated to the Israeli cybersecurity ecosystem. The process of coming up with this observatory has been quite interesting and exciting. We have conducted comprehensive research and invited several Israeli startups which we consider have amazing solutions to help banks, insurers and other financial institutions to win the battle against the bad guys.
This research started with visits from our chief editor to Tel Aviv and Be’er Sheva, the largest city in the Negev desert of southern Israel and probably one of the top innovation centers in cybersecurity in the world. During that visit, we had the opportunity to witness first-hand how seriously the Startup Nation takes cybersecurity, in particular in financial services, the CERT-IL being a fantastic example. We were impressed by the dynamic collaboration between the private sector, the universities, the government and the entrepreneurs to come up with unique ideas, solutions and thriving companies.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 10 We have included some of those innovative startups in this observatory and will continue to do so in future editions covering not only Israel but all the hubs of cybersecurity innovation in the world including the UK, France, Germany, US, Singapore, Brazil, Japan, China, Australia to name just a few.
We have also covered hot topics in the industry such as artificial intelligence and machine learning, and its role in cybersecurity, cyber risk management, behavioral biometrics, crisis management, IoT or more specific and less well known issues like IP hijacking.
Our goal with these articles is to bring awareness to the community of the complexity and seriousness of the challenge we are facing in a way that is simple, easy to understand and digest. It is not the purpose of this publication to dig deeper into the technologies, to describe machine learning algorithms or to enumerate and cover advanced persistent threats (APT) in detail. We believe there are sufficient technical publications pursuing that goal.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 11 Just a final note to highlight how this document is organized. This methodology is also applied to our web (www.cyberstartupobservatory.com) and will be consistent in future editions of the observatory.
All the sections are clasified under the following categories and signposted using the following tabs:
• Innovation: is going to cover information from startups with state-of-the-art solutions that are in some way unique.
• Resources: in the startup observatory and our web we are going to share tools that will be relevant and valuable for industry executives, cybersecurity practicioners, regulators, purchase departments, students and universities. This is our first observatory which has involved months of reseach. We are committed to improving the quality of the materials shared and to update them regularly. Also, all the logos, information from startups, categorization of solutions have been previously discussed with them and the information has been included with their approval.
• Training & Education: the cyber startup observatory team is currently working on creating cybersecurity materials, training courses and infographics that will be shared in future editions or, if required due to specific constraints of the document, will be placed in our web.
• Insight: articles covering hot topics relevant for the industry. In forthcoming editions we will be accepting participation from industry leaders. Their contribu- tion is more than welcome. If you would like to particate in this process, do not hesitate to contact us on:
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 12 • Trends: a section focused on the evolution the cybersecurity industry is experiencing, new directions, including innovative technologies or approaches that might take cybersecurity to the next level like AI, Blockchain, sandboxing of cybersecurity at regulator or government level, cybersecurity as a service by authorities or many others.
The first page of the different sections referred is going to include the following icons on the left hand-side. Following this nomemclature is going to make the life easier of the
readers allowing them to short-cut to the most interesting parts of the observatory. Resources Insight Innovation
Training & Education Training Trends
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 13 The Israeli cybersecurity landscape in financial services
One of the goals of the cybersecurity startup observatory is to share insight among the key stakeholders in securing the financial industry, mainly cybersecurity executives from financial institutions, entrepreneurs, practicioners, universities, regulators and law enforcement. During the research period to prepare this observatory we contacted over 250 Israeli startups to understand their commitment to financial services and the maturity of their offer. All those that responded positively have been included in the following slides.
In terms of segmentation, we have classified the startups under seventeen
different categories. Those categories are: Resources
• Mobile Security • Application Security
• Cloud Security • Detection & Prevention
• Endpoint Security • Incident Response & Forensics
• Network Security • Deception
• Web Security • SOC
• Cyber Posture • Training & Education
• Compliance & Data Leakage Prevention • Identity & Fraud
• Cyber Intelligence • BMS/ BAS
• IoT
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 14 In order to allow easy and clear access to the information we have split the landscape slide into three parts. The consolidated slide is available on our web:
www.cyberstartupobservatory.com
If you would like your startup to be considered for inclusion, please contact us at the following email address and we will be happy to assist:
All the information provided from startups or gathered by our research team will be updated in the next observatory that is due for early April 2018.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 15 I�raeli or IL��S cyber�ecurity companie� with �olution� for FS �art � January ����
�etwor� Security
Clou� Security
En�point Security
�eb Security
Application Security Mobile Security
info��martre��cyber�ec.com
S O www.cyber�tartupob�er�atory.com I�raeli or IL��S cyber�ecurity companie� with �olution� for FS January ���� �art �
�etection � �re�ention January�hi�hing 2018 �re�ention
�E�A
�eception UEBA
Inci�ent �e�pon�e � Foren�ic�
SOC
Cyber �o�ture
Cyber �i�� info��martre��cyber�ec.com
�reach � Attac� Simulation Thir� �arty Security S O www.cyber�tartupob�er�atory.com I�raeli or IL��S cyber�ecurity companie� with �olution� for FS January ���� �art �
Compliance & Data �eakage Prevention
Data �isibility & Control IoT
Cyber Intelligence
Identity & Fraud BMS/BAS
Training & Education
info��martre��cyber�ec.com
S O www.cyber�tartupob�er�atory.com Behavioral biometrics, the state of the art. Background: the rise of the A smooth and secure experience is mandatory in order to be successful in digital bank this process.
During recent years, financial institutions have been involved in a Challenges for a robust strategic process to move operations authentication method from the branch to digital channels. But a secure environment with a great Although the main reasons for this and frictionless customer experience is transition to digital may be diverse, not the only requirement. An eventual we can often find the need to improve solution also needs to address the cost to income ratios, in particular in increasing number and diversity of mobile large tier-1 banks, as well as the need to devices, the need to provide service from provide a better experience to customers, anywhere at any time, while increasing particularly millennials. customer loyalty and addressing regulatory requirements. However, an effective transition to Insight digital requires, among other things, a Behavioural biometrics represents safe environment where the customer an optimal solution to meet customers’ might operate without the major risk of expectations with an effective approach becoming a victim of fraud or session to contextual authentication that might hijacking by cyber criminals, or ending up be able to monitor a user’s activity during with personal information being breached. a session and to supplement an existing suite of security protocols. Additionally, to make things more complex, online banking services have evolved from merely providing basic An evolving threat landscape account balance to advanced universal banking services. Traditionally, the financial services industry has been a key target for hackers While there are different solutions to due to the valuable data that it holds as ensure digital channels provide robust well as the pretty straightforward process authentication, some of these might of converting that data into cash. inconvenience customers by shifting much of the authentication burden to Unfortunately, as financial institutions them and eventually impact the referred increased their online offer of products transition to digital. and services, they also attracted even greater attention from cybercriminals.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 19 When banks fail to deploy a robust impossible. Therefore, it is important online authentication process, fraud to look at new additional dimensions to follows and often on an organized scale. define identity.
An estimated 3.3 billion user Additionally, the storage of biometrics credentials were stolen in 2016 across data is quite sensitive. And if this were different industries from 52 data not enough, we have social engineering, breaches varying in size from 100 to 1 with victims being contacted by a billion credentials. Some analyses show fraudster with enough personal and that 90% of login traffic on a web might be social information that allows the victim attributed to credential stuffing attacks. to believe that the caller is a legitimate one. Recent studies show that neither fingerprints nor facial recognition are as effective as we think and that iris recognition may have some risks too.
On top of this, mobile devices are prone to installation of malware and making things more difficult, it is rare to have endpoint protection software on these devices.
These practices increase the risk of mobile devices ending up compromised.
Identity theft and privacy: an analysis required
Some of the previously referred-to data breaches involved identity theft. This is a very serious issue as, depending on the authentication method and consequently on the stolen information, it might not be possible to recover from this hack.
It is absolutely crucial to come up with new ways of defining what digital identity is. Clearly, just using a name, address or finger prints represent a serious risk in case of data breach as these parameters might not be easily changed or even www.cyberstartupobservatory.com Cyber Startup Observatory Israel 20 The state of the art in be- havioral biometric
So, after all this bad news, what solutions are available to cope with this enormous problem?
Behavioural biometrics represents a very powerful solution to address all these challenges while integrated with a whole suite of existing security protocols.
As well as being transparent to the customer, some solutions implement algorithms which include behavioural and physiological characteristics that allow a continuous authentication, validating the customer real time, from log-in until the end of the session.
These solutions might take into account hundreds of parameters, including finger size, finger pressure, swipe speed, device movement, gesture boundaries and with all this information, the solution builds a unique profile of the user.
When the user tries to provide authentication on the mobile phone or tablet to get access to the digital banking services, the behavioural biometrics solution analyses the user’s interactions with the device in comparison to a authentication method is that information previously developed user profile. stored is revocable meaning that in case of data breach, no fingerprints, iris or Based on the interaction the facial data will be compromised, avoiding authentication solution scores the irreversible identity theft. Instead, similarities and enables the financial behavioural data is converted into a institution to take action when the score mathematical representation which is is low indicating suspicious activity. useless for cyber criminals.
One very important feature of this www.cyberstartupobservatory.com Cyber Startup Observatory Israel 21 Advantages of behavioural tion easier, too.
biometrics • Mitigates fear of identity theft and other privacy concerns. There are also Based on all the previous elements, the fewer privacy-related concerns com- key advantages of behavioural biometrics pared to traditional physical biomet- might be: rics, such a fingerprint, facial recogni- tion or Iris scan. • Very secure platform that can be in- tegrated with other security protocols • Finally, the solution can be easily with substantial fraud reduction and integrated across multiple channels fewer false positives. including smartphones and tablets.
• Substantial reduction of fraud with an If you need further information with re- important increase in the number of gards to this article, available solutions to transactions succesfully performed. the challenges described or behavioural biometrics in general, please contact us • Very convenient for the customer, on: with less friction making it easier for the bank to accelerate the transition [email protected] to digital services
• Cost savings related to password management as it does not require additional hardware such as tokens making the administration of the solu-
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 22 Featured companies:
Innovation
Category: Identity & Fraud
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 23 01 Company Description
Verifyoo is a software company offering behavioral biometric user verification solutions, with the focus on enhancing and enabling business interactions and empowering companies in digital transformation.
Verifyoo’s patented technogies enable users simple yet secure access to their accounts, without risking their privacy.
Company Info 02
Company Name: Verifyoo Headquarters: Tel Aviv Founded: 10/2015 Other offices: NA Employees: 10 Target Industries: Fintech, eCommerce Web: http://www.verifyoo.com
The Product 03 General - Verifyoo BehavioMetric One-Time Password
User identity verification solution based on behavioral biometric technologies Users are asked to hand-write characters on their smart-phones touch screen Verification performed by analyzing user interaction with their smartphone Key Features Business enabler – operations cost reduction, improved user experience and satisfaction Secure - resistent to spoofing and replay attacks, requires user consent in the verification process Private – uses non intrusive, revocable behavioral features, GDPR compliant User friendly – no password memorisation, simple and intuitive to use www.cyberstartupobservatory.com Cyber Startup Observatory Israel 24 04 How does it work?
Verifyoo’s BehavioMetric One-Time Password enables users to safely access their accounts without the need to memorise passwords or use intrusive body parts. The solutions supports multiple configuration types such as mobile based (FIDO), cloud or on premises for out of band verification. Enrolment
The user receives 8 characters which they have to hand-draw and repeat 2-3 times
The process requires 20-30 seconds - demo Authentication The user receives a random set of 4 characters, which they have to hand-draw The input is compared to the data collected in the enrolment to determine if the user is authorized The process requires 4 seconds - demo
05 What makes it unique?
• Uses non-private, revocable features • Supports cross-device verification • No usage of intrusive body parts • Built-in account recovery mecha- nism • No password memorisation • Compliant with EU GDPR regula- • Requires User consent tions www.cyberstartupobservatory.com Cyber Startup Observatory Israel 25 01 Company Description
BioCatch is a cybersecurity company that delivers behavioral biometrics, analyzing human-device interactions to protect users and precious data. Founded in 2011 by experts in neural science research, machine learning and cybersecurity, BioCatch is used by banks and other enterprises to reduce online fraud and protect against cyber threats, without compromising user experience. With an unparalleled patent portfolio and deployments at major companies worldwide that cover tens of millions of users to date, BioCatch has established itself as the industry leader for behavioral biometrics.
Company Info 02 Company name: BioCatch, 2011 Headquarters: Tel-Aviv/New York Founded: 2011 Other offices: Boston Employees: 60+ Target Industries: banking, payments, credit card issuers, credit bureaus, payroll, Web: www.biocatch.com mobile authentication, insurance. 03 04 The Product FS footprint
Product Category: behavioral biometrics, Years in Financial Services (FS): 5+ identity and fraud, detection and prevention Priority Markets in FS: Banking, credit Product Stage: Released, in production card issuers, payments, insurance, mobile authentication. Product Names and Brief Description: LoB: Retail, Commercial, Investment BioCatch Banking, Payments, Insurance Invisible Challenges, Key Differentiators: Markets with Customers: Banking, unparalelled expertise and experience, 50+ credit bureaus, credit card issuers. patents, immediate ROI Relevant Public Success Stories: 4 Services Provided: identity proofing, out of top-5 Banks in the UK; Banks continuous authentication and fraud in LATAM, U.S; Credit Bureau in U.S; prevention e-commerce company in LATAM.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 26 01 Company Description
Paygilant’s mission is to deliver a vigilant solution against mobile payments fraud. Our autonomous technology offers banks and mobile payment providers with high-fidelity fraud prevention, enhanced payment experience and reduced opera- tional costs.
Company Info 02 Company name: Paygilant Headquarters: Israel Founded: 08/14 Target Industries: Financial Employees: >20 Web: www.Paygilant.com 03 04 The Product FS footprint
Product Category: Identity & Fraud Years in Financial Services (FS): 3 Product Stage: Released Priority Markets in FS: Worldwide Product Names and Brief Description: LoB (Retail, Commercial, Investment Paygilant for Mobile Payments Fraud Banking, Payments, Insurance, All): Prevention Banks, Mobile Wallets and Payments Key Differentiators: on-device fraud providers prevention platform, strong identity verification, decentralized risk Relevant Public Success Stories: assessment. http://www.paygilant.com/docs/nilson. pdf
https://www.ibm.com/blogs/ cloud-computing/2017/12/digital-pay- ments-ibm-cloud/
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 27 01 Company Description
Simplex is a fintech & crypto company that provides online merchants with fraudless online payment processing solutions. Our experts facilitated global credit card processing for bitcoin exchanges, brokers and wallets, with a full fraud chargeback guarantee. We process payments at a rate of over $1 Billion per year, and we are creating payments systems as it should be – secure and worry-free.
Company Info 02 Company Name: Simplex Headquarters: Tel Aviv, Israel Founded: 04/14 Other offices: Vilnius, Lithuania Employees: 80 Target Industries: Cryptocurrencies, E-Commerce Web: https://simplex.com 03 04 The Product FS footprint
Product Category: Identity & Fraud Years in Financial Services (FS): 4 Product Stage: released Priority Markets in FS: Worldwide Product Names and Brief Description: LoB (Retail, Commercial, Investment Simplex developes cutting-edge AI Banking, Payments, Insurance, All): algorithm technology that processes online Payments payments and assesses risk with maximum Markets with Customers: Worldwide speed and efficiency. Relevant Public Success Stories: Key Differentiators: Simplex offers merchants a one-stop-shop Please visit our website: solution, processing the transactions, https://simplex.com ensuring fraud prevention and taking responsibility in case of a chargeback. www.cyberstartupobservatory.com Cyber Startup Observatory Israel 28 01 Company Description
PlainID is the leading vendor in run time authorization management. We offer an authorization solution that provides Policy Based Access Control (PBAC) for com- mon on-premise, SaaS, and homegrown applications.
Company Info 02 Company name: PlainID Headquarters: Tel-Aviv Founded: January 2015 Other offices: New York Employees: 20 Target Industries: Financial, health care, industrial, media, retail, Web: www.plainid.com Insurance, banking. 03 04 The Product FS footprint
Product Category: Identity and Access Years in Financial Services (FS): 3 managament Markets with Customers: US, Israel Product Stage - GA Relevant Public Success Stories: Product Names and Brief Description: Banks and credit cards companies PlainID offers an authorization solution that provides Policy Based Access Control (PBAC) for common on-premise, SaaS, and even homegrown applications. PlainID’s scalable technology enables customers to easily externalize authorization decisions from applications, achieving higher efficiencies, more fine-grained access controls, and improved security. www.cyberstartupobservatory.com Cyber Startup Observatory Israel 29 01 Company Description
Silverfort introduces the first security platform enabling adaptive authentication and identity theft prevention for every sensitive user, device and resource through- out the entire organization, without any change to endpoints and servers.
Company Info 02 Company Name: Silverfort Headquarters: Tel Aviv, Rothschild St 3 Founded: 8/16 Other offices: Boston, Houston Employees: 20 Target Industries: All industries Web: www.silverfort.io 03 04 The Product FS footprint
Product Category: Authentication, UEBA Years in Financial Services (FS): 2 Product Stage : released Priority Markets in FS: Banks, insurance Product Name: Silverfort LoB (Retail, Commercial, Investment Key Differentiators: Banking, Payments, Insurance, All) - All • The only solution to deliver authentication Markets with Customers: USA, UK and across the entire network & cloud Israel • The only solution to deliver authentication Relevant Public Success Stories: not to any resource (including infrastructure, disclosed. proprietary systems, IoT) • The only solution that can analyze all activity throughout the organization to achieve better AI-based policy decisions www.cyberstartupobservatory.com Cyber Startup Observatory Israel 30 Cyber risk management strategies
Cyber risk is not a problem to be With this information the solved, but a condition to be managed. organization might have an internal debate with regards to the level As a consequence, risk management of acceptable risk, basically its risk is an ongoing process that involves tolerance or levels of variatiation the identifying, assessing and responding to institution is willing to accept with risks. regards to different objectives.
But the tricky part is that to Once the organization understands effectively manage risk, a financial risk tolerance, they can take informed institution firstly needs to understand decisions to prioritize cybersecurity the likelihood of an event occurring and activities, programs and expenditures. then the potential impact. As the threat landscape is continuously evolving this With regards to the different assessment process is becoming very approaches to handling risk, basically,
Insight complex, requiring an increasing number there are four ways to go, including of scarce and expensive resources for mitigating the risk, transferring it, the organization. avoiding the risk or accepting it.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 31 Major cyber risks for finan- Cyber risk management pil- cial institutions lars
Cyber attacks are increasing in both Although there have been important frequency and complexity with financial issues during recent years, the financial institutions being the major target for services sector is probably one of the cyber criminals considering the value of best industries managing cybersecurity. the data they own as well as the simplicity transform that data into cash. The key pillars for an efficient and effective cybersecurity risk management As everybody now recognizes, it is no are: longer a question of “if” an organization will be breached but “when”. • Strengthen cyber risk management by implementing three lines of But what are the major cybersecurity defence, including risk identification risks for financial institutions? and assessment, risk management and risk monitoring This is a difficult question to answer as the past year has seen unprecedented changes in the cyber threats landscape, but to name just a few
• Data exfiltration using “zero days” vulnerabilities
• Financial theft, stealing funds from transactions.
• Distributed denial of service attacks (DDoS) targeting corporate websites to compromise e-commerce
• Cyber extorsion, in particular ransomware, ranging from encryption of personal computers to more valuable corporate assets.
• Third party solution provider failure
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 32 • Compliance with existing regulations including new privacy requirements.
• Enhance cyber security execution through talent development, cyber awareness programs and consistent cyber protocols
• Consider risk in the financial ecosystem including third parties.
• Monitor the continuously evolving threat landscape.
• Consider information sharing. The Financial Services Information and Sharing Centre (FS-ISAC) is an industry forum created specifically for the financial services industry to share regarding cybersecurity in their sector.
• Integrating cyber risk management into innovation
Cyber insurance
As a result of all the new dynamics in the Some reports forecasts that the global cyber risk landscape, the cyber insurance market is expected to surpass $3 billion in industry is evolving and growing very fast. 2017 with strong growth till 2027.
Businesses across all sectors are North America has been the largest beginning to recognise the importance cyber insurance market share in the past of cyber insurance in today’s increasingly but new regulations coming into effect in complex and high risk digital landscape the European Union such as GDPR, might and this is especially true in the financial accelerate market growth in this region. services industry, currently involved in a critically important digital transformation If you need more information regarding journey which is going to inevitably cyber risk management and potential increase the attack surface or sum of solutions please contact us on: potential attack vectors.
[email protected] www.cyberstartupobservatory.com Cyber Startup Observatory Israel 33 Featured companies:
Innovation
Categories:
• Cyber Posture
• Cyber Risk
• Breach & attack Simulation
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 34 www.cyberstartupobservatory.com Cyber Startup Observatory Israel 35 01 Company Description
Cytegic’s scientific approach provides digital-related risk oversight across the entire organization. With Cutting-edge patented technology, Cytegic’s Automated Cyber Risk Officer provides best in industry cyber risk management with unprecedented accuracy, agility and friendliness. ACRO provides you with recommendations on specific operational defensive actions while helping determine which resources should be allocated to match risk tolerance and business strategy.
Company Info 02 Company: Cytegic Headquarters: Tel Aviv, Israel Founded: 2012 Other offices: New York, NY Employees: 15+ Target Industries: Highly regulated enterprise, consultants Web: 03 04 The Product FS footprint
Product Category: Cyber Risk Management Years in Financial Services (FS): 4 yr Product: Automated Cyber Risk Officer (ACRO) Priority Markets in FS: Banks Automated Cyber Risk Officer (ACRO) – ACRO allows senior decision makers primarily the CRO, LoB (Retail, Commercial, CISO, CIO, CFO, Business Owners and Boards to Investment Banking, Payments, demystify cyber risk into something that is simple, Insurance, All): All actionable, quantifiable and translates to dollars Markets with Customers: NA, and cents. ACRO allows your organization to Israel, EU, Asia Pac, Russia become truly proactive and operational regarding the management Cyber Risk instead of catering to the needs of technologies that strike and disappear out of nowhere. Future Functionality: GDPR reporting, rapid self assessment. www.cyberstartupobservatory.com Cyber Startup Observatory Israel 36 05 How does it work?
ACRO delivers quantified, actionable, relevant continuous intelligence and defensive maturity levels for the organization to instantly view, prioritize and determine/proactively ll the gaps in managing your Cyber Risk. ACRO provides “what if” simulators to plan ahead for ever changing threats and defenses. Cytegic’s open loop machine learning algorithms identify patterns in anticipation of attacks.
06 What makes it unique?
• Open Loop Machine Learning • Automated Continuous Risk Assessment • Big Data Analytics • Customizable and Scalable • Multilingual Semantic Engine Platform • Cloud Based Software as a Service • Intelligent Decision Support System www.cyberstartupobservatory.com Cyber Startup Observatory Israel 37 Awards 07
• 2017 CIOReview, 20 most promising vendors for Enterprise Risk Management • The Top Security Technology Trends To Watch, 2017 Tools and technologies: The S&R practice playbook Forrester, April 26, 2017
Partners 08 • Ernst and Young • SecureNet • Capa8 • Trace3 • BriteComputers • Morphus • Archetype SC • TransForce
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 38 01 Company Description
Cymulate was founded by an elite team of former Israel Defense Forces intelligence officers and leading cyber researchers with world-class experience in offensive cyber solutions. Combining vast expertise in cyber simulation technology with extensive field experience to mimic the latest and most sophisticated cyber-attacks. Cymulate employs software-as-a-service applications to simulate the myriad tactics and strategies employed by hackers to attack network and endpoint security infrastructures.
Cymulate helps companies stay one step ahead of cyber attackers with a unique breach and attack simulation platform that empower organizations with complex security solutions made easy to safeguard their digital assets and maintain business continuity. Company Info 02 Company Name: Cymulate Ltd Headquarters: Israel Founded: 06/2016 Other offices: US Employees: 16 Target Industries: Financial, Healthcare, Telecom, High-tech Web: www.Cymulate.com 03 04 The Product FS footprint
Product Category: Breach & Attack Simulation Years in Financial Services (FS): 1.5 Product Stage: Released Priority Markets in FS: All Product Names and Brief Description: Markets with Customers: Cymulate Breach & Attack Simulation platform Spain, Italy, Israel, Belgium, allows organizations to assess their true UK, Turkey readiness to handle cyber security threats effectively by simulating the myriad tactics and Relevant Public Success strategies used by hackers to attack network Stories: The biggest bank in and endpoint security infrastructures. Israel, Large insurance Carrier, Large bank in Belgium
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 39 01 Company Description
A leading technology firm providing the world’s most advanced cyber risk management platform.
Company Info 02 Company name: CyGov Headquarters: Israel Founded: 06/2016 Other offices: NY Employees: 18 Target Industries: Financial, Retail, Healthcare, Energy, Government Web: www.cygov.co 03 04 The Product FS footprint
Product Category: Cyber risk Years in Financial Services (FS): First management and assessment contract with US bank in December 2017.Priority Markets in FS: Banks, Product Stage: Released Insurance companies. Product Names and Brief Description: LoB (Retail, Commercial, Investment Cyber risk and readiness management Banking, Payments, Insurance): All platform. Markets with Customers: Financial Key Differentiators: multi-organizational Services cyber assessment platform Feature Functionality: deeper automation, additional tools Services Provided: penetration testing, cyber assessments, cyber awareness programs, technology mapping, cyber war games and exercises, strategy building and work plan
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 40 01 Company Description
A global provider of organizational phishing readiness, CybeReady is trusted by the world’s most reputable brands to transform their security culture and improve their phishing training outcomes. CybeReady provides the most efficient and the most effective Phishing Simulation and Automated Training Solution to the enterprise. It enables companies to transform employee behavior, ensuring continual organizational cyber readiness.
Company Info 02 Company Name: CybeReady LTD. Headquarters: Tel-Aviv, Israel Founded: 12/2014 Target Industries: Healthcare, Pharmaceuticals, Chemicals, Banking, Employees: 6 Insurance, Telecommunication, Energy and Web: www.cybeready.com Utilities, Industrial and Manufacturing, Internet and Technology, Universities, Government institutes and more. 03 04 The Product FS footprint
Product Category: Phishing Prevention, Cyber Years in Financial Services (FS): 2015 Posture, Cyber Security Training Priority Markets in FS: EU
Product Stage: product released and deployed LoB (Retail, Commercial, Investment worldwide Banking, Payments, Insurance, All): ALL Product Names and Brief Description: Markets with Customers: EU, USA CybeReady AntiPhishing Training Automation harnesses big data to unleash employees’ learning Relevant Public Success Stories: over potential and strengthen organizational defenses. 2 million simulations sent, training 200,000 employees on a monthly Key Differentiators: routine, across 66 countries and in 35 Learning Automation languages Data Driven Real KPIs www.cyberstartupobservatory.com Cyber Startup Observatory Israel 41 IP hijacking, a lesser known cyber attack that might have devastating consequences on financial institutions
During recent years and particularly of the problem, there is a type of attack during the last few months we have been that has been flying under the radar, is less hearing about serious cyber attacks on known by financial institutions and some financial institutions all across the planet. banks consulted by Smartrev Cybersec do not even know that it is possible. A whole spectrum of cyber events including malware, distributed denial of We are talking about Internet Protocol service (DDoS), record-breaking data (IP) hijacking also known by the name breaches, sophisticated spear-phishing of one of its variants Border Gateway attacks feature among others. Protocol (BGP) hijacking.
To name a just few, we might highlight the 2012 DDoS attacks, the 2013-2015 Background and definitions Carberp Trojan stealing over a billion Let’s start with some definitions to
Insight dollars, the 2014 attack on JPMorgan and understand the problem. the 2017 record data breach on Equifax and last but not least, the worrying 2016 Firstly, the well-known Internet is attack on Swift that might have ended up just a jigsaw puzzle of what are called being the largest attack in history if it not Autonomous Systems (AS) which are been for a minor typo issue. interconnected. In 2016 there were over 54000 AS. Unfortunately, criminal organizations have been targeting, and will continue to do The Border Gateway Protocol, BGP is so, financial institutions as the information basically an inter-AS routing mechanism they possess might be easily monetized that allows the exchange of network by either stealing from bank accounts or reachability information. This protocol is selling it into the dark web. controlled by the Internet Engineering Task Force, (IETF) and defined in detail Financial institutions are investing in RFC-4271. BGP has been in operation heavily in cyber-security but it does not since 1994. seem to be enough to cope with this problem that for some might be considered an epidemic.
So, although these recent events have been bringing awareness of the importance
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 42 In BGP, network nodes are called information, included in the routing table, peers, and those peers exchange routing a BGP router decides what path is the information among each other and best towards a particular destination, and cooperate to have a global picture of the for each known destination, sends this whole internet (where all the IP networks single best route to its peers. are located and how to reach them). This global picture is called the routing This selection of the best route table. At the end of 2017 a routing table follows a complex algorithm, including up included over 691k IP version 4 (IPv4) to 13 different criteria but in the interest networks. of simplicity, for this article we will just highlight two important concepts: the more specific preferred routes as well as How BGP works those with the shortest AS path. A BGP peer learns routes from The following figure shows at a very different neighbours both internal and high level how BGP works. external to the AS. Based on this routing
Figure 1: how BGP works
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 43 As we can see in figure 1, AS 1 owns networks they actually legitimately network or prefix 80.56.0.0/16. It control. announces this network using BGP to its peer in AS 2. For the BGP router in AS 2, the Within those initiatives we have the path to network 80.56.0.0/16 is through Resource Public Key Infrastructure (RPKI) AS 1. It then conveys this information to that protects against prefix hijacking its peer in AS 3 using the BGP protocol. by associating an IP address range with This way, BGP routers in AS 3 will know an autonomous system number (ASN) how to route IP packets, from example through cryptographic signatures but from AS4 to network 80.56.0.0/16. there are ways to circumvent RPKI and it is also gaining traction slowly. RPKI is What is BGP hijacking described in RFC-6810.
What happens if for a few minutes, a router in AS 4 starts announcing the ownership of network 80.56.0.0/16?
Depending on how it announces these networks or prefixes, and based on the logic of the BGP best path algorithm, it might convince its BGP peers that it is the best path to reach route 80.56.0.0/16.
This would be a BGP hijacking and it is basically the illegitimate takeover of groups of IP addresses by corrupting Internet routing tables.
Another example might be the case of routers in AS3 receiving BGP information from Route 80.56.0.0/24 via AS4. Being both a more specific prefix and a shorter AS Path, they would wrongly route IP information bounced to 80.56.0.0/24 prefix through AS4.
Industry initiatives to miti- gate the problem
There are several initiatives to secure BGP and to ensure that Internet Service Providers (ISP) can only announce those www.cyberstartupobservatory.com Cyber Startup Observatory Israel 44 Another solution is BGPsec, but it has to IP hijacking. implementation challenges. BGPsec is specified in RFC-8205. Besides, it could be The most recent mass scale BGP hijack a long time before every single AS migrates happened on December 2017, when an to BGPsec. unused Autonomous System (AS39523) started to announce routes belonging to Google, Apple, Facebook, Microsoft, Recent Incidents NTT Communications and Twitch, among others. This event was divided There have been several incidents into two short lived events lasting three generated by IP hijacking involving minutes. Whether this was intentional financial institutions in recent years. or a configuration accident remains to be proven. Probably the most famous happened in April 2017, involving several financial If you need more information regarding institutions, most notably Visa and BGP hijacking, implications and potential Mastercard. solutions please contact us on: Also, cryptocurrencies have been a [email protected] target for IP hijacking, in particular Bitcoin. Although Bitcoin has several thousand nodes, from a routing perspective it is pretty centralized, making it very sensitive
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 45 Featured companies:
Innovation
Category:
• Network security
• Cloud security
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 46 www.cyberstartupobservatory.com Cyber Startup Observatory Israel 47 01 Company Description
BGProtect delivers a unique IP hijack attacks detection and mitigation service. Our service is based on active monitoring of our customers’ IP address space, 24x7 and from all over the world. We inform our customers, in real-time, about network security and network performance related incidents, and manage the mitigation process of the IP Hijack attacks. Our customers get access to our dashboard for forensic needs.
Company Info 02 Company Name BGProtect Headquarters: Ra’anana, Israel Founded : 2014 Target Industries: Governments agencies, Critical infrastracture, Financial institutes, Web: www.bgprotect.com academic institutions, international coorporates, etc 03 04 The Product FS footprint
Product Category: Network & Cloud Security, Years in Financial Services Cyber Intelligence and Detection & Prevention (FS): 2 Product Stage: Active since 2015 Priority Markets in FS: Banks, Brokers, stock exchanges, Product Names and Brief Description: investment funds and BGProtect: IP Hijack Detection & Mitigation insurance companies Key Differentiators: Detects all types of IP LoB: All hijacking base on proprietary algorithms and Markets with Customers: US, accurate Geolocation Europe, Israel & APAC Future Functionality: Performance analysis Services Provided: SaaS
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 48 05 Product in detail
BGProtect delivers a unique IP hijack attacks detection and mitigation service. Our service is based on active monitoring of our customers’ IP address space, 24x7 and from all over the world. We inform our customers, in real-time, about network security related incidents, and manage the mitigation process of the IP Hijack attacks. 06 How does it work?
BGProtect has installed hundreds of software agents worldwide, collecting immense amounts of data by actively monitoring internet routing in general and routing to customer sites in particular. Utilizing Big Data analytics, proprietary algorithms and a very accurate map of the global Internet infrastructure which we built based on our unique databases of global IP address routers, BGProtect constantly analyzes the routes your data takes, examines potential threats to company internet traffic, looks for potential interference with your communications and scrutinizes the ISPs you work with. BGProtect offers its solution as a SaaS product, so there is no complex integration - Just give us your IP addresses and we’ll do the rest – including managing the mitigation process for you.
What makes it unique? 07
Because of BGProtect’s active monitoring technology, it can detect all types of IP hijack attacks, regardless of the technique used.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 49 08 The solution
07
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 50 01 Company Description
MazeBolt strengthens companies resistance to the two main cyber attack vectors: DDoS & Phishing. We set the de-facto industry standard for BaseLine DDoS Testing with our unique testing methodology. Our enterprise grade Phishing Awareness programs stregnthen employees resistance to phishing attacks and run in over 50 countries & 20 languages.
Company Info 02 Company name: MazeBolt Tech- Web: www.mazebolt.com nologies Ltd. Headquarters: Ramat Gan, Israel Founded: 2013 Target Industries: Banking, Insurance, Employees: >10 E-Commerce, Gaming 03 04 The Product FS footprint
Product Category: Years in Financial Services (FS): 4 DDoS Testing & Phishing Awareness Priority Markets in FS: Product Stage: Released Banking, Insurance, Online & Key Differentiators: E-commerce DDoS Testing – Unique testing methodology LoB (Retail, Commercial, cuts risk by over 60% Payments, Insurance): All Phishing Awareness – Dynamically adaptive Markets with Customers: US, training & Enterprise grade scalability EU, India & APAC Future Functionality: Non-Disruptive DDoS Testing
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 51 05 The produt: DDoS testing
MazeBolt’s DDoS Testing is vendor agnostic and is designed to identify vulnerabilities in DDoS Mitigation. MazeBolt’s unique DDoS Testing methodology has been shown to cut DDoS risk by over 60%. 06 How does it work?
1.-Baseline Test: 18 DDoS tests from Layers 3, 4 & 7 aimed to identify vulnerabilities in mitigation. 2.-Customer Review Phase to fix DDoS vulnerabilities 3.-Valiadtion Test: Focuses only on vulnerabilities identified to validate they have been fixed and pose no threat
What makes it unique? 07 • De-Facto Industry standard • Layers 3, 4 & 7 • World class DDoS expertise • Testing capacity of over 50Gbps • Highly Scalable & dynamic testing • Nodes in USA, EU, ASIA & APAC platform • Unique reporting KPI
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 52 08 The product: Phishing simulation & Awarenes
GDPR Compliant, Enterprise grade Phishing Simulation & Awareness programs that drive engagement throughout the organization – designed to help companies significantly strengthen their resistance to phishing attacks. 09 How does it work?
1.-Phishing Campaigns: Test your users by sending them the most sophisticated phishing simulations in the wild in over 20 languages, fully branded down to your local entity level. 2.-Training Campaigns: Send users dedicated campaigns with personalized training sessions to drive engagement deeper into your organization 3.-Adaptive Training: Unique dynamically customized training ensures that each user is trained personalized training at just the right level
What makes it unique? 10
• Out-of-the-box Enterprise grade scalability • Dynamically adaptive training • Fully operational in over 50 countries and 20 languages • Unique phishing program methodology
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 53 01 Company Description
The leading provider of business-driven security management solutions, AlgoSec helps the world’s largest organizations align security with their business processes. With AlgoSec, users can discover, map and migrate business application connectivity, proactively analyze risk from the business perspective, tie cyber-attacks to business processes and intelligently automate network security changes with zero touch - across their cloud, SDN and on-premise networks. Over 1,500 enterprises, including 20 of the Fortune 50, utilize AlgoSec’s solutions to make their organizations more agile, more secure and more compliant - all the time. Since its inception, AlgoSec has provided the industry’s only money-back guarantee.
Company Info 02 Company Name: AlgoSec Headquarters: NJ, USA Founded: 2004 Other offices: Atlanta, GA, Petach Tikva, Israel, London, Singapore, Employees: 350 Target Industries: All Web: www.algosec.com 03 04 The Product FS footprint
The AlgoSec Security Management Solution 2017.3 Years in Financial Services (FS): 14 Key Differentiators: Priority Markets in FS: All Business centric approach to security policy management LoB (Retail, Commercial, Unified security policy management across heterogenous Investment Banking, Payments, on-premise, cloud and SDN environments. Insurance, All) Supports the entire security policy management lifecycle Markets with Customers: All Automatically discovers applications and their Relevant Public Success Stories: connectivity flows, associating connectivity with their • Discovery underlying firewall rules. • Worldline Out-of-the-box audit reports for the widest range of regulatory, industry and corporate standards. • BM&FBOVESPA • Techcombank www.cyberstartupobservatory.com Cyber Startup Observatory Israel 54 01 Company Description
L7 Defense Ammune™ platform protects websites and mobile applications from Automated cyber attacks that use scripts and/or advanced botnets, at any traffic rate, enabling system owners to keep their customers satisfied and loyal by eliminating downtime during such attacks.
Company Info 02 Company Name L7 Defense LTD Headquarters: Beersheva, Israel Founded: 07/15 Other offices: Luxembourg Employees: <10 Target Industries: Financial sector, web plataformas, ISP, MSSP Web: www.L7Defense.com 03 04 The Product FS footprint
Product Category: Cloud Security, Network Years in Financial Services (FS): Security, Web Security, Detection & 3 Prevention Priority Markets in FS: Online Product Stage: sales stage banking, online transactions, insurance, online web Product Names and Brief Description: transactions Ammune™ is a novel AI platform that Markets with Customers: autonomously protects on web systems Israel, EU, North america, south from AI-cyber attacks, with no need for extra america, APAC means or data Relevant Public Success Stories: Ammune™ is a “deploy-and-run” platform. Installation in one of the largest It automatically discovers the web systems private banking characteristics in less then 1-hour and continuously monitor it as for changes, forever. No human intervention is needed along time. www.cyberstartupobservatory.com Cyber Startup Observatory Israel 55 01 Company Description
Portnox secures connected organizations’ corporate networks utilizing its next-generation network access control and management solutions. Portnox’s solutions manage every user, every device – including: Internet of Things (IoT), BYOD, mobile and managed devices – accessing the network, everywhere.
Founded in 2007, Portnox provides its 500 global customers with a complete view of device and network visibility, reducing security risks and improving network control. Portnox offers two solutions – CORE for On-Premise NAC and CLEAR for cloud-based NAC – allowing companies to grow, optimize, and evolve their infrastructure while maintaining the upmost security and compliance. Company Info 02 Company name: Portnox Headquarters: Israel Founded in 2007 Other offices: US, UK 50 Employees Target Industries: Financial Services, Healthcare, legal, Education, Retail, IT, www.portnox.com Government and Defence. 03 04 The Product FS footprint
Product Category: Network Security, Cloud Years in Financial Services (FS): 10 Security years Products Stage: Released Priority Markets in FS: All Product Names and Brief Description: LoB (Retail, Commercial, Investment Banking, Payments, Insurance): All Portnox CORE - is an agentless solution for on- premise network access control, visibility and Markets with Customers: Healthcare, enforcement in real-time on all devices. Financial Services, Insurance, Government, Retail, IT, Education. Portnox CLEAR - Is a leading risk management, access control and network visibility solution Relevant Public Success Stories: delivered seamlessly as a cloud service. • Data Reality • NamClear Bank
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 56 AI and ML in cybersecurity AI and ML, definitions vision and natural language processing (NLP). There is a huge buzz around artificial intelligence (AI) and machine learning Machine Learning is an AI discipline (ML) only comparable to the lack of clarity that gives computers the ability to learn of the meaning of those terms. without being explicitly programmed. Basically, a Machine Learning computer Within AI we can find several will find patterns in data and then predict concepts like strong AI or true AI that the outcome of something it has never refer to artificial general intelligence, seen before. a hypothetical machine that exhibits behaviour at least as skilful and flexible The latest developments in the ability as humans do. to manage large datasets or bigdata, storage capacity to keep all that data and But the truth is that there is not the computer power, have enabled the currently such a machine that can operate development of ML. and learn totally on its own outside a controlled environment. There are many types of ML, the most prevalent being supervised learning, deep
Insight AI has to be able to deal with vast learning and reinforcement learning. amounts of data, the ability to reason, organise and structure knowledge Most of the current applications of AI mimicking the way a human does. At this in cybersecurity do not go beyond ML. moment, this is mainly science-fiction.
There is general consensus though, that AI is a superset of ML.
As a superset, AI has more topics than ML, although there are some overlaps and implies more than just learning, like speech recognition and understanding, perception, creativity and intuition ;three dimensions, 3D understanding and interactions with the environment; reasoning, contextual understanding within a conversation and object manipulation. Commercial applications of AI that represent additions of AI over ML might be self-driving cars, computer
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 57 Applications of ML in cy- submit to get their orders approved. The real challenge is how we can make bersecurity: the low hang- sense of this unstructured data and then ing fruit. make good approve/decline decisions for thousands of merchants in real-time. Machine learning in cybersecurity performs extremely well where we have Other uses of ML in cybersecurity lots of data either on the cloud or on the might address the acute problem of endpoint, working in combination with scarce and expensive expertise through bigdata and analytics. resource optimization or increase in staff productivity. Also a substantial reduction The most suitable applications would in false positive rates would positively be in processing massive quantities of impact cybersecurity operations and ML data and performing vast operations to is very effective in achieving this goal. We identify anomalies, suspicious or unusual need to be cognizant that the widening behaviour, detect and correct known cyber-security skills gap is seriously vulnerabilities, suspicious behaviour and threatening companies and this serious zero-day attacks. issue needs to be assessed in terms of cyber risk and properly addressed. ML might prove very helpful in detecting issues of a higher complexity, faster and more accurately than the human analyst.
In the unfortunate case of an attack, an automated response is critical in order to minimize the impact, conduct forensics and to defend effectively.
From a defensive perspective we need to be able to respond in computer or machine time versus human time to stop some of the attacks. Defence against intelligent cyber weapons can only be achieved by intelligent software.
Machine learning is increasingly being introduced to fight e-commerce fraudsters. There is currently access to lots of information about suspect fraudsters, including their purchase activities and profile, online browsing activities, social networks and fake identification they www.cyberstartupobservatory.com Cyber Startup Observatory Israel 58 that ML is powered by math, not magic.
Probably the toughest challenge to adopting ML is going to be availability and quality of the data. Typically we do not have all the information needed to feed the algorithms, for example enough attack data, with the right context.
Additionally, there is a steep learning curve and important limitations in the learning process.
With enough context data, the learning process shouldn’t start from zero, but again, having this contextual data and leveraging is not an easy task and requires a higly specialized team.
Once an ML solution is implemented, we need to make sure that we are detecting the right thing. Sometimes the algorithms do not learn the right thing but something else. On top of that, testing and debugging is not easy, as we need to deal with a lot of uncertainties. The accuracy and effectiveness of There are also important costs of the response to an attack could also be acquisition, operation and maintenance improved leveraging ML which is also quite generally related to the highly specialized, important considering that cybersecurity scarce and expensive expertise required, has quite low fault tolerance as it only as discussed before. takes one vulnerability to be exploited in order to have a data breach or in general a cybersecurity event. One final important barrier or challenge might be regulation. The impact of regulatory frameworks Challenges to adopt ML might be diverse, involving privacy, data protection and other regulations When adopting ML to implement impacting automated decision making. any of the functionalities discussed This is a particularly important issue in previously, it is very important to be the financial services industry which is realistic about the expectations. ML is strongly regulated. frequently oversold and we cannot forget www.cyberstartupobservatory.com Cyber Startup Observatory Israel 59 AI and ML used for evil analytics by attackers to accelerate and sharpen social engineering attacks- phishing, fraud, DDoS, ransomware, Let’s be clear on one thing: AI and ML spyware, and scams across more industry are tools and consequently they are not sectors than they can do today using inherently bad or evil. manual reconnaissance techniques.
Having said that, as there are quite For example, in the case of interesting applications, as previously ransomware, attackers might leverage discussed , to help the good guys, these advanced analytics and ML to switch to powerful tools might also be and are more profitable targets, including high currently being weaponized to wreak net-worth individuals, IoT or specific havoc. businesses. The bad guys will definitely seek to leverage machine learning too, to support As we discussed before, machine speed their attacks, learn from defensive in cybersecurity is critical and hackers responses and disrupt detection models will try their hardest to exploit newly and SOC teams. discovered vulnerabilities faster than defenders can patch them. We should expect more advancements in the use of machine learning and advanced
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 60 currently faces a talent shortage it is not clear whether automation would be as controversial as some people allege.
Additional ethical issues emerge when considering predictive cybersecurity used to anticipate cybercrime or cyberterrorism – wherein the accused are implicated in crimes that have yet to be committed. This approaches conflict directly within the existing legal framework.
Also, there are potential issues arising from the poor quality and/or inadequate quantity of data on which to base predictions, as well as the predictive capability of the algorithms used to infer probabilistic outcomes. Algorithmic transparency might be a serious issue in particular in regulated industries, especially when implicating people, and it is not easy to address this problem as just because someone has access to the ML code, it does not always equal being able to explain how the software works, mainly because there are ML algorithms that do not behave in a wholly predictable manner.
Another very important problem is that some of the information learned might be private or confidential. This might be particularly serious under new incoming regulations like GDPR.
If you need more information with regards to the possibilities of AI / ML in Ethics in ML cybersecurity please contact us on:
One of the first ethical questions to [email protected] arise around ML inevitably pertains to automation and the resulting loss of human jobs. As the cybersecurity industry www.cyberstartupobservatory.com Cyber Startup Observatory Israel 61 Featured companies:
Innovation
Categories:
• Detection & Prevention • Cloud Security
• Endpoint Security • Mobile Security
• Incident Response & Forensics • SOC
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 62 www.cyberstartupobservatory.com Cyber Startup Observatory Israel 63 01 Company Description
Cyberbit provides the first integrated IT/OT/IoT security portfolio that addresses the key risks of enterprises and financial service providers. Cyberbit’s products detect evasive, signature-less threats in IT, OT and IoT systems, and provide centralized visibility, incident response automation and orchestration, across the entire attack surface. In addition Cyberbit provides the leading Cyber Range simulation platform for training cybersecurity personnel. Cyberbit is a wholly owned subsidiary of Elbit Systems (NASDAQ and TASE: ESLT).
Company Info 02 Company name: Cyberbit Ltd. Headquarters: Israel Founded: 2015 Other offices: US, Singapore, Germany Employees: not disclosed Target Industries: financial, critical infrastructure, government, Web: https://www.cyberbit.com manufacturing, telecom, MSSPs and most large enterprises 03 04 The Product FS footprint
• Incident response automation and Years in Financial Services (FS): 2 Orchestration Priority Markets in FS: All • Endpoint Detection and Response Markets with Customers: • Cyber Range training and simulation financial, government, telecom, critical infrastructure, MSSP and • OT/IoT detection for critical infrastructures, more smart buildings and data centers Relevant Public Success Stories: Bank of Jerusalem, Leumi Bank, Discount Bank and other undisclosed organizations
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 64 05 Products and services in detail
5.1: Incident response automation and orchestration
• Product Categories: SOC • Product Stage: released • Product Names and Brief Description: • SOC 3D - SOC automation and orchestration.SOC 3D serves as a command and control center for the SOC (security operations center). The Platform scales up the efficiency of the security operation and reduces time-to-response, by enforcing standardized playbooks, automating incident response procedures, orchestrating multiple systems and processes, and providing big-data powered investigation tools. • Key Differentiators: dramatically accelerates time to response, reduces escalations to tier 2 and 3 analysts, real-time big-data based investigation and visibility, rich catalog of incident response playbooks, automation of manual tasks • Future Functionality: additional integration of detection, enrichment and response tools • Services Provided: deployment and technical support
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 65 05 Products and services in detail
5.2: Endpoint Detection and Response • Product Categories: Endpoint Security • Product Stage: released • Product Names and Brief Description: Cyberbit Endpoint Detection and Response: provides endpoint detection and response based on machine learning and behavioral analysis, detects evasive, signature-less threats and ransomware which bypasses AV and next-gen AV, and providing visibility, forensics and proactive hunting. • Key Differentiators: pure-behavioral detection that does not depend on IoCs signatures or external connectivity. Prevention of next generation ransomware such as WannaCry and NotPetya. Advanced investigation, visibility and forensics capabilities, integration with Cyberbit’s SOC orchestration and OT security for broad detection and response.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 66 05 Products and services in detail
5.3: Cyber Range training and simulation
• Product Categories: Training and Education • Product Stage: released • Product Names and Brief Description: • Cyberbit Range is a simulation platform for training and certifying cyber security experts, and for testing and validating systems and procedures. It delivers hyper-realistic training scenarios that dramatically improve information security team performance and accelerates incident response. • Key Differentiators: hyper-realistic simulation of real-life attacks to improve security team efficiency, fully customizable exercises, IT and OT security training • Future Functionality: continuously adding simulated scenarios of the most recent threats and ransomware. • Services Provided: technical support, instructor training and content updates
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 67 05 Products and services in detail
5.4: OT/IoT detection for critical infrastructures, smart buildings and data centers
• Product Categories: BMS/BAS – SCADA • Product Stage: released • Product Names and Brief Description: • SCADAShield: ICS/SCADA security for operations technology (OT) Networks, smart buildings and critical infrastructure. SCADAShield is the world leading OT security platform chosen by sensitive, critical infrastructure organizations to protect ICS/SCADA networks, electric grids, transportation networks, manufacturing lines, smart buildings and data centers. SCADAShield provides unprecedented OT asset discovery and visibility, detects known OT threats, unknown OT threats and anomalies, as well as deviations from operational restrictions, by using 7-layer deep packet inspection (DPI). • Services Provided: deployment and technical support
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 68 01 Company Description
Secdo is a next-generation endpoint security and automated incident response solution, automating the IR process and slashing incident response time to seconds. Gain unmatched historical thread-level endpoint visibility, automatically investigate any alert and visualize the forensic timeline and attack chain back to the root cause. Then, rapidly and surgically respond and remediate on any endpoint or server with- out impacting business productivity.
Company Info 02 Company Name: Secdo Headquarters: New York Founded: 09/2014 Other offices: Tel Aviv Employees: 60 Target Industries: All Web: www.Secdo.com 03 04 The Product FS footprint
Product Category: Primary: Incident Response Years in Financial Services & Forensics Secondary: Endpoint Detection & (FS): 3 Response Priority Markets in FS: U.S, UK, Product Stage: Released Israel Product Name and Brief Description: Secdo LoB: All converges automation, endpoint security and Markets with Customers: incident response to deliver the first end-to- North America, Japan, Europe, end platform for advanced threat management, Israel hunting, investigation, response, remediation, and defense—reducing operational costs and Relevant Public Success response times, while increasing productivity Stories: Valley National Bank, and scaling resources. Pioneer, IDT Corporation
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 69 05 Product in detail
Secdo offers the only endpoint security platform to automatically investigate and resolve to every security alert for you, cutting the time taken to detect and respond to seconds. Force multiplying productivity across the entire security team, Secdo’s unrivalled thread-level visibility can also be used to hunt for unseen internal and external threats, while in-built assisted learning creates a scalable proactive defense that learns and adapts as organizational risk evolves 06 How does it work? • Automated Investigation: simplify operations with automated investigation of every alert or eventReduce mean-time-to-detect by 97% and never miss an alert again • Scalable Response: replace open-source tools with an unlimited remote toolset for any responseReduce the mean-time-to-respond by 98%, contain and remediate without reimaging • Adaptive Defense: use assisted learning to protect against future attacks while continually optimizing operationsContinually reduce risk and never worry about the same attack twice • Limitless Hunting: quickly detect unknown external threats, malicious insiders and policy violationsFind unseen threats and identify security gaps across users, systems and controls
What makes it unique? • Maximize the number of alerts handled 07 • Increase ROI by improving the efficiency & effectiveness of existing tools, people and processes • Speed up time from alert to resolution • Reduce the attack surface by applying tailor-made business driven protection • Reduce business risk and avoid a breach becoming a data breach • Effectively improve security posture through continuous visibility arriving at a proactive defense • Eliminate Alert Fatigue and attrition by improving staff capability and morale www.cyberstartupobservatory.com Cyber Startup Observatory Israel 70 08 Awards
• Gartner Cool Vendor 2016 • Best Incident Response Platform, Cybersecurity Excellence Awards 2017 • #1 Voted Incident Response software, G2Crowd • Editors Choice Winner, Incident Response Solutions, 2017 Infosec Awards
Partners 09
• USA: ePlus (PLUS) • Japan: Marubeni Corporation • UK: TDI Security Links 10 • Secdo website: www.Secdo.com • Secdo explainer video: https://www.youtube.com/watch?v=b2kGYTTCH9k • Secdo Humoristic commercial: https://www.youtube.com/watch?v=2nEkUsV6ZzE
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 71 01 Company Description
Deep Instinct is the first company to apply deep learning to cybersecurity. Leveraging deep learning’s predictive capabilities, Deep Instinct’s on-device, proactive solution protects against zero-day threats and APT attacks with unmatched accuracy. Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices. Deep learning’s capabilities of identifying malware from any data source results in comprehensive protection on any device and operating system. Company Info 02 Company name: Deep Instinct Headquarters: Tel Aviv, New York, Founded: 2014 Other offices: Singapore, Tokyo, San Francisco, Menlo Park Employees:80-100 Target Industries: Finance, Healthcare Web: www.deepinstinct.com 03 04 The Product FS footprint
Product Category: P: Endpoint security Markets with Customers: US, Canada, Singapore, Thailand, Product Stage : Released Philippines Key Differentiators: first to apply Deep learning to cybersecurity, The only cybersecurity company to offer EPP & MTD cross-OS over one unified platform, Highest prediction of zero-day threats >99% Lowest false positive rates in the industry <0.01% Services Provided: Endpoint protection focused on detection and prevention
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 72 01 Company Description
enSilo delivers the first unified endpoint security product, built from the ground up, that provides real-time pre and post infection protection, protecting against infiltrations and the data consequences outcome, out of the box. enSilo strives to make endpoint self defending.
Company Info 02 Company name: enSilo Headquarters: SF, CA Founded: 08/2014 Other offices: NYC, Singapore, Israel Employees: 80 Target Industries: Finance, manufacturing, healthcase, Hospitality, legal, commerce Web: www.ensilo.com 03 04 The Product FS footprint
Product Category: Endpoint protection Years in Financial Services (FS): 2 Product Stage (development, released): Priority Markets in FS: Banking, Payment, GA insurance, investments Product Names and Brief Description: Markets with Customers: manufacturing, healthcase, Hospitality, legal, commerce enSilo protection platform Relevant Public Success Stories: Key Differentiators: Post breach real- https://www.youtube.com/watch?v=1G- time data protection B8Q-5aTyk&feature=youtu.be Future Functionality: Orchestration https://www.youtube.com/watch?v=Gh- Qcn1XqWUA&feature=youtu.be https://www.ensilo.com/resources/
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 73 01 Company Description
Javelin Networks was founded by Red Team post-infiltration experts with a mission to stop persistent Domain compromise in all organizations around the world. Javelin ADProtect turns Active Directory into an Intrusion Detection and Containment system. Using advanced Domain forensic methodology, ADProtect controls the attacker’s perception and uses it against them for near real-time identification of missed threats. This counterintelligence methodology disrupts reconnaissance processes, allowing the defender to get in the middle of the kill chain in a Microsoft Active Directory Domain.
Company Info 02 Company name: Javelin Networks Headquarters: Austin, TX Founded: 05/14 Other offices: Palo Alto, Tel Aviv Employees: 20 Target Industries: Computer & Network Security Web: www.javelin-networks.com 03 04 The Product FS footprint
Product Category: Detection & Years in Financial Services (FS): 3 Prevention (Endpoint Security) Priority Markets in FS: Insurance Product Stage: Released Relevant Public Success Stories: U.S. Product Names and Brief Description: Government is a paying customer AD|Protect - All Domain Intrusion Detection, Investigation, and Containment System AD|Assess - All Domain and Active Directory Attack Simulation
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 74 01 Company Description
Minerva Labs is an innovative endpoint security solution provider that protects enterprises from today’s stealthiest attacks without the need to detect threats first, all before any damage has been done. Its Anti-Evasion Platform blocks threats which bypass antivirus and other baseline protection solutions by deceiving the malware and controlling how it perceives its environment. Without relying on signatures, models or behavioral patterns, Minerva’s solution deceives the malware and causes it to disarm itself, thwarting it before the need to engage costly security resources. Minerva Labs boosts customers’ existing defenses without the need to embark upon a costly and risky overhaul of their entire endpoint security architecture. To learn more, visit www.minerva-labs.com Company Info 02 Company Name: Minerva Labs Headquarters: Israel Founded: 06/2014 Other offices: US Employees: 23 Target Industries: Financial services, Insurance, Consumer Services, Energy/ Web: www.minerva-labs.com Utilities, Government/Public sector, Healthcare, Telecommunication, Transportation 03 04 The Product Key Differentiators
Product Category: Endpoint Security Minerva’s approach is radically different to existing endpoint security approaches. By Product Stage (development, released): deceiving malware regarding its environment Released when it attempts to evade security tools, Minerva blocks the malware before it gets a foothold on Product Names and Brief Description: the endpoint. Minerva Anti-Evasion Platform: No overlap with existing security tools. Where Minerva Anti-Evasion Platform automatically existing tools fail to recognize the threat, Minerva prevents infections that otherwise blocks attacks that are designed to evade your would have caused damage or demanded costly existing security defenses. Instead of attempting post-incident activities. to seek and identify malware, Minerva creates a virtual reality on the endpoint that causes With an extremely lightweight agent that doesn’t malware to disarm itself. This unique approach scan or involve active process tracking, end user allows enterprises to stop unknown, advanced performance and maintenance is significantly malware prior to engaging costly investigative improved. Deployment doesn’t require prerequisites or reboots and It is compatible and recovery resources. with old and new operating systems. www.cyberstartupobservatory.com Cyber Startup Observatory Israel 75 01 Company Description
Intezer is replicating the concepts of the biological immune system into cyber security, offering enterprises unparalleled threat detection and accelerates incident response. Intezer provides a fast, in-depth understanding of any file by mapping its code DNA at the ‘gene’ level -- offering the most advanced level of malware detection and analysis.
Company Info 02 Company Name: Intezer Headquarters: Israel Founded: 2015 Other offices: US Employees: 15 Target Industries: Financial services, Insurance, Consumer Services, Energy/Utilities, Web: www.intezer.com Government/Public sector, Healthcare, Telecommunication, Transportation 03 04 The Product Why is it unique? By identifying the origins of every piece of Product Category: Detection & code, Intezer is able to detect code reuse Prevention- Incident Response & from known malware, as well as code that Forensics- SOC was seen in trusted applications. This allows Intezer to uncover the true nature of any Product Stage: released unknown file to detect the most sophisticated threats and significantly accelerate incident Product Names and Brief Description: response. Intezer Analyze™: Intezer provides a Key Differentiators: Security teams today fast, in-depth understanding of any file are dealing with hundreds of unknown by mapping its code DNA at the ‘gene’ files, including many false-positives, and level -- offering the most advanced level are struggling to remain protected against of malware detection and analysis that targeted attacks. Intezer enables them to detect, prioritize and analyze their other solutions simply cannot match. biggest security challenges using the most comprehensive level of detail available.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 76 01 Company Description
In the age of digital transformation businesses are opening themselves up to far greater risks and greater threats in their environment. CIOs and CISOs are therefore beginning to look at their security environment through a digital lens. CyberInt has been recognized by both Gartner and Forrester as an innovator in securing digital businesses.CyberInt’s Managed Detection and Response services span globally and include some of the top fi- nance, retail and telecommunication organizations. MDR services allow our customers to combat and respond to advanced cyber threats that would normally go unnoticed by standard security controls, while protecting their brand, digital assets and customers. Company Info 02 Company Name: CyberInt Headquarters: Petah Tikva, Israel Founded: 2010 Other offices: NY, London, Singapore Employees: 90 Target Industries: Retail, Finance, Gaming, Telco Web: www.cyberint.com 03 04 The Product FS footprint Years in Financial Services (FS): 8 Product Category: Detection & Prevention, Cyber Intelligence, SoC, Consulting Priority Markets in FS: US, UK, APAC Product Stage: Mature LoB (Retail, Commercial, Investment Product Names and Brief Description: Banking, Payments, Insurance, All) - All Argos Platform: TI module, OLP module, Markets with Customers: UK, US, CyberScore module. South East Asia Key Differentiators: A fine mixture between Relevant Public Success Stories: technology and services that help digital business fend off digital threats. • CyberInt saves BPI Services Provided: Penetration testing, risk/ https://blog.cyberint.com/cybersecurity- gap analysis, red teaming, table top exercises, operation-center-saves-philippine-banks- incident response, phishing simulations, take in-the-courtroom down services.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 77 01 Company Description
ODI develops and markets advanced anti-malware tools based on Content Disarm and Reconstruct (CDR) technology for preventative cybersecurity in enterprises of all sizes. ODI’s technology prevents the malware infiltration to organizational networks by removing all malicious code from a wide range of file types. Unlike legacy anti-malware technologies, ODI’s solutions are effective against both known and unknown malware. Company Info 02 ODI ltd. Headquarters: Israel Founded 2012 Other offices: Luxemburg, Atlanta GA USA Employees: 25 Target Industries: Financial institues, Web: https://odi-x.com Healthcare, Energy and Critical Infrastructure 03 04 The Product FS footprint
Product Category: Detection & Prevention Years in Financial Services (FS): 4 Product Stage: Released & Deployed Priority Markets in FS: Banks, insurance Product Names and Brief Description: LoB (Retail, Commercial, The ODIX Kiosk - Files Sanitizing Station: Investment Banking, Payments, Eliminating the Threat of Malware from Insurance, All) - All Removable Media Markets with Customers: Israel, ODIX CDR Engine – anti-malware network Luxemburg, Switzerland application. Relevant Public Success Stories: Key Differentiators: TOTAL malware Harel Insurance, EIB Bank, Analyst prevention – Known & Unknown threats Investment House
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 78 01 Company Description
Wandera offers organizations a solution for managing their mobile data, using a unique gateway architecture to help analyze and control data usage. It works with more than 500 global enterprises, including Deloitte, KPMG, Bloomberg and Santander, and has been recognized by Gartner for its leading Mobile Threat Defense capabilities. Company Info 02 Comany name: Wandera Headquarters: London, England & San Francisco, California Founded: 03/12 Other offices: Brno, Czech Republic Employees: 150 Web: wandera.com 03 04 The Product FS footprint
Product Category: Mobile Security, SaaS Years in Financial Services (FS):5 years Product Stage (development, released): Released Priority Markets in FS: All Product Names and Brief Description: LoB (Retail, Commercial, Investment Banking, Payments, Wandera: Offers organizations a solution Insurance, All): All for Enterprise Mobile Security and Data Management, using a unique gateway Markets with Customers: EMEA, architecture to protect and enable APAC, Americas corporate mobility. Relevant Public Success Stories: Key Differentiators: Pioneering web Banking on Mobile Security: gateway enables complete visibility and http://go.wandera.com/ overarching protection for the mobile SecurityBankingCaseStudy.html fleet.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 79 01 Company Description
Illusive Networks offers an agentless, automated deception technology that enables security teams take rapid action against targeted cyberattacks by detecting and disrupting the attacker’s lateral movement toward critical business assets, providing forensics for incident resolution, and proactively tightening APT defenses.
Company Info 02 Company Name: Illusive Networks Headquarters: Tel Aviv, IL, and New York, USA Founded (MM/YY): 2014 Other offices: none Employees: 70 Target Industries: Financial Services, Web: www.illusivenetworks.com Healthcare, Life Sciences, Retail, Legal Services, Energy, Manufacturing 03 04 The Product FS footprint
Product Category: Deception (Incident Years in Financial Services (FS): 3 Response & Forensics) Priority Markets in FS: Banking, Product Stage (development, released) Securities, Insurance Product Names and Brief Description: LoB: All Illusive Core Solution deception platform Relevant Public Success Stories: Enhancements for SWIFT, mainframes • Global Top 10 financial services Customer Key Differentiators: Agentless technology that automates scalable, • Multiple regional US and Israeli tailored deceptions Banks Future Functionality: • Multiple multinational Banks Services Provided: deployment and IR • Major Japanese insurance support company
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 80 01 Company Description
Coronet SecureCloud is the only platform that secures the entire SaaS chain. From the user, through the device used, through the network, all the way to the SaaS/ Cloud services themselves. There is no need to buy, integrate and manage multiple platforms, dramatically reducing TCO - It is already fully integrated with all popular cloud-based services and can be quickly set up with any new platform. Company Info 02 Company Name: Coronet Headquarters: Tel Aviv Founded: Sep.2014 Other offices: NY, NC Berlin Employees:35 Target Industries: All Web: www.coro.net 03 04 The Product FS footprint
Product Category: Cloud Security Years in Financial Services (FS): 3 Product Names and Brief Description: Priority Markets in FS: all SecureCloud LoB (Retail, Commercial, Investment Banking, Payments, Key Differentiators: Insurance, All): all • The only system that protects all parts Markets with Customers: USA of the cloud security chain • It does it completely autonomously Future Functionality: Cloud security and Access control Services Provided: Cloud Security
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 81 01 Company Description
Safe-T®’s Software-Defined Access allows visibility and availability of applications, services and networks only after assessing trust, based on policies for authorized user, device, location & application. Safe-T reduces cyberattacks by concealing mission-critical data at the perimeter, making it accessible only to authorized and intended entities, on premise or in the hybrid cloud. Company Info 02 Company name: Safe-T Headquarters: Herzliya, Israel Founded: 02/2013 Other offices: U.S., APAC, Europe & Africa Employees: 45 Target Industries: Financial Services, Healthcare, Government, Retail, Web: http://safe-t.com Insurance, Defense/Law Enforcement
The Product 03 Software Defined Access
SDA is a new generation, patented multi-layered solution that advances the new Software De- fined Perimeter. It does the following: • Unifies and streamlines all of your systems and modernizes your security environment on-premise and in the cloud. • Consolidates data exchange and connectivity, simplifying workflows and related enter- prise systems. • Only if authorized, access is granted transparently to the intended user • Controls data usage, preventing data exfiltration, leakage, malware, ransomware and fraud • Hides applications and services from external or internal unauthorized entities • Unifies control and management of your data while maintaining business continuity • Transparent and clientless user experience • Delivers ROI, reducing both operational and capital expenditures • Ensures compliance with ever-changing laws and regulations www.cyberstartupobservatory.com Cyber Startup Observatory Israel 82 01 Company Description
Siemplify provides a holistic Security Operations Platform that empowers security analysts to work smarter and respond faster. Siemplify uniquely combines security orchestration and automation with patented contextual investigation and case management to deliver intuitive, consistent and measurable security operations processes. Leading enterprises and MSSPs leverage Siemplify as their SOC Workbench, tripling analyst productivity by automating repetitive tasks and bringing together disparate security technologies. Company Info 02 Company Name: Siemplify Headquarters: NYC Founded: 01/2015 Other offices: Tel-Aviv Employees: 50 Target Industries: Financial Services, MSSP, Healthcare, Retail, Tech, Energy, Web: www.Siemplify.co Pharma. 03 04 The Product FS footprint
Product Category: SOC Years in Financial Services (FS): 3 Product Stage: Released Priority Markets in FS: Banking, Insurance Product Names and Brief Description: LoB (Retail, Commercial, Siemplify Orchestration Platform Investment Banking, Payments, Insurance, All) - All Markets with Customers: Americas, EMEA Relevant Public Success Stories: No public case studies in Finance (As is almost always the case in Security)
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 83 Developing cyber crisis response capabilities
Characteristics of a cyber potentially to the data subject or affected individuals might take place in a short crisis period of time.
We should start by defining what a A strong communication plan will not cybersecurity crisis is. Typically, it might be only help protect customers, but also help confused with an incident response plan your company mitigate any brand image and although they are definitely different, damage and loss of revenue. the way we manage incident response might end up in a crisis.
An incident response plan refers to a methodology to cope with day-to-day security problems, like virus infections, malwares, APTs, DDoS attacks etc…
Insight In the case of a crisis, we are facing a situation that might seriously impact the organization, its reputation, financial stability and even its viability as a business.
What is at stake, the potential reputation and business impact
During the crisis, the executive management team and particularly the CEO are going to be put in the spotlight in a process that in some cases might be very quick and quite difficult to manage without the right preparation and experience.
A sequence of discussions within the company among the different teams involved, as well as interactions with regulators, the media, supervisory authorities , law enforcement and
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 84 Key elements of a crisis • Statements for customers, business partners, media and external management plan agencies.
The key elements of a crisis • Pre-crafted communication management plan are: templates for breach notifications as required by applicable privacy • Identification of the key laws. executive stakeholders including representation from legal, privacy, • Arrangements to immediately compliance, IT and corporate provide identity and credit communications. protection services to affected individuals. • Clear definition of roles and responsibilities of each stakeholder. • Identification of forensics experts that might help in investigating or • Explore “What if” scenarios mitigating data breaches. evaluating the potential impact, planned response activities and • Identification of potential resulting recovery processes. This negotiation experts. analysis will enable the organization to define severity levels and the definition of specific response protocols.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 85 The cybersecurity crisis management process
Every crisis is different. Nevertheless, we can approach them following this structured process with important activities before, during and after the crisis hits.
We divide the process in four different phases as highlighted by the US National Institute of Standards and Technology (NIST) and also in the Government of Canada Cyber Security Event Management Plan:
• Preparation: involving general readiness to a broad range of cybersecurity events. During this phase, roles and responsibilities are defined, procedures defined and tested and teams trained.
• Detection and Assessment: involves monitoring of diverse information sources, discovery of cyber events, reporting from affected departments and an initial assessment of the impact level.
• Containment, eradication and recovery: includes all response actions required to mitigate impact, containment and eradication and root cause analysis and investigation.
• Post-event analysis: covering lessons learned analysis, review of processes and procedures recommending changes to continuously improve the crisis management capability.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 86 Figure 1: crisis management process
Practice makes perfect: severe fines on data breaches, being GDPR a great example, it seems there is crisis simulation and war unanimity that being cybersecurity fit is gaming of the utmost importance, in particular for financial institutions. There is general consensus that the key question is not “if” but “when” your organization is going to be hit by a cybersecurity event. As a consequence it is absolutely crucial to prepare in advance and to be ready in order to respond in a way that minimizes that impact for the organization’s reputation, its customers and all key stakeholders.
This preparation should be articulated through a formal cybersecurity crisis management plan which needs to be tested regularly.
Cyber ranges
As the cyber threats landscape continues to evolve and the regulatory framework is moving towards imposing
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 87 following the path of either implementing cyber ranges or gaining access to those infrastructures from some of the leading consulting firms in the Industry.
A cyber range is basically a virtual environment where you can simulate or replicate your information systems, networks, tools and applications and test your preparedness in a safe manner. The system generates an enterprise class network which acts as the target or victim network. The network simulates traffic and replicates network services that you might typically find in a Bank or any other kind of financial institution.
A cyber range represents a perfect and legal environment to gain hands-on cyber skills and a secure environment for product development and security posture testing and optimization.
The goal is to enable different teams within the financial institution to react properly and efficiently in the case a cyber event happening.
New terms like cyber simulation Despite such unanimity on the need are becoming more common and the for cybersecurity fitness, the strategy industry as a whole is moving towards the and tactics followed or implemented and creation of shared cyber ranges as the solutions deployed to achieve that goal are costs of implementing and maintaining diverse, some definitely more successful such complex infrastructures are high, and effective than others, and are even prohibitive, for tier-2 or tier-3 seriously influenced by the organization’s financial institutions. culture, their cybersecurity maturity, previous experiences with cyber events, market and regulatory regime as well as the financial resources available.
Some of the leading financial institutions around the planet are www.cyberstartupobservatory.com Cyber Startup Observatory Israel 88 The Financial Sector Information If you need more information with Sharing and Analysis Council, or FS-ISAC, regards to your cyber crisis response the industry’s cyber threat information- posture, or cyber ranges infrastructure sharing hub, has already built out a cyber and the ecosystem of providers please range. contact us on:
Other interesting examples of the [email protected] use of cyber ranges, might be Wells Fargo using this concept to train its cybersecurity teams or diverse IT integrators, and consulting companies building cyber ranges to offer them to financial institutions.
There is also a wide offer from cybersecurity companies providing cloud sandboxing, out of the box cyber ranges and other specialized products to help banks to build cyber ranges in a cost effective way.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 89 Featured companies:
Innovation Categories:
• Training and Education
• Detection and Prevention (Phishing Prevention)
• Application Security
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 90 01 Company Description
One anti-phishing platform that solves each of the major phishing problems by combining human and machine intelligence to automatically analyze, detect and remove malicious emails before and after they land in the inbox, starting at the mailbox-level looking for anomalies in communication habits.
Company Info 02 Company Name: IRONSCALES Headquarters: Tel Aviv Founded: 11/2014 Other offices: Boston, UK Employees: 30 Target Industries: Finance, GOV, Healthcare, Utilities, Retail and more Web:ironscales.com 03 04 The Product FS footprint
Product Category: Email Security / Anti- Years in Financial Services (2): phishing Priority Markets in FS: Banks Product Stage (released) LoB (Retail, Commercial, Product Names and Brief Description: Investment Banking, Payments, Insurance, All) IronSchool, IronSights, IronTraps & Federation Markets with Customers: ALL https://ironscales.com/products/ Relevant Public Success Key Differentiators: Mailbox-level, Machine Stories: learning & Automation https://ironscales.com/ Future Functionality: Cloud based / Pluginless resources/case-study/ Services Provided: Phishing awareness, http://go.ironscales.com/use- phishing prevention, detection and response case-federation/ironscales- (malware, ransomware and BEC) federation-report
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 91 05
Product in detail
IRONSCALES enables organizations to mitigate the risk associated with the technological, operational and human challenges inherent to phishing attacks. Its multi-layered and automated approach to prevent, detect and respond to phishing emails combines micro-learning phishing simulation and awareness training (IronSchool), with mailbox-level anomaly detection (IronSights), automated incident response (IronTraps) and real-time automated actionable intelligence sharing (Federation) technologies. By providing protection at every stage of an email phishing attack, IRONSCALES’ customers reduce false positives and the time from email phishing attack discovery to enterprise-wide remediation from days, weeks or months to just seconds, with little to no security team involvement.
Additional information
https://ironscales.com/security-awareness-training-ironschool/ https://ironscales.com/social-engineering-prevention-ironsights/ https://ironscales.com/spear-phishing-prevention-irontraps/ https://ironscales.com/actionable-intelligence-federation/
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 92 06
How does it work?
6
3 2 1 3A 5
4
A malicious Email is passing secure email gateway before landing to 1 organization’s email server
2 Emal is scanned by IRONSIGHT’s machine learning algorithms and detects suspicious behaviors
3 Email that is found suspicious by IronSights would go through complete forensics check (3rd party solutions)
3A Email that hasn’t been recognized as malicious by IronSights can be reported by an employee
4 Emails that are being reported as malicious by employees would go through complete forensics scan
5 Emails that are found malicious would trigger an automated response
6 Malicious emails wil be quarantined from all affected mailboxes in the organization
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 93 07 What makes it unique?
One anti-phishing platform that solves each of the major phishing problems by com- bining human and machine intelligence to automatically analyze, detect and remove malicious emails before and after they land in the inbox, starting at the mailbox-lev- el looking for anomalies in communication habits. Leveraging:
• Mailbox-Level Anomaly Detection • Human & Machine Collaboration • Automated Forensics + Response • Native API Support • Virtually Grouping Security Analysts
Awards 08
• Cyber Defense Magazine - Best Messaging Security Solution 2017 • SC Magazine 2017 - 5 Star Review for IronTraps • CRN - Annual 2017 Emerging Vendor list • SC Awards – 2017/18 Finalist • CRN - Annual 2017 Emerging Vendor list • Siinet 2017 – Finalists • Tech Tribalizers 2017 - Finalists
Partners 09 • CheckPoint • Opswat
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 94 01 Company Description
Checkmarx is a provider of application security testing platforms which empower organizations to develop more secure software applications. Our SAST platform enables companies to scan software applications (with any amount of lines of code), locate security vulnerabilities and fix them. We also offer other solutions like DAST, IAST, and OSA (open source security analysis). Recently we integrated Codebashing, a security development traing platform into our SAST platform. Our platforms are known for their ease of use, accuracy, and its wide coverage of coding languages (25 languages). We have customers in over 70 countries from the FS and from other verticals. Company Info 02 Company name: Checkmarx Ltd. Other offices: UK, India, Singapore, Portugal. Founded: 2006 Employees: 370 Target Industries: financial services, software, telecommunications, Web: www.checkmarx.com e-commerce, gaming, critical Headquarters: ISRAEL, USA infrastructure, government and military 03 04 The Product FS footprint
Product Category: Application Security Years in Financial Services (FS): 12 years Product Stage - Released Priority Markets in FS: World Wide Product : LoB –IT Departments (software and -CXSAST- Static Application Security Testing application development) -CXOSA- Open Source Analysis Markets with Customers: 70 Markets -CXDAST- Dynamic Application Security Testing Relevant Public Success Stories: Retail -CXIAST- Interactive Application Security Testing banks in USA, UK, Germany, Italy, China, India and more. And companies like: -Codebashing- Security Training for Developers Microsoft, SAP, Salesforce. -Services Provided: Checkmarx Accelerator
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 95 05 Product in detail
Checkmarx’s CxSAST is a unique source code analysis solution that provides tools for identifying, tracking, and repairing technical and logical flaws in the source code, such as security vulnerabilities, compliance issues, and business logic problems. 06 How does it work?
Without needing to build or compile a software project’s source code, CxSAST builds a logical graph of the code’s elements and flows. CxSAST then queries this internal code graph. CxSAST comes with an extensive list of hundreds of preconfigured queries for known security vulnerabilities for each programming language. Using the CxSAST Auditor tool, you can configure your own additional queries for security, QA, and business logic purposes. CxSAST provides scan results either as static reports, or in an interactive interface that enables tracking runtime behavior per vulnerability through the code, and provides tools and guidelines for remediation. Results can be customized to eliminate false positives, and various types of workflow metadata can be added to each result instance. These metadata are maintained through subsequent scans, as long as the instance continues to be found. The input to CxSAST’s scanning and analysis is the source code, not binaries, so no building or compiling is required, and no libraries need to be available. The code doesn’t even need to be able to compile and link properly. Consequently, CxSAST can run scans and generate security reports at any given point in a software project’s development life cycle.
What makes it unique? 07
• Fluent in All Major Languages • Provable Results • Comprehensive Vulnerability Coverage • Flexible Rules = High Accuracy • Save Precious Remediation Time • Automatically Enforce Your Security Policy • Effortless Scan = Ease of Use • No Developer Downtime • Fast Feedback Loop • Open Source Analysis www.cyberstartupobservatory.com Cyber Startup Observatory Israel 96 08 Certifications
CxSAST is fully capable of identifying vulnerabilities and loopholes that are officially documented or enforced by OWASP Top-10, SANS 25, PCI DSS, HIPAA, MISRA, Mitre CWE, FISMA and BSIMM. With the help of our unique open query language, you can easily create your own security policy consisting of the vulnerabilities most important to your organization.
Awards 09 • Israel’s Fastest Growing Cybersecurity Company at the Israel Technology Fast 50 2016 By Deloitte • Leader in Forrester the 2014 AST Wave
• Winners of Red Herring Top 100 Europe, 2014
Partners 10
Checkmarx has over 160 business and technology partners from all around the world. We maintain a strategic partner program enabling businesses worldwide to benefit from our comprehensive application security platforms, and which helps us increase our overall capabilities with additional support for our customers. By leveraging partnerships with a range of security services, Checkmarx customers receive strategic consulting throughout implementation. We see our partners as an extension of the Checkmarx team, and partners play an integral role in helping organizations around the globe stay proactive about security.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 97 01 Company Description
Cybint is an international cyber education company, providing training, certifications and learning solutions across the cyber security spectrum. At Cybint we believe that protecting our assets, companies and national security, starts with cyber education. That’s why we are dedicated to building the most knowledgeable cyber teams for governments, educating the best cyber experts at universities and colleges, and training employees around the world to be aware of cyber threats. Company Info 02 Company Name: Cybint Other offices: Tel Aviv, London, Rome, Kansas City, Miami, etc. Employees: 50 Target Industries:- Legal sector and Web: https://www.cybintsolutions.com financial institutions- Higher education Headquarters: NYC institutions- Government agencies 03 04 The Product FS footprint
Product Category: Cyber Security Years in Financial Services (FS): 3 Training Priority Markets in FS: Banking Product Stage: released LoB (Retail, Commercial, Product Names and Brief Investment Banking, Payments, Description:Cyber “Hands-On” Training Insurance): All Lab for training cyber security professional Markets with Customers: workforce.Cyber Security and Cyber Government, insurance, banking, Intelligence E-Learning Programs for non-technological personnel. Relevant Public Success Stories:Cybint has been providing Key Differentiators: Hands-on, cyber security training solutions combination of military, academic and to several major Banks, insurance industry experience companies and government Services Provided: customized training agencies in the US and abroad. solutions
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 98 IoT, an explosion of connected possibilities
During the last few years the growth to offer more personalized services, thus rate of IoT devices including sensors, driving a better customer experience. IoT actuators, vehicles, security cameras, devices working together with big data and home appliances, wearable technology and advanced analytics might be instrumental network devices has been unparalleled. for banks in order to differentiate their In 2012 some relevant industry players already commoditized offers, allowing speculated about the possibility of having them to understand how, where and why over 1 trillion such devices in 2017. We their customers spend money, and their are still far away from that prediction habits. although the growth has been simply incredible. At the end of 2017 the number This valuable insight will enable banks of connected things has outnumbered to present valuable and relevant real-time the world’s population and depending information to the customer, for example, on the definition of connected device location-based personalized offers. the current count would be somewhere between 8 billion (which doesn’t include Furthermore, it will be possible to
Insight smartphones, tablets, and computers), and asses the customer experience within 17 billion (with all such devices included). the branches, the waiting time or to more easily identify a customer, making Based on these trends, soon every his experience more seamless, or a staff device we own and nearly every object member, reducing the risk of insider fraud. we can imagine will be connected to the Internet. We are going to reach a point Or when a consumer enters the car where we will be asking ourselves why dealership, it may be possible for banks to things are not connected to the Internet alert the customer to how much financing rather than why they are connected. they have been approved for or deliver customized loan proposals in a timely and With regards to the referred IoT convenient manner driving an outstanding momentum, some experts allege that we experience. have not even scratched the surface, that we are at the beginning of the beginning.
IoT applications in financial services
Sensors and connected devices can be very helpful for financial institutions to know more about their customers and
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 99 On the commercial banking side IoT • IoT fast growth, prioritizing speed devices could be used to track assets, and fast deployment over security. for example in trade finance where Non-secure protocols are usually banks could track raw materials and used, and non-encrypted data is finished goods and use sensors and GPS common. to determine when payments should be issued and received. • Devices are frequently misplaced or misconfigured. If we ask a Insurance is probably the most CISO how many IoT devices you mature financial service to implement have in your organization, most IoT. Data streams from home appliances of them would probably struggle and automotive sensors, wearables, to guess a number. While CISOs healthcare specific devices, security have tremendous experience and cameras, industrial control systems, expertise in dealing with IT security geographic information systems (GIS) and employing the sophisticated providing climatological and hydrological tools to secure the perimeters of data and multiple other sources can the enterprise, the nature of IoT help grow new business, improve risk devices and their scale present a assessment and proactively engage multitude of unique threats. policyholders in loss prevention.
Major security challenges
As we have seen there IoT is bringing tremendous opportunities to financial services enabling innovative business models by leveraging new data streams.
Nevertheless, these opportunities do not come without risks.
Sensors and connected devices are being deployed faster than they can be adequately tested.
Security standards cannot keep pace with technology and typically if a new connected thing is cheaper, faster and better, it is on the market regardless of security or privacy issues.
There are several challenges impeding effective IoT security: www.cyberstartupobservatory.com Cyber Startup Observatory Israel 100 We need to make sure that these tiny things are designed with security in mind as a top priority. What we have learned from the latest DDoS attacks is that we need to find a way to prevent those devices from being a problem to the rest of us when they go rogue.
Recent attacks on financial institutions leveraging IoT
During the recent, an increasing number of financial institutions and companies across all industries have been extorted by criminals and hackers. They either pay or their websites get crushed through violent DDoS attacks. The reason why hackers, gangs and criminal organizations target financial institutions is because they are quite profitable, and the thefts are greater with less effort. The impact for online banking of a DDoS attack may be quite important and can count on millions per hour.
There are reports that show that • We have accepted to trade security over fifty percent of financial institutions for usability and convenience: we are have been victims of a DDoS attack. Just living in a plug-and-play generation. imagine the damage and disruption on the organizations and their clients when the • We need to manage device updates, online banking services of a major bank detect and manage vulnerabilities. are attacked for hours on a payday.
• The threats landscape is evolving To achieve their goals, the hackers quickly. Recent DDoS attacks have frequently use botnets, a network of been caused, in part, by IoT devices, private computers, devices or things, highlighting the need for vigilance infected with malicious software and with IoT security from devices controlled as a group without the owners’ through to IoT platforms. The attacks knowledge. These botnets are controlled underline the importance of being using a command and control (C&C) able to view, manage and update IoT software and may include different types devices and firmware after the point of devices like CCTV cameras, DVDs, of manufacture. home routers... www.cyberstartupobservatory.com Cyber Startup Observatory Israel 101 Targeting IoT devices makes sense • Support for secure boot and device considering that a botnet army of IoT tamper detection as well as secure devices could grow to massive proportions firmware updates. given the ubiquity of those devices, their quite limited security and the fact that • Data security features, many people never bother to change their authentication, encryption and default usernames and passwords. secure communications.
Some of the most recent DDoS attacks • Protection against cyber-attacks, or financial institutions using IoT devices intrusion detection and security are: monitoring.
• Sberbank and Alfa Bank in 2016 • Embedded security management leveraging an IoT botnet like Mirai and integration with security to perpetrate the attacks management systems.
• HSBC UK DDoS attack in IoT devices need to be secure before January 2016. The attack came the first heart beat of these tiny things at an awkward time for banking online. customers on two fronts: first, it was a payday and secondly, it was For further information with regards just two days before the annual to your IoT strategy, IoT visibility and Jan. 31 tax payment deadline in the management, please contact us: United Kingdom. [email protected] • Bank of America and Chase in January 2014
• Lloyds Banking Group, Halifax and Bank of Scotland, January 2017. It seems that the Mirai botnet was used in these attacks.
Potential solutions to address this increasingly concerning problem
Overall, it is important to build protection into the device itself considering security early in the design. In particular the following features should be taken into consideration: www.cyberstartupobservatory.com Cyber Startup Observatory Israel 102 Featured companies:
Innovation
Categories:
• IoT
• BMS / BAS
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 103 01 Company Description
For organizations that see opportunity in today’s always-on and always- connected reality, Axonius is the consolidated device management platform that lets IT and Security teams see devices for what they are in order to manage and secure all.
Company Info 02 Company Name: Axonius Headquarters: New York, NY Founded 06/17 Other offices: Tel Aviv Israel Employees: 15 Target Industries: Many, including financial services Web: axonius.com 03 04 The Product FS footprint
Product Category: Consolidated device Years in Financial Services (FS): management Less than 1 Product Stage: Beta deployment Priority Markets in FS: N/A Product Names and Brief Description: LoB (Retail, Commercial, Investment Banking, Payments, Axonius Device Management Platform Insurance, All): All Key Differentiators: Visibility into all Markets with Customers: N/A devices and what software is running on them. Relevant Public Success Stories: Future Functionality: Customized logic to Not yet. Soon. move from visibility to security
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 104 01 Company Description
Loom Systems is an AI log analysis solution that enables IT Operation teams to become more proactive by alerting when there might be a problem in a digital system. Loom also offers a recommended resolution so DevOps/SREs and IT Operation teams can focus on solving issues faster before their clients even notice something is wrong.
Company Info 02 Loom Systems Inc. Headquarters: San-Francisco, USA Founded 04/15 Other offices: Tel-Aviv, Israel Employees: 31 Target Industries: Finance, Telecommunications, Manufacturing, Web: www.loomsystems.com E-commerce 03 04 The Product FS footprint
Product Category: IoT Years in Financial Services (FS): 3 Product Stage: Released Priority Markets in FS: USA, West Europe, Japan Product Names and Brief Description: LoB (Retail, Commercial, Loom Systems Investment Banking, Payments, Key Differentiators: Scalable analysis Insurance, All): All and anomaly detection of big data raw Markets with Customers: Japan, logs USA Future Functionality: Multi-tenancy, Relevant Public Success Stories: integration with ticketing systems Softbank Services Provided: AI work methodologies implementation workbook
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 105 01 Company Description
FirstPoint’s solutions reduce cyber risk for any cellular device - mobile phones & security sensitive IoT. Seamless user experience. Agnostic to any device. Comprehensive protection for security-sensitive organizations and cellular IoT, against the full array of targeted and random cyber attacks including Man-in-the-Middle, IMSI catchers and SS7 loopholes and Malware. FirstPoint harnesses the power of cellular networks, by partnering with carriers to protect cellular devices with zero impact on user experience. Company Info 02 Company: FirstPoint Mobile Guard Headquarters: Netanya, Israel Founded: March 2016 Target Industries: Telecom, Finance, Law, Accounting, Aerospace & defense, Employees: 6 Government, Business travellers Web: www.firstpoint-mg.com 03 04 The Product FS footprint
Product Category: Mobile Security and IoT Years in Financial Services (FS): 1 Product Stage : development Priority Markets in FS: Banks, Investments Product Names and Brief Description: LoB: All Bauta Mobile Guard – IMSI Catcher & Man-in- the-Middle protection for Mobile phones Markets with Customers: Israel Full Mobile Guard – comprehensive protection Relevant Public Success Stories: Law firm for mobile phones against all cyber attacks in Israel Key Differentiators: no device installations, full protection against cyber attacks including Man- in-the-Middle, IMSI catchers, SS7 loopholes and Malware Future Functionality: Cellular IoT cyber security Services Provided: Security-as-a-Service: monthly subscription per device (see products)
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 106 01 Company Description
Indegy protects industrial control networks against operational disruptions caused by Cyber Threats, Malicious Insiders and Human Error, and ensures operational safety, continuity and reliability, by providing real-time visibility and security.
Company Info 02 Company name: Indegy Other offices: Tel Aviv, London, Rome, Kansas City, Miami, etc. Founded: September 2014 Target Industries:- Legal sector and Employees: 45 financial institutions- Higher education Web: www.Indegy.com institutions- Government agencies 03 04 The Product FS footprint
Product Category: Industrial Cyber Security Headquarters: New York, US Product Stage: released Other offices: Tel Aviv, Israel Product Names and Brief Description: Target Industries: Manufacturing, Indegy Industrial Cyber Security Platfrom Power & Enrgy, Utilities, Automotive, Pharmacuticals, Food Key Differentiators: and Bevrages, Transportation, Unmatched visibility into all ICS activities Data Centers, Building Automation Real-time alerts, Zero False Positives Systems, and more Future Functionality: Enhaced capabilities and coverage Services Provided: Support and profesional services
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 107 Feedback and suggestions
Your feedback is extremely important to us and we value and appreciate receiving your suggestions or comments to help us improve our content, services and the way we communicate.
We appreciate receiving compliments
If you are satisfied with the Cyber Startup Observatory, please let us know. It helps us to know that we are delivering our services effectively and provides us with an opportunity to recognize our team’s valuable effort.
Suggestions on cybersecurity topics, news, solutions and innovations are a valuable input
We strive to cover relevant topics, provide valuable resources and to shed some light on important issues. The team welcomes your contribution as a way to widen our vision, the quality of the content and the depth of our knowledge.
You can contact us on: [email protected]
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 108 © 2018 Smartrev Analytics Consultants SLU. All rights reserved. In this document, “Cyber Startup Observatory”, “Startup Observatory” and “Smartrev Cybersec” refer to trademarks belonging to Smartrev Analytics Consultants SLU.
The information provided by the participating startups and companies belongs to them. They remain the sole and exclusive owner of any information provided to Smartev including without limitation, with respect to any intellectual property rights, copyrights and trademarks. Smartrev Analytics Consultants SLU have received explicit written permission to publish all the information included in this report.
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 109 S O
www.cyberstartupobservatory.com Cyber Startup Observatory Israel 110