“We had to be commandos": How Semperis became one of the fastest-growing companies in the world

Matan Liberman and Guy Teverovsky remember when Semperis - the cyber company they founded with Michael Brezman - achieved its major breakthrough. "Each of us remembers the moment when an order arrived from a certain British client, a giant global retailer whose trust had taken us a long time to win," says Lieberman, VP Business Development. Teverovsky, the CTO, smiles, saying, "It was our biggest contract at the time, the first seven-figure contract. When the order arrived I was sitting in a restaurant in New York, I saw the order and shouted, “Yes!” in the middle of the restaurant. Everyone thought I should be hospitalized. For me, it was doubly exciting, because this customer who chose us wrote the books I learned from. It was amazing.”

The full list of the top 50 most promising Israeli startups of 2023

"It's a huge client, which naturally raises concerns," Lieberman continues. "Teverovsky flew to England to do a demo, the client approved, and we started installing on the spot. We set aside more than a week for it, but it took two days. The client was shocked that it worked so quickly, and we were shocked by the quick success. It was amazing. And since then the bar has only gone up."

Matan Liberman and Guy Teverovsky

Considering the unusual story of Semperis, which developed a disaster recovery system that knows how to detect cyber attacks, neutralize them, and restore the organization's activities automatically, it is indeed amazing. Founded in 2014, the company did not follow the typical path of Israeli cyber entrepreneurs, which includes starting in one of the army’s technology units of the intelligence corps, creating an extensive network of connections, receiving investments from senior angel investors in the industry, and a supportive business environment. "We are a strange bird: we weren’t in the IDF’s technology units," says Lieberman. "Mickey was in the Navy, I served in the Prime Minister's Office, Guy was in infantry, and we both served as reservists in infantry."

How did the company get started?

"Guy worked as a consultant for Microsoft, going to organizations around the world to help them prepare for disasters in the world of corporate security. One of these organizations was the Prime Minister's Office, where I worked as the head of a development team. As part of the joint work, he told me about the difficulties in recovering systems after a disaster, and about the lack of awareness that organizations have about this. One of the organizations he met with was a bank that didn't even know it couldn't recover its systems.

"Micky \[Brezman\], who was a good friend of Guy's, had a company that engaged in recovery consulting. They spoke and came to the conclusion that the situation in this market will get worse and worse, and decided to start a company that would face this world and develop technology for rapid recovery from a disaster. They approached me to be a co-founder, we were accepted to Microsoft's accelerator program, and the rest is history."

Was the fact that you were unusual in the cyber landscape, having not followed the classic route, an advantage or a disadvantage?

"Both. It's a disadvantage because we didn't have a social network, we didn't have access to personnel, the kind where you just pick up the phone and half of your staff shows up in uniform. But it's also an advantage because if you survive something like that, you become much more resilient and mature. It gave us a different way of thinking about the market and the company.

“For example, unlike many companies, we have a diverse workforce of employees from the ages of 20-70, and this diversity gives us a different way of thinking. We also have a rule in hiring: we don't hire people with bad interpersonal relationships. Professionalism can be improved, but not people.

"Beyond that, being different forced us to develop a commando mentality - failure wasn’t an option. We would do everything for the company to survive, no matter what it took. We left jobs and salaries, ate away at our savings, and had one goal: to succeed. We did not have the comfort of 'worst case it fails, I will do something else.’ We encountered difficulties that would have caused other entrepreneurs to close their companies and look for the next thing. We were also very close to closing in 2016, but our spirit was 'we will prove ourselves'. When we had a system installed for a customer, we worked on it in the office all night. At three o’clock in the morning, we ordered pizza, at seven we finished the installation, and at eight we were already with the customer. And the system worked.”

The determined commando mentality of the founders turned Semperis into a supplier for a number of huge international corporations. In Israel alone, it serves more than a hundred organizations, including the El Al airline. "We are patriots. I like to sell in my backyard," says Lieberman. Semperis also has a series of partners, such as the consulting firm Accenture, IBM, Microsoft, MalamTeam, and many more. Its annual revenue rate is approaching $100 million. And all this, as mentioned, in only nine years.

This success was achieved thanks to the identification of a weak point in Microsoft's Active Directory, a system that centralizes the identities of all the organization's users, the devices connected to the network, and the passwords. While many cyber companies focus on protecting the organization's data, Semperis realized that Active Directory is the most vulnerable point: an attacker who overcomes it could control the organization's computer systems. To prevent this, Semperis’ technology detects vulnerabilities in the identity system, intercepts cyber attacks, and enables the organization to quickly recover from cyber attacks, data breaches, ransomware, and other data integrity emergencies.

"In the past, in the world of disaster recovery, the need was derived from risks such as storms, floods, earthquakes, power outages, human errors, missile strikes - where recovery comes from the data center," explains Teverovsky. "Today, the story is very different: hackers have realized that instead of attacking a server, it is better to look for the infrastructure that holds data to best attack the organization. Today, preparation is geared at preventing a severe cyber attack, which can paralyze organizations. We have seen organizations whose backup servers were even damaged, and when they uploaded the backup, the attacker was back in the system.

"We provide a comprehensive solution for organizations - before, during, and after an attack. We know how to monitor weaknesses in the organization and reduce the chance of an attack, and during an attack, we know how to intercept it and identify the attacker. At the same time, we know that there is no such thing as 100% protection, so there is an immediate need for a system that allows for fast recovery in a few clicks, within an hour.

"Our guiding idea is to reduce human error in decision-making in a disaster situation. When people act under pressure, they don't always make wise decisions. We looked for any place where we could incorporate technological ability into decision-making so that rather than an organization working with a disaster recovery manual, our system does all of this automatically. We replace a hundred pages of configuration and add a layer of cyber to the recovery, and all in four clicks."

The decision to focus on Active Directory seems obvious today, but Teverovsky explains that it was a smart bet that was successful. "In the beginning, we focused more on recovery after a collapse as a result of a computational failure, and less on recovery after a cyber incident," he recalls. "Our move to focus on identity protection was a wise bet: we estimated that in the future hybrid world, this system would play a critical role."

This was a particularly bold decision because at the beginning of Semperis’ journey, Gartner predicted that Active Directory’s days were numbered and that the market for its protection was about to disappear. "Our most difficult moment was in 2016," Teverovsky recalls. "We really had our backs against the wall. One of the investors helped us, advanced investment amounts, and believed in us. The fundraising round was delayed, the bank account was not exactly full, and we injected our own funds.

"Our big problem at that time was that we were ahead of the market. The product we developed was ripe and ready, but we were not able to sell in the way we wanted, and we were not able to grow at the rate we planned. We are not second-time entrepreneurs, with experience in building sales processes - we were naive. We were not aware of the time that processes take, what you might encounter, and we didn't have the social network of IDF intelligence graduates, with friends who would find us someone to talk to."

But Semperis’ bet turned out to be successful with the transition to the cloud. If in the past the employees connected to the organization's systems from a computer in the company's offices, now many of them connect using their personal computer at home or via mobile devices. This situation created a need to control the identity of those connecting to the systems, and here Semperis emerged as the company with the most mature technology, and with the most experience in implementing its system. In 2018, Gartner admitted that it was wrong, and assessed that Active Directory was here to stay. Semperis began to take off, and the demand for its technology exploded every year, so much so that Deloitte ranked it among the fastest-growing companies in terms of revenue. Today, Semperis technology is used to protect more than 50 million identities from a long list of organizations.

"Israeli investors underestimated us"

It was only in the most recent funding round that Semperis managed to take a significant step forward, with a funding round of $200 million led by two huge funds: KKR, one of the largest investment giants in the world, managing more than $400 billion, and Insight Partners, the largest investor in Israeli high-tech, with a string of successes such as Papaya Global, monday.com, and others. This funding round was so successful, that it also saw its founders record a small exit for themselves. To date, the company has raised approximately $254 million. In addition to the major investors, the company was assisted by several investors including Maverick Ventures.

"We have always raised funding during difficult times," says Lieberman. "During the coronavirus pandemic, we raised $40 million and were in constant fear that the deal would fall through. Our last round - completed in May 2022 - was during a period when almost no one was investing, and we were very afraid that our investors would stop. That didn’t happen.”

Your list of investors is missing traditional Israeli investors. Why is that?

"We don’t have standard Israeli investors because we didn’t come out of the IDF’s technology units. The first investors we met underestimated us. They brought in consultants who tested our technology and said that the same thing could be done manually in half an hour. Today, the best professionals in the world in our field regard our solution as ideal. Whoever bet on us made the right bet: we were ahead of the market, but we were lean and cautious and survived until it caught up with us. This happened in 2018 when we had sales of one million dollars, and from there the company grew by multiples of hundreds of percent a year. We want to grow, and we also want an IPO. The market we are working with is huge: every organization with over 1,000 employees, in every sector, is a potential customer. Today we operate in more than 20 countries and serve very significant organizations."

Aren't you afraid of what appears to be a global recession?

"I don't think it's a global recession. There is a certain slowdown in the economy, which I think is artificial and created by interest rates being raised in an attempt to curb inflation. We proceed carefully, exactly the same way we have done since founding the company: never hiring too many people if we don't have to. We always grew in the right way, which is based on revenue and products."

The last sentence contains a criticism that is not entirely hidden. Lieberman and Teverovsky do not hide their lack of enthusiasm for the behavior of the cyber companies that have sprung up in recent years and have raised huge sums of money. "We are not a company that got started two years ago with a presentation and $15 million in Seed funding, recruited people at a much higher salary than is customary in the market, and is now laying off a high proportion of its workforce. Those companies are always looking towards the next funding round, whereas we were only looking for a way to maintain funds, because we didn't know when the next funding round would come. We counted every shekel.”

How do you view the Israeli cyber industry?

"The cyber-world is full of companies and ideas, but not every company will succeed in building a platform that organizations must install. In our industry, there are many niche companies that produce solutions for small problems. In Israel, many companies are also emerging that deal with very similar fields. There is an excess of niches. There is tough competition, and new players are forced to fight against giants. The field of protecting identities is relatively new. We are veterans and were among the first in the field, and there are not many companies that compete for our niche.”

Unlike other Israeli high-tech companies, you chose not to be a prominent part of the protests against the judicial coup. Why are you not involved in the demonstrations or supporting the industry in these areas?

"We have not encountered the effect of the situation in Israel on our investors and clients. We are wary of politics - everyone has their personal opinion on every matter in politics, in Israel and in the United States. It is important to us that all employees feel comfortable in the office, and do not think that our political opinion is being imposed upon them."