“If we examine the information security industry at large, we are dealing with two main problems: the first is finding security issues, and the second is fixing them," said Merav Bahat, Co-Founder and CEO of Dazz, during a special Calcalist panel on the future of the cyber field in 2022. Also on the panel were Roey Eliyahu, Co-Founder and CEO of Salt Security, Ofer Ben Noon, Co-Founder and CEO of Talon Cyber Security and Ety Spiegel Hubara, Co-Founder of Orca Security.
“Companies traditionally deploy cyber security tools that focus on finding problems and have to endure a very complex organizational process for fixing them; Most companies that are hacked were aware of the security issues that caused the breach – but couldn’t practically fix them," explained Bahat. "Before founding Dazz, I worked at Microsoft, leading the cloud security business activity worth $2.5 billion. One year ago my partners and I founded Dazz. We recently raised $60 million from leading global venture capital firms.”
According to Roey Eliyahu, Co-Founder and CEO of Salt Security: "IBM recently published a study according to which two thirds of cloud breaches come from EPI. It's an easy doorway. Covid accelerated companies' digitization. In a world where Covid restrictions come and go one can't count on the physical environment, but has to switch to digital platforms; that all builds on EPI,” noted Eliyahu. “When a company’s most secret information is made easy to access, it's easy to exploit it. Companies' innovations move faster than implementing security solutions, and because of the speed with which security teams can adjust to new threats, it's a race."
Salt helps companies defend their EPI. “These interfaces connect all types of software: whether it's a mobile app or a browser app, 83% of web traffic goes over EPI. Most of our information online moves through these connections, and they are also the weak point attackers exploit when they hack into organizations attempting to steal information – as happened to Facebook, when millions of users' data were extracted exploiting these weak points. We use big data and artificial intelligence to identify attackers based on behavior rather than signatures and other methods. In 2016 we started the company and the term EPI security spread around the industry. Today we have 150 employees, and the number keeps rising. So far we have raised $130 million, Sequoia being one of our leading investors."
According to Ety Spiegel Hubara, Co-Founder of Orca Security: "I think the attackers' creativity is endless. The world is going in the direction of using cloud technology, which inherently is more secure than older technology, partly thanks to cloud providers that update their security systems. Only a few days ago, our company published two weaknesses that we identified, in a controlled manner together with the AWS security team. The vulnerability exists in large organizations, and it will continue to exist."
Speigel Hubara explained that Orca develops a technology for scanning websites that produces faster coverage of the environment - only a few minutes - while older products needed weeks. “Moreover, we make information security officers' work process more efficient by creating a visualization of the cloud environment as part of the scanning process. This way we get a larger mass of problem notifications, and then we target and prioritize the most critical problems."
Ofer Ben Noon, Co-Founder and CEO of Talon Cyber Security, said: "I think it's a growing trend that will continue; the cyber world inherited the complexities of the technology world, the IT world. The moment the world becomes more complex, and infrastructure complexity grows, the exposure to risk grows,” he said. “Many people working on lots of different software makes the attacker's job that much easier. On the other hand, people are spread around the world and bad people are looking for ways to create more income sources. This is a financial incident for many organizations. We see more and more incidents that reach the level of world superpowers. And when it's financial and so strong, there's no reason for it to decline. We can produce value and bring solutions to clients."
Ben Noon served in Unit 8200 in the IDF, and later founded the automotive cyber security company Argus. Argus was purchased by Continental in 2017 for $430 million. “I stayed on as CEO for another three years and then moved on to the next challenge. The most critical problem of the new world is work, and how people can work from anywhere. I realized there were three major revolutions that happened in 2020, and they are still happening: people work everywhere, there are a lot more cloud services where organizational data is processed and so many different tools: Windows, Mac, Linux, tablets, Android. Our goal is to connect them all because the browser is common to them all, it's the main working environment. It's an opportunity to introduce many security solutions into one product and also better secure the browser."
Too many competitors or too many threats
"I believe the trend shows increasing security threats, and the cloud transformation is a driving force,” added Bahat. “Every company is turning digital: coffee shop chains, hotels, not just tech companies such as Microsoft and Google. This means that development is shifting to the cloud as well. In the past, new software was deployed twice a year, today it happens every three minutes. This means a great deal, because the code is reused and modified repeatedly. Open source code and cloud transformation create larger exposure and new paths for hackers. For this reason, this year is more challenging than previous ones. These trends create opportunities in the market; there is a lot of room for innovation. The best ideas win if there is real value; if one solves a difficult problem and executes it well they will succeed."
Ben Noon said: "There's no doubt there are many more companies today than in the past, a kind of micro-inflation, and that poses a challenge to every organization's security manager, while on the other hand it shows that there are larger budgets, larger demand and more and more energy and investors' trust in our field. When we started we were the only ones, and today there are two companies attempting similar things. But that's not necessarily bad: There are larger marketing budgets, and someone to compare to. No one feels comfortable purchasing a product when there is only one version out there. Having substantial competition is ultimately a good thing. There will be a stage of consolidation, companies will merge to supply comprehensive solutions."
Spiegel Hubara added: "Orca was a pioneer in the field, and the arrival of new companies is a good sign, it means we chose the right way. Moreover, free market competition is a welcome thing, it makes us better, more professional. The customers benefit the most."
Naturally, accelerated growth comes with a demand for human resources, professionals in the cyber field specifically. According to Bahat: "It's important to state that we are in the midst of a very positive economic revolution in Israel. Large companies are formed, and not just unicorns; it requires an entire industry of product, finance and marketing professionals. I predict that foreign investment, $25 billion last year, and the setting up of company headquarters in Israel, will continue and create demand for larger numbers of employees. We should focus on educating the younger generation, a mission which I dedicated myself to during my time at Microsoft. Education should be aimed at parents and teachers as well, emphasizing that working in high-tech is a wonderful opportunity for our children and grandchildren for at least the next thirty years."
Eliyahu added, "in our case, as in many other companies, we don’t look only for employees with a background in cyber tech. An employee with a background in big data, for instance, is also vital to us. I think it seems more challenging but the numbers indicate otherwise: In the last quarter, we recruited more employees than in the previous two. Nevertheless, I think the challenge gets harder. You see it especially in larger organizations, where the absolute number of employees is large. The number of professionals is reduced and the bar is set higher."