Author: Elias Chachak

Image Source: Freepik

Cybersecurity is the process of protecting and defending an enterprise’s use of cyberspace by detecting, preventing and responding to any of the malicious attacks like disabling, disrupting, injecting malware, or anything thing else aimed to harm the organization.

At its center, cybersecurity defends your organization from vicious and threat attacks aimed to disrupt and steal information from your organization. Cybersecurity risks are similar to financial and reputational risks as it could directly affect the organization’s growth, driving the costs up and adversely affecting the revenue.

If you’re a part of an organization, and especially, if your workplace stocks sensitive information of individuals or clients involved, then this is an ideal time to educate yourself regarding cybersecurity and ways to safeguard your organization against cyber attacks and threats with the help of professionals who hold cybersecurity certifications.

Continue reading

Businesses need to take their cyber security seriously. There are huge financial implications for being hacked, not just from the perspective of lost revenue and weakened reputation, but also in the form of stricter regulations from laws such as the General Data Protection Regulation (GDPR). However, there are a number of myths about cyber security that make it difficult for companies to know what the best course of action is. Here are four myths about cyber security that are still affecting British businesses.

Myth #1: Cyber security is purely dealt with by the IT department

One commonly held myth that can actually put businesses at risk is the idea that cyber security is something that the IT department (and only the IT department needs to be concerned about). Of course, it is necessary to provide your IT team with the budget and resources to defend your business against the risk of a cyber-attack.

Continue reading

Amazon Web Services (AWS) offers a huge variety of benefits for businesses, and organisations are increasingly opting for cloud solutions for their data, website, and applications. However, there are still some businesses using AWS that have not put the proper cyber security controls in place. Here we take a look at ten great tips to improve your AWS cyber security.

  1. Understand your responsibilities

When you work with any kind of web services provider you need to understand what you are responsible for and what will be managed by the provider. This is absolutely true in terms of AWS – where Amazon runs its so-called ‘shared responsibility model’. In this model AWS is responsible for protecting the infrastructure of the AWS cloud system including hardware, software, and networking.

On the other hand, you as the customer is responsible for customer data, identity and access management, firewall and anti-virus configuration, and issues such as data encryption. It can sometimes be necessary to work with outside agencies to manage your own cyber security.

Continue reading

To stay secure many businesses regularly test their systems to identify vulnerabilities. Penetration testing is one of the most common types of cyber security assessment but in recent years a growing number of businesses have also turned to ‘bug bounty’ programmes to supplement their testing programmes.

Penetration testing (often referred to as pen testing) is a well-known and established form of assessment, typically carried out by a company that specialises in ethical hacking. (Covered here in great detail by Redscan’s extensive glossary). Bug bounty programmes, however, are a more recent offering, viewed by many as a complement to penetration testing, helping to widen the scope of security testing on platforms that are already well-secured against attacks.

Many large organisations run their own on bug bounty programmes, including Google, Facebook and Microsoft (which paid out millions in bounties in 2018). Even the EU has begun funding programmes.

Continue reading

Virtual Cybersecurity Labs

Cybercrime affecting businesses has become so widespread that IT and network security professionals are always thinking about that next breach and the costs of recovering from it. This increased risk has also raised the demand for better virtual defenses to prevent the loss of sensitive organizational data such as personal consumer details and internal communications.

There is a substantial need for cybersecurity training. It’s something that many businesses are interested in, but implementing the right system isn’t easy. Physical labs are expensive, require significant time and resources, and aligning everyone’s schedules is often impossible.

Virtual labs are a great way for you to provide your customers and partners with access to the latest cybersecurity product demos and training. These labs are accessible from anywhere, customers can engage with them on their terms, they cost less, and increase the overall quality of the training.

Continue reading

If you don’t do your utmost best to ensure that your online store is safe to use, you could end up putting your customers in real danger. From their finances being stolen to their personal data being hacked into, any kind of trouble could befall your site’s users if you do not take cyber security seriously. Make sure, then, that you take it seriously!

When it comes to improving your online store’s cybersecurity measures, the following advice makes for essential reading.

Make your mobile payments safer

One of the most burgeoning e-commerce trends is mobile payment. As stated on Oberlo’s mobile shopping trends article, this is because this kind of transaction process prioritizes comfort, and it makes the buying process a whole lot simpler. You would be foolish not to grant your customers the opportunity to pay for things on your store via their mobile devices.

Allowing this kind of payment to take place does come with its fair share of drawbacks; however, the biggest one being that it isn’t always the safest form of transaction. This doesn’t mean that you can’t strengthen your mobile payment process, though. Some of the measures that you can and should put into place in this instance include:

  • Only ever using a trusted payment platform
  • Ensuring that your payment terminals are NFC-enabled
  • Encrypting your network to ensure sensitive information cannot be sent through it

Switch to HTTPS

In this day and age, if you continue to stick with the HTTP protocol, your online store will be a sitting duck for cyber criminality. If you’re serious about safety, you must switch to HTTPS.

Created initially to safeguard the particularly sensitive elements of e-commerce sites, such as the payment process, HTTPS is now used to protect whole websites. By embracing this protocol, you will be able to be sure that your visitors’ data will remain safe at all conceivable points.

Protect your Admin Panel

Your Admin Panel is the aspect of your store that is least difficult for cybercriminals to crack. All it takes is for you to set a weak password, and hackers can have a field day when it comes to accessing all of the data you store in the backend of your site.

To protect your Admin Panel, you need to:

If they were to encounter trouble with a cybercriminal while using your online store, you can be sure that your customers will not give you a second chance. They will lose trust in you instantly, and more than likely never return to you again — and they’ll tell everybody that they know to avoid your website in the future, too, for good measure. If you don’t take cybersecurity seriously, you could also even find yourself in hot water with the authorities. The impact cyber criminality could have on your online store is something you should want to avoid at all costs, which is why you must put all of the above advice into practice as soon as possible.

Most Promising Israeli Cybersecurity Startups for 2019

Around 450 cybersecurity companies are operating in Israel, constituting 5% of the global cybersecurity market. The cybersecurity industry was founded in Israel in the late 80s, with the establishment of several local companies that developed anti-virus software and information security. To understand the impact of Israeli companies on the global market, we can mention a few of the well-known Israeli cyber companies: Check Point, Radware, CyberArk, Imperva.

The cybersecurity industry in Israel, which is an important part of Israel’s software industry, includes a wide range of companies that protect from cyber warfare and cybercrime. The sector includes companies operating in it for a long time as independent companies, together with start-up companies that were sold to foreign companies, they continue to operate in Israel as development centers of the acquiring companies. In the list below we will mention the most promising Israeli cybersecurity companies for 2019. We’ve created this list to give an overview of startups that our industry needs to track and be aware of. The companies below are operating in Israel or founded by Israelis, they all award-winning companies. To see the full list of Israeli cybersecurity companies please check our database.

Our list of Most Promising Israeli Cybersecurity Startups for 2019

breach and attack simulation XM CyberXM Cyber

In order to prevent cyber-attacks, organizations should identify in advance attack vectors that hackers will utilize to compromise their critical assets. Moreover, security holes should be remediated as soon as they are created and before attackers utilize them.

XM Cyber’s multi-award-winning breach and attack simulation (BAS) platform identifies continuously attack vectors and prioritizes remediation. The platform provides organizations with a clear understanding, at any given time, of where and how hackers will compromise their crown jewels. XM Cyber was founded by executives from the Israeli cyber intelligence community and has offices in the US, UK, Israel and in Australia.


SilverfortSilverfort

Corporate networks are going through dramatic changes due to IT revolutions like cloud, IoT and BYOD. With countless devices and services connected to each other without clear perimeters, users must be authenticated before accessing any sensitive resources.

Silverfort delivers strong authentication across complex corporate networks and cloud environments, without requiring any software agents, proxies or local configurations. Silverfort seamlessly enables adaptive multi-factor authentication for all sensitive users, devices and resources, including systems that don’t support it today, such as IoT devices, homegrown applications, critical infrastructure and more. Silverfort enables enterprises to prevent data breaches, comply with regulatory requirements and migrate sensitive assets securely to the cloud.


SixgillSixgill

Cybersecurity companies often rely on manual or semi-automatic processes to gather and analyze intelligence, creating a lengthy, expensive and ineffective intelligence cycle that fails to mitigate threats.

Founded in 2014, Sixgill provides cyber threat intelligence solutions based on coverage of exclusive-access to deep and dark web sources, to enterprises around the world including Fortune 500 companies, financial institutions, and law enforcement agencies.

In 2017, Sixgill was awarded a “Top 10 Most Innovative and Promising Companies of the World” at the Netexplo/UNESCO Paris conference and was included in the Disrupt 100. In 2016, Sixgill was named one of the “Top 5 Most Innovative Companies” at CyberTech Tel Aviv.


API Security Salt SecuritySalt Security

Salt Security protects the APIs at the core of every SaaS, web, mobile, microservices and IoT application. Its API Protection Platform is the first patented solution to prevent the next generation of API attacks, using behavioral protection. Deployed in minutes, the AI-powered solution automatically and continuously discovers and learns the granular behavior of APIs and requires no configuration or customization to ensure API protection.

The company was founded in 2016 by alumni of the Israeli Defense Forces (IDF) and serial executives in cybersecurity and in 2019 was selected as a finalist for the RSA Innovation Sandbox.


IntezerIntezer

Intezer’s Genetic Malware Analysis technology identifies code reuse among trusted and malicious software to detect advanced cyber threats. The technology determines whether a file is trusted or malicious, while also classifying the malicious file to its relevant malware family and providing information about the level of sophistication and the threat actor behind the attack, within seconds. The company also offers a free community edition where users can detect code reuse to obtain insights about malware families and threat actors.
Fortune 500 companies leverage Intezer to automate their malware analysis and classification and reduce false positives — improving security operations and accelerating incident response. The company’s technology has provided crucial insights in several high profile cyber attacks before leading engines and government agencies, including APT28, MirageFox, NotPetya and WannaCry.

Intezer was named a Cybersecurity Excellence Awards 2019 winner for Best Cybersecurity Company and Cyber Defense Magazine Infosec 2019 award winners for Cutting Edge Malware Analysis and Incident Response. The company was named an SC Awards USA finalist in the category of Newcomer Security Company of the Year.


Protego’s serverless securityProtego

Serverless applications require unique security solutions. Founded in 2017, Protego’s comprehensive SaaS solution helps organizations embrace serverless technology securely.

The Platform:

· Saves developers & DevSecOps time by automating application hardening & governance within existing pipelines.

· Provides CloudAppSec with serverless app visibility & seamless run-time security with function self protection.

Protego won the 2019 Cybersecurity Excellence Awards for Best Startup and was named a 2019 Company to Watch by SDTimes Magazine. In 2018, Protego won an Innovator Award from SC Magazine, received Frost & Sullivan’s Global New Product Innovation Award, and won most innovative initiative at the CyberTech Tel Aviv Conference.


SepioSepio

Sepio is disrupting the cyber-security industry by uncovering hidden hardware attacks. Sepio Prime provides security teams with full visibility into their hardware assets and their behavior in real time. A comprehensive policy enforcement module allows administrators to easily define granular device usage rules and continuously monitor and protect their infrastructure. Leveraging a combination of physical fingerprinting technology together with device behavior analytics, Sepio’s software-only solution offers instant detection and response to any threat or breach attempt coming from a manipulated or infected element.

Sepio Systems recently was awarded by Frost & Sullivan the Best Practice and Technology Leadership award for RDM (Rogue Device Mitigation) market.


ReblazeReblaze

Founded in 2012, Reblaze is a cloud-based, fully managed protective shield for sites and web applications. Hostile traffic is blocked in the cloud, before it reaches the protected network.
Reblaze is a comprehensive web security solution, providing a next-gen WAF, DoS and DDoS protection, bot mitigation, scraping prevention, CDN, load balancing, and more.
The platform offers a unique combination of benefits. Machine learning provides accurate, adaptive threat detection. Dedicated Virtual Private Clouds ensure maximum privacy. Top-tier infrastructure assures maximum performance. Fine-grained ACLs enable precise traffic regulation. An intuitive web-based management console provides real-time traffic control. A one-month trial offer allows you to assess Reblaze with no cost, risk, or obligation.


Regulus CyberRegulus Cyber

Regulus Cyber offers Defense for Sensors used in Automotive, Maritime and Aviation.
Being the first company focusing entirely on sensor security solutions that protect commonly used sensors for both manned and unmanned systems. The product called Pyramid is offering real-time protection against jamming and spoofing attacks.
These attacks can disable or hack sensors such as GNSS, LiDAR, Radar and other mission-critical components.
Regulus Pyramid has won several awards including AUVSI Excellence 1st place cybersecurity winner and The Cyberstorm Startup Competition and received $6.3 million in funding from leading VCs in Israel and Silicon Valley.


MorphisecMorphisec

Morphisec fundamentally changes the cybersecurity scene by shifting the advantage to defenders, keeping them ahead of attacks with moving target defense.

Emerging from the national cyber security center and from some of the sharpest cyber security minds in Israel, Morphisec provides the ultimate threat prevention by making sure attackers never find the targets they seek.

 


This was our latest list of most promising Israeli cybersecurity startups fro 2019. We hope that you will find what you need. Feel free to contact us if you want to add a company to our list.

Cyber Sec Recruiters

As cybersecurity is becoming more and more popular each day it’s also important to mention that there is a shortage of skilled people within the industry. Many recruiters create specific cybersecurity departments so they can stay competitive and fill the gap. According to the Forbes, it is expected that cybersecurity market will hit $170 billion by 2020 and cybersecurity jobs are expected to reach 6 million by the end of 2019. It’s not a secret that the rapid growth rate of the industry requires a professional approach from some of the best infosec recruiters.

In a recent interview, Karla Jobling from BeecherMadden (a top UK cybersecurity recruiter) reveals that at first cybersecurity companies wanted to hire as many people as possible. However, now they are more concentrated on how to find not many, but just the right people for the right position. It is extremely important for a recruiter to match the candidate’s expectations with the requirement and the corporate culture of the client company.

Continue reading

NATO Logo

According to recent reporting, the North Atlantic Treaty Organization (NATO) announced that its Cyber Operations Center (COC) is expected to be fully staffed and functional by 2023.  The new COC marks NATO’s understanding of the importance that cyberspace plays in conflict, particularly in times of political tensions that has resulted in cyber malfeasance that has targeted elections and critical infrastructure.  The establishment of the COC is a natural evolution in how to address cyber attacks in a more timely manner by integrating cyber actions with more conventional military capabilities.  In early 2014, after notable cyber incidents were a part of international incidents that occurred in Estonia in 2007 and Georgia in 2008, the Alliance updated its cyber defense policy to classify digital attacks as the equivalent of kinetic attacks under its collective security arrangement under Article 5 of the treaty.

In those particular instances, Russia was suspected in orchestrating or at least tacitly supporting the cyber attacks that afflicted both states.  Since then, Russia’s alleged cyber activities have only become more brazen in their scale and aggressiveness.  From suspected involvement in launching cyber attacks against Ukrainian critical infrastructure to launching a variety of cyber operations to meddle in the elections of foreign governments, Russia has taken advantage of the uncertainty of cyberspace where there is little consensus on key issues such as Internet governance, cyber norms of state behavior, or the criteria by which cyber attacks escalate to a point of war.

Continue reading

White House

With the approach of the United States’ 2018 midterm elections, concerns have been expressed by many regarding the security and integrity of the voting process.  Given the news how suspected Russian agents actively sought to use hacking and influence operations to sway voters in a particular direction during the presidential election, the concern is legitimate, even if there was no evidence that votes were actually altered in 2016.  The preservation of the democratic voting process has been thrust into symbolic “red line” territory that needs and should be protected against foreign interference.  Indeed, the Department of Homeland Security re-enforced this by elevating election infrastructure to the status of “critical infrastructure” in early 2017.

Clearly, hacking and gaining unauthorized access to those systems and devices associated with the election process is something that deserves immediate attention.  After all, many countries would ostensibly agree that breaking into computers is a criminal offense, regardless if data is taken, destroyed, or altered.  In the 2016 U.S. presidential election, there were clear incidents where suspected Russian hackers stole data, and even compromised voter-related records, resulting an indictment of Russian nationals on a wide variety of charges ranging from conspiracy to commit fraud, money laundering, and identity theft, to name a few.

Continue reading