While the offensive-defensive strategies for vulnerable networks and data protection run in a never-ending cycle, the complexity and volume of cyberattacks still increased. Although traditional cybersecurity measures are still imperative to fight these cyberattacks, there is a growing need to combine the strength of artificial intelligence security to defend vulnerable networks and data from cyber attackers. 

In a recent report by antivirus company, Norton, it states that the global cost of data breach recovery is USD 3.86 million. Additional reports show that it takes up to 196 days for an organization to recover from any data security breach. These statistics show the increasing need for companies to use AI security to avoid both financial losses and waste of time. 

Continue reading

On my 1st week of the basic course in the Israeli army I was taught that in terms of information security there is no information item that is too negligible or too small to deal with.

The base location, the unit’s name, how big is my team – shall not be told.
There is no need to brag about the amazing projects we do
and
There is no reason to connect external media to computers

EVERYTHING about information security is important and must be afterthought.

That approach is based on the assumption, that a person who was educated from the very 1st moment not to disclose the name of the unit (barely the city it is located at) will be very minded and aware with information of real potential harm.

This is an excellent and well-proven attitude with regard to security, and I’d expect it to be a corner stone in mission critical cyber security organizations and industries such as: medical, energy, avionics and automotive.

Continue reading

Medical IoT devices operate in care facility environments that encompass care giving, case management, customer service, and clinic management. As such, the risk of data gathered and managed by medical devices extends beyond the device itself. A compromise of clinic management services can propagate to IoT device command and control, allowing compromise of devices in attacks that do not directly touch the device at all. This is clearly the major driver for the emerging category of “Medical IoT (IoMT) Cyber Security ”

A large hospital for examples could be home to as many as 85,000 connected devices. While each of these devices has a significant role in the delivery of care and operational efficiency, each connected device also opens the door to a malicious cyberattack. A recent report from Irdeto,  found that 82 percent of healthcare organizations’ IoT devices have been targeted with a cyberattack within the last year.

Going over the players in this industry, it is clear that the Medical IoT security category includes a number of different approaches with the common target to provide the customer with a clear assets discovery and timely alerting on security breaches and attacks on its Medical environment.

Although many large security players are addressing this niche too, CyberDB identified a number of emerging players that are focusing on this industry and as such we expect them to benefit from the growth in this market. These players are (in alphabetical order):

Continue reading

Breach and Attack Simulation is a new concept that helps organizations evaluate their security posture in a continuous, automated, and repeatable way. This approach allows for the identification of imminent threats, provides recommended actions, and produces valuable metrics about cyber-risk levels. Breach and attack simulation is a fast-growing segment within the cybersecurity space, and it provides significant advantages over traditional security evaluation methods, including penetration testing and vulnerability assessments.

Going over the players in this industry, it is clear that the BAS category includes a number of different approaches with the common target to provide the customer with a clear picture of its actual vulnerabilities and how to mitigate them.

CyberDB has handpicked in this blog a number of exciting and emerging vendors. These players are (in alphabetical order):

Those companies have a number of characteristics in common, including  a very fast time to market, successful management team and strong traction. In addition, all of them have managed to raise Series A or B funding over the last 16 months, ranging from $5M to $32M.

Continue reading

IoT Security in 2019

In recent years, IoT has been on the rise, with billions of new devices getting connected each year. The increase in connectivity is happening throughout markets and business sectors, providing new functionalities and opportunities. As devices get connected, they also become unprecedently exposed to the threat of cyberattacks. While the IoT security industry is still shaping, the solution is not yet clear. In this article, we will review the latest must-know about IoT visibility & security and we will dive into new approaches to secure the IoT revolution.

IoT visibility & security in 2019:

1. IoT endpoint security vs network security

Securing IoT devices is a real challenge. IoT devices are highly diversified, with a wide variety of operating systems (real-time operating systems, Linux-based or bare-metal), communication protocols and architectures. On top of the high diversity, comes the issues of low resources and lack of industry standards and regulations. Most security solutions today focus on securing the network (discover network anomalies and achieve visibility into IoT devices that are active in the network), while the understanding that the devices themselves must be protected is now establishing. The fact that IoT devices can be easily exploited makes them a very good target for attackers, aiming to use the weak IoT device as an entry point to the entire enterprise network, without being caught. Besides that, it’s important to remember that network solutions are irrelevant for distributed IoT devices (i.e., home medical devices), that has no network to protect them.

Manufacturers of IoT devices are therefore key for a secure IoT environment and more and more organizations are willing to pay more for built-in security into their smart devices.

2. “Cryptography is typically bypassed, not penetratedShamir’s law

In recent years we see a lot of focus on IoT data integrity, which basically means encryption & authentication. Though very important by itself, it’s important to understand that encryption doesn’t mean full security. When focusing mainly on encryption & authentication, companies forget that the devices are still exposed to cybersecurity vulnerabilities that can be used to penetrate the device and receive access into the decrypted information, thus bypassing the authentication and encryption entirely. In other words, what’s known for years in the traditional cyber industry as Shamir’s law should  now make its way to the IoT security industry: “Cryptography is typically bypassed, not penetrated” and therefore companies must invest in securing their devices from cyber attacks and not just handle data integrity. To read more about that, please visit Sternum IoT Security two-part blog post.

Continue reading

Businesses need to take their cyber security seriously. There are huge financial implications for being hacked, not just from the perspective of lost revenue and weakened reputation, but also in the form of stricter regulations from laws such as the General Data Protection Regulation (GDPR). However, there are a number of myths about cyber security that make it difficult for companies to know what the best course of action is. Here are four myths about cyber security that are still affecting British businesses.

Myth #1: Cyber security is purely dealt with by the IT department

One commonly held myth that can actually put businesses at risk is the idea that cyber security is something that the IT department (and only the IT department needs to be concerned about). Of course, it is necessary to provide your IT team with the budget and resources to defend your business against the risk of a cyber-attack.

Continue reading

Virtual Cybersecurity Labs

Cybercrime affecting businesses has become so widespread that IT and network security professionals are always thinking about that next breach and the costs of recovering from it. This increased risk has also raised the demand for better virtual defenses to prevent the loss of sensitive organizational data such as personal consumer details and internal communications.

There is a substantial need for cybersecurity training. It’s something that many businesses are interested in, but implementing the right system isn’t easy. Physical labs are expensive, require significant time and resources, and aligning everyone’s schedules is often impossible.

Virtual labs are a great way for you to provide your customers and partners with access to the latest cybersecurity product demos and training. These labs are accessible from anywhere, customers can engage with them on their terms, they cost less, and increase the overall quality of the training.

Continue reading

Most Promising Israeli Cybersecurity Startups for 2019

Around 450 cybersecurity companies are operating in Israel, constituting 5% of the global cybersecurity market. The cybersecurity industry was founded in Israel in the late 80s, with the establishment of several local companies that developed anti-virus software and information security. To understand the impact of Israeli companies on the global market, we can mention a few of the well-known Israeli cyber companies: Check Point, Radware, CyberArk, Imperva.

The cybersecurity industry in Israel, which is an important part of Israel’s software industry, includes a wide range of companies that protect from cyber warfare and cybercrime. The sector includes companies operating in it for a long time as independent companies, together with start-up companies that were sold to foreign companies, they continue to operate in Israel as development centers of the acquiring companies. In the list below we will mention the most promising Israeli cybersecurity companies for 2019. We’ve created this list to give an overview of startups that our industry needs to track and be aware of. The companies below are operating in Israel or founded by Israelis, they all award-winning companies. To see the full list of Israeli cybersecurity companies please check our database.

Our list of Most Promising Israeli Cybersecurity Startups for 2019

breach and attack simulation XM CyberXM Cyber

In order to prevent cyber-attacks, organizations should identify in advance attack vectors that hackers will utilize to compromise their critical assets. Moreover, security holes should be remediated as soon as they are created and before attackers utilize them.

XM Cyber’s multi-award-winning breach and attack simulation (BAS) platform identifies continuously attack vectors and prioritizes remediation. The platform provides organizations with a clear understanding, at any given time, of where and how hackers will compromise their crown jewels. XM Cyber was founded by executives from the Israeli cyber intelligence community and has offices in the US, UK, Israel and in Australia.


SilverfortSilverfort

Corporate networks are going through dramatic changes due to IT revolutions like cloud, IoT and BYOD. With countless devices and services connected to each other without clear perimeters, users must be authenticated before accessing any sensitive resources.

Silverfort delivers strong authentication across complex corporate networks and cloud environments, without requiring any software agents, proxies or local configurations. Silverfort seamlessly enables adaptive multi-factor authentication for all sensitive users, devices and resources, including systems that don’t support it today, such as IoT devices, homegrown applications, critical infrastructure and more. Silverfort enables enterprises to prevent data breaches, comply with regulatory requirements and migrate sensitive assets securely to the cloud.


SixgillSixgill

Cybersecurity companies often rely on manual or semi-automatic processes to gather and analyze intelligence, creating a lengthy, expensive and ineffective intelligence cycle that fails to mitigate threats.

Founded in 2014, Sixgill provides cyber threat intelligence solutions based on coverage of exclusive-access to deep and dark web sources, to enterprises around the world including Fortune 500 companies, financial institutions, and law enforcement agencies.

In 2017, Sixgill was awarded a “Top 10 Most Innovative and Promising Companies of the World” at the Netexplo/UNESCO Paris conference and was included in the Disrupt 100. In 2016, Sixgill was named one of the “Top 5 Most Innovative Companies” at CyberTech Tel Aviv.


API Security Salt SecuritySalt Security

Salt Security protects the APIs at the core of every SaaS, web, mobile, microservices and IoT application. Its API Protection Platform is the first patented solution to prevent the next generation of API attacks, using behavioral protection. Deployed in minutes, the AI-powered solution automatically and continuously discovers and learns the granular behavior of APIs and requires no configuration or customization to ensure API protection.

The company was founded in 2016 by alumni of the Israeli Defense Forces (IDF) and serial executives in cybersecurity and in 2019 was selected as a finalist for the RSA Innovation Sandbox.


IntezerIntezer

Intezer’s Genetic Malware Analysis technology identifies code reuse among trusted and malicious software to detect advanced cyber threats. The technology determines whether a file is trusted or malicious, while also classifying the malicious file to its relevant malware family and providing information about the level of sophistication and the threat actor behind the attack, within seconds. The company also offers a free community edition where users can detect code reuse to obtain insights about malware families and threat actors.
Fortune 500 companies leverage Intezer to automate their malware analysis and classification and reduce false positives — improving security operations and accelerating incident response. The company’s technology has provided crucial insights in several high profile cyber attacks before leading engines and government agencies, including APT28, MirageFox, NotPetya and WannaCry.

Intezer was named a Cybersecurity Excellence Awards 2019 winner for Best Cybersecurity Company and Cyber Defense Magazine Infosec 2019 award winners for Cutting Edge Malware Analysis and Incident Response. The company was named an SC Awards USA finalist in the category of Newcomer Security Company of the Year.


Protego’s serverless securityProtego

Serverless applications require unique security solutions. Founded in 2017, Protego’s comprehensive SaaS solution helps organizations embrace serverless technology securely.

The Platform:

· Saves developers & DevSecOps time by automating application hardening & governance within existing pipelines.

· Provides CloudAppSec with serverless app visibility & seamless run-time security with function self protection.

Protego won the 2019 Cybersecurity Excellence Awards for Best Startup and was named a 2019 Company to Watch by SDTimes Magazine. In 2018, Protego won an Innovator Award from SC Magazine, received Frost & Sullivan’s Global New Product Innovation Award, and won most innovative initiative at the CyberTech Tel Aviv Conference.


SepioSepio

Sepio is disrupting the cyber-security industry by uncovering hidden hardware attacks. Sepio Prime provides security teams with full visibility into their hardware assets and their behavior in real time. A comprehensive policy enforcement module allows administrators to easily define granular device usage rules and continuously monitor and protect their infrastructure. Leveraging a combination of physical fingerprinting technology together with device behavior analytics, Sepio’s software-only solution offers instant detection and response to any threat or breach attempt coming from a manipulated or infected element.

Sepio Systems recently was awarded by Frost & Sullivan the Best Practice and Technology Leadership award for RDM (Rogue Device Mitigation) market.


ReblazeReblaze

Founded in 2012, Reblaze is a cloud-based, fully managed protective shield for sites and web applications. Hostile traffic is blocked in the cloud, before it reaches the protected network.
Reblaze is a comprehensive web security solution, providing a next-gen WAF, DoS and DDoS protection, bot mitigation, scraping prevention, CDN, load balancing, and more.
The platform offers a unique combination of benefits. Machine learning provides accurate, adaptive threat detection. Dedicated Virtual Private Clouds ensure maximum privacy. Top-tier infrastructure assures maximum performance. Fine-grained ACLs enable precise traffic regulation. An intuitive web-based management console provides real-time traffic control. A one-month trial offer allows you to assess Reblaze with no cost, risk, or obligation.


Regulus CyberRegulus Cyber

Regulus Cyber offers Defense for Sensors used in Automotive, Maritime and Aviation.
Being the first company focusing entirely on sensor security solutions that protect commonly used sensors for both manned and unmanned systems. The product called Pyramid is offering real-time protection against jamming and spoofing attacks.
These attacks can disable or hack sensors such as GNSS, LiDAR, Radar and other mission-critical components.
Regulus Pyramid has won several awards including AUVSI Excellence 1st place cybersecurity winner and The Cyberstorm Startup Competition and received $6.3 million in funding from leading VCs in Israel and Silicon Valley.


MorphisecMorphisec

Morphisec fundamentally changes the cybersecurity scene by shifting the advantage to defenders, keeping them ahead of attacks with moving target defense.

Emerging from the national cyber security center and from some of the sharpest cyber security minds in Israel, Morphisec provides the ultimate threat prevention by making sure attackers never find the targets they seek.

 


This was our latest list of most promising Israeli cybersecurity startups fro 2019. We hope that you will find what you need. Feel free to contact us if you want to add a company to our list.

Cyber Sec Recruiters

As cybersecurity is becoming more and more popular each day it’s also important to mention that there is a shortage of skilled people within the industry. Many recruiters create specific cybersecurity departments so they can stay competitive and fill the gap. According to the Forbes, it is expected that cybersecurity market will hit $170 billion by 2020 and cybersecurity jobs are expected to reach 6 million by the end of 2019. It’s not a secret that the rapid growth rate of the industry requires a professional approach from some of the best infosec recruiters.

In a recent interview, Karla Jobling from BeecherMadden (a top UK cybersecurity recruiter) reveals that at first cybersecurity companies wanted to hire as many people as possible. However, now they are more concentrated on how to find not many, but just the right people for the right position. It is extremely important for a recruiter to match the candidate’s expectations with the requirement and the corporate culture of the client company.

Continue reading

??? Women in cybersecurity 2018

In 2018 the number of cyber threats is rising every day, but there are still many gaps that needs to be filled in the world of cybersecurity. There is definitely a talent shortage as many people still think that there is no place for women in information security. Currently, women represent only 11 percent of the cybersecurity force worldwide.

As we already hear and read news related to cyber warfare and espionage on a daily basis, maybe it’s the right time for women in cybersecurity to step in and help to solve more related cyber problems. Although some people may say that the lack of interest is the main reason why there isn’t many women in InfoSec there is a huge potential for this to change in the future. We from CyberDB have created a list with some of the top women in cybersecurity so you can learn more about them and their accomplishments. Feel free to check it out!

Continue reading