In the wake of the Sony hack, many high-profile companies are scrambling to figure out how they can protect themselves so that they're not next.
Israeli cyber-security companies have earned prominence worldwide for their innovative methods of protecting businesses large and small from increasingly sophisticated hackers.
So which Israeli cyber-startups should we look out for to provide urgently needed, innovative solutions to companies like Sony, at risk from increasing malicious cyber-strikes? Here are 7 promising Israeli startups protecting our businesses... and our way of life.
The latest cyber-attacks on Sony, Home Depot and many other businesses around the world underline a common trend--the reuse of common malicious components in the attacking tools. This reuse allows cyber-attackers cheap, easy-to-perform attacks that cause hundreds of millions of dollars in damage. CyActive's technology detects in advance the many malware variants that grow out of these reuses, thus turning the process against the attackers, making their work harder and more expensive, while giving businesses proactive security.
CyActive is a predictive cyber-security company, which places its clients ahead of potential cyber threats by predicting and preventing future attacks. CyActive has developed an unprecedented ability to automatically forecast the future of malware evolution, based on bio-inspired algorithms and a deep understanding of the black hats' hacking process. CyActive is the first to offer proactive detection of future malware before it has ever seen the light of day. The resulting solution delivers unparalleled protection to IT and OT assets. CyActive is backed by JVP, Israel's leading venture capital firm, and by the Venture Capital Unit of Siemens.
Founded by veterans of the security and defense industry and well-recognized researchers from academia, CyberCanary makes all wireless devices, such as phones, tablets, laptops, or any IoT device, resilient to eavesdropping, tapping and data interception.
Eavesdropping, tapping and interception are the fastest growing threats to enterprises, executives, politicians, and professionals. In fact, it is evident that 88% of the major airports and most of the commercial districts in the US are covered with "spoofed" WiFi access points and fake cells that enable cybercriminals to record your calls, tap into your texting and intercept all of your data, such as emails, passwords, browsing, and personal information/credentials.
By simply installing the CyberCanary application on your device, CyberCanary utilizes proprietary radio level security technology that can identify and evade "spoofed" Wi-Fi access points and fake cells in real time, making your wireless device invisible to the attacker. There is no need for any installation on the network or access point/cell side and there is no need for any modification of the wireless device itself (e.g. "rooting", "jail breaking"), which means that CyberCanary is completely transparent to the user. CyberCanary is the first solution that enables enterprises to ensure that no one intercepts their employees' phone calls, SMS, or data such as private and confidential information, both on public/private Wi-Fi, as well as on cellular networks.
Organizations today spend millions on advanced cyber detection tools, yet an increasing number of these organizations get hacked. Cyber-security experts, flooded by terabytes of events and alerts, have few tools to help them cope with this torrent of incoming data. Staples, Target and Sony are but a few organizations that had alerts, but failed to recognize, prioritize, investigate and remediate the threats in time--they were overwhelmed!
SecBI--Security Business Intelligence--is an adaptive investigation platform that combines advanced machine-learning capabilities, cyber-security expertise and user-feedback. This, in turn, helps security experts and organizations investigate faster, respond better and prevent the next breach. SecBI analyzes the plethora of data and provides security experts with only the most specific and relevant details needed for quickly triaging and responding to threats.
Morphisec is creating the ultimate security defense tools for protecting enterprises against targeted attacks. Morphisec takes the concept of polymorphism which is commonly used by attackers to disguise their attacks and embraces it as part of its new game-changing security concept: polymorphic defense. Morphisec's polymorphic defense hides the enterprise's inner architecture and as such, makes targeted attacks ineffective.
Morphisec could have prevented recent high profile targeted attacks which were built based on deep understanding of their targets. Such attacks would fail on their first attempt. Furthermore, Morphisec's real-time investigation tools can uncover the attack source accurately and instantaneously, an almost impossible task with today's existing tools.
Checkmarx is the developer of software solutions used to identify security vulnerabilities in web and mobile applications. Building an application and keeping it secure is a lot of work. One unchecked step can leave it exploitable by hackers. This is even more important in light of recent hacks of major international brands--eBay, Target and, of course, Sony. Companies are beginning to realize that not only hi-tech companies are at risk, but that cyber security is now an essential part of business no matter the industry in which they operate. As companies feel the cost of security breaches in their bottom lines, the importance of ensuring that their own applications are secured becomes of the utmost importance.
Checkmarx provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. Checkmarx scans software source-code, quickly identifying security vulnerabilities and regulatory compliance issues, and shows developers and security auditors where and how to fix them. The company's 400+ customers include four of the world's top 10 software vendors and many Fortune 500 and government organizations, including Coca Cola, Salesforce and the U.S. Army.
Secure Islands Technologies creates and markets innovative and advanced IPC (Information Protection and Control) solutions, integrating patent-pending and intelligent data-centric security technology. SecureIslands' classification-driven, comprehensive security systems for protection of sensitive company data seamlessly integrate with existing IT infrastructure and business processes.
Dome9 will make the cloud security stack manageable, and secure cloud servers and make them pretty much invisible to hackers. Their patent-pending security centralization and policy automation will make it simple to create a scalable and simple front-line defense in order to secure any server within any cloud.
Incapsula, an Imperva company, was founded in 2009 by a group of industry veterans with strong backgrounds in web application security, online safety and identity theft.
The company's mission is to provide all companies, regardless of their size, with best-of-breed web application security and performance enhancing solutions, previously available only to Fortune 5000s. The company's vision is to lay the foundation for an "equal opportunity" Web, where all website owners can afford to make their websites safer, faster and more reliable.
Incapsula unique approach leverages the advancements in hardware, networking and cloud computing to consolidate multiple technologies for website acceleration and security into a full-blown Application Delivery solution.
As attacks become more complex, they evade detection by standard security tools. Cybereason enables organizations to reveal in real time complex hacking operations and automatically get the whole attack story. Using a real time machine learning and behavioral analytics tools Cybereason engine discover hints to hackers' activity inside the organization and automatically tie together activities that appear to be unrelated to a coherent story of the attacker's movement in the network. The organization automatically gets a snapshot of the attack's timeline, root cause, the involved malware and that hacker's activities, the communication involved in the attack and the involved users and endpoints, enabling security to effectively respond and remediate the attack.