With network infiltration both on the rise and increasingly sophisticated, an Israeli startup called Cybereason has a novel approach to providing protection from hacking.

Founded by CEO Lior Div, CTO Yonatan Striem-Amit and Chief Vision Officer Yossi Naar at the end of 2011, Cybereason has broken into the international market with a $4.6 million series A financing round from Charles River Ventures in Boston. Its motto: “Detect. Visualize. Terminate. Revealing Cyberattacks in Real Time.”

According to Div, merely trying to protect the perimeter of an enterprise is a losing battle; the breach is inevitable. Incident response by definition is too late; the damage is already done.

By filling the gap between breach and compromise, Cybereason is shifting the focus from malware to detecting malicious operations — what it has termed “malops.” This is done by continuously monitoring the IT infrastructure, visually describing the malops in context and instructing security analysts on how to stop the hacking operation.

“Penetrating a network does not take long for a hacker who knows what he’s doing,” Div tells ISRAEL21c via Skype from Cambridge, Massachusetts, where he and his partners relocated with their families in January. “But then the actual work begins. It’s not enough to get a foot in the door; getting into a single system is not the end goal.”

Many malops

Div uses a movie metaphor to describe the process.

“You see a guy enter a building, say a large corporation headquarters, to steal its formula. Later, you see him exiting with it. What you don’t see is what he did, or how long he took to do it, while he was inside. In fact, it is only after he is inside that the real operation begins.

Cybereason CEO Lior Div.

“Attackers must gain a foothold. They need to probe for the exact location of their target victim. They need to get data inside and outside of the organization to establish a command channel. They must spread out to reach a position that allows access to their target. They need some agent to perform the necessary actions on the target machine.

“Each of these phases — the malops — may involve the use of a myriad of techniques, depending on its specific objective.”

Thus far deployed by some 15 companies in the United States and Israel, Cybereason — enterprise software sold as a service for a monthly or yearly fee — has detected malops in each, successfully enabling damage prevention.

“What’s good about it is that it uses a lot of graphic interface to explain what you’re seeing,” says Div. “We take something complicated like a cyber attack and explain it to people who are not experts.”

Filling a gap in the market

Div, 36, grew up in Kfar Saba. He served in the Intelligence Corps of the Israel Defense Forces, reaching the rank of lieutenant and receiving a medal of honor. He was an officer for six years until completing his military duty in 2001. He then earned a degree in computer science at the Academic College of Tel Aviv-Jaffa.

His next chapter was employment with companies including Amdocs, where he worked for two and a half years.

“As much as I appreciated my experience there, and how much I learned, I felt that such a big corporation wasn’t the right fit for me,” says Div. “That’s when I decided to create my own startup.”

This decision led to his establishing Alpha Tech in 2007, which provided cybersecurity for government agencies.

It was the combination of his expertise in computers and security that would lead to his partnering with Striem-Amit and Naar to create Cybereason.

“We identified a gap in the cybersecurity market,” says Div, explaining that they gathered massive amounts of information from companies that gave them early access to user interface techniques and other data to develop and hone their software.

Sleepless nights

It took the bootstrapped team three years to get from the initial idea to the product. The risk entailed sleepless nights.

“If an entrepreneur tells you he’s not worried, he’s not telling the truth,” says Div, who is married with two children. “But we were fortunate to be a team, all in it together, and to have the support and faith of our wives, parents and friends.”  

The risk paid off. Cybereason was officially released on February 11, 2014. In addition to the Cambridge office with five people, there is a 20-strong R&D staff in Tel Aviv. The team is expected to double by next year.

“We moved to America to get more people interested. To have a successful business, you have to have access to customers,” Div says, adding that the finance sector is their current target. “But the research and development is staying in Israel.”

For more information: http://www.cybereason.com/