Company: Foresight | Who: Israel Ragutski, Co-Founder and CTO
Foresight is a Web application security company which provides a new type of technology as the front line of Web protection. Co-founded by Israel Ragutski - the company’s CEO, and Nimrod Luria – Foresight’s CTO, I sat down with Israel to chat on entrepreneurship and this new offering.
SecurityWeek: How did you start out in security?
Israel: Both Nimrod, Foresight’s CTO, and myself started out in the defense industry where we have more than 15 years of experience in computer security. I personally began as a researcher, and then as a technical developer. Under this role, I was also part of the “Red Team” - providing penetration testing services to the military and the government.
Nimrod on his end, held a number of positions providing worldwide security services. He started out with his own consulting firm which provided the professional security services for companies such as Avnet and 2BSecure. In time, he joined Microsoft’s ACE team in the US where he consulted on global strategic projects.
Nimrod and I initially met when he consulted on a military project. When I completed my military service in 2009, Nimrod also left Microsoft. We decided to join forces and founded a company named Qrity which provided cybersecurity services - mainly to government and different defense bodies worldwide.
In time our research within Qrity led to a product and that was when we founded Foresight.
SecurityWeek: From a service provider to a vendor. Why?
Israel: A couple of years into our consulting business, the company –Qrity- was already well established and had a strong customer base. But we recognized that customers were calling us after they got hacked, bringing us in the middle of the night to rectify the situation. This got us thinking: how can we address two of the biggest pain points for computer security professionals, namely site protection and site availability? We started to research and in the meanwhile worked with two of Qrity’s customers who provided us with feedback on the need for such a solution as well as on the implementation. When we felt good enough with the need for such a solution and our technology, we started focusing on the development of the product itself. At that stage, we founded Foresight and passed on all activities to Foresight. Our product has been available since the beginning of the year.
SecurityWeek: What does Foresight do?
Israel: Foresight’s technology focuses on both the security and the availability of Web sites. As opposed to current existing solutions, this technology creates a hologram of the original site. The hologram learns legitimate user behavior across the site so that given a Web request, the hologram tests it against the expected legitimate behavior. If the request resembles a real transaction, it gets sent to the backend – which is actually the original site - and the transaction can take place. Under this framework, non-business-related requests never even reach the original site.
SecurityWeek: Is your solution in place of a Web Application Firewall (WAF)?
Israel: We actually complement the WAF. There are two major issues enterprises face when deploying a WAF. First, deploying a WAF with a strict set of rules within a complex system is a complicated task. Second, in a typical enterprise system, the WAF exposes the user to a large amount of technical and infrastructural resources that are actually not needed to conduct legitimate transactions. So although the WAF drastically reduces the attack surface of a system, it still leaves open gaps for hacking attempts.
This is where our solution comes in. The hologram becomes the front-line of defense for different requests, throwing out all requests that have nothing to do with the actual business transaction. The WAF, in turn, is left to deal only with business logic transactions.
SecurityWeek: Who are your customers?
Israel: Most of our customers are in Israel where about 20 enterprises deploy Foresight’s solution. Amongst these customers are major banks, government offices, and infrastructure companies. Our technology proved itself during the recent Hamas-Israel cyber conflict. There was no impact to those sites protected by Foresight which successfully withstood dozens of different attacks such as SQL Injection, Network Level Attacks, and 50Gb/ sec DDoS attacks.
A smaller portion of our customer-base is located in Europe – mainly in France, but we’re also in advanced stages to penetrate the UK market.
Our next goal is expansion to the US market. The US market is very much ready for these types of solutions. News of cyber threats are recounted on a nearly daily basis. Just recently we heard that different states with economic and governmental motives conducted cyber-attacks on financial and government entities. We can only expect these threats to grow. For this reason, the search for a better solution will be more intensive.
SecurityWeek: Who are your major competitors?
Israel: Currently, we have no direct competition. We’re very visionary in this field and we’re the ones who made this technology implementable. Up until recently, this type of technology was considered very complex. We worked for nearly two years on the R&D for this type of solution and we’ve filed patents to make this technology much simpler. In fact, all that a user needs now to run the system is to click a button.
SecurityWeek: What is your greatest challenge?
Israel: Ironically, it’s being the first ones with this technology. Obviously, the good thing is that we do not have direct competition. But it also leaves us to work solely on market education – raising awareness to the value of this product and convince prospects for the need of such a solution. That being said, the minute the customer understands this added value they increase our engagement and add more sites to our offering.
SecurityWeek: Until that happens, how do you get your foot in the door?
Israel: It does happen that at times we arrive at prospects, and even before the meeting begins, we’re dismissed saying that they already have a business continuity solution in place. At that stage, we request for just 15 minutes- arguing that with today’s dozens of cybersecurity challenges, discussing our solution is certainly worth it. It’s in that quarter of an hour where we show the proven results from deployments at other organization. This usually raises the initial interest which is followed by a demo request. We can provide one quite quickly and from there on it is rare that prospects do not advance to a deeper engagement with us.
SecurityWeek: Who are your investors?
Israel: We’re completely self-funded with the initial seed-funding coming from the two founders. As of 2012, second quarter, we’re a profitable company that is funded solely by sales.
SecurityWeek: What are your growth rates?
Israel: We currently have 12 employees, and on average we recruit 4-5 employees every quarter. In this upcoming period we plan to grow significantly to continue and support our growing customer base.
SecurityWeek: What do you look for when you hire?
Israel: Other than the obvious, such as experience and a trained professional, I look for teamwork. We’re at that stage where a sense of “bounded fate” is most important. In other words, the employees don’t just see Foresight as a job, but their future is bound to the success of the company – and it works in the other direction too, of course.
To rise up to that “bounded fate” feeling, we made a conscious decision to put the R&D employees in the field. This is quite rare as usually there are dedicated delivery and support individuals who fulfill this role. And yet, even though that it’s not always easy – after all, some engineers are not used to being customer-facing or might err on messaging- we still decided that this is a risk worth taking. Customers are happier with our commitment to provide them with the best individuals that the Foresight has. On the other hand, the R&D employees realize that standing up to the high expectation of the customer is key to the success of the company.
SecurityWeek: Can you share any tips for other entrepreneurs starting their own business?
Israel: One of the biggest challenges as an entrepreneur is deciding on the start-up strategy. Are we going to build a start-up with an evaluation of $50 million, or of a few hundred million? This type of decision does not only affect the company’s strategy, but also affects the founders’ participation in the company. The latter in turn hides much more risk –financially as well as personally. The decision whether to run a sprint or a marathon is going to affect the way they partnership, raise funding, retain customers and even hire employees.
SecurityWeek: Other than yours, what’s your favorite start-up (whether in security or not)?
Israel: Covertix. They address one of the industry's most pressing problems - data leakage. It’s based on a unique solution that enables collaboration and sharing of sensitive files through multiple channels, while maintaining end to end confidentiality.
Proper Disclaimer: When I initially heard about Foresight I was very curious in hearing what they had going. Having worked for a WAF vendor for more than 5 years, and still a stakeholder, I naturally wanted to know more about this technology and how it fits into the Web application security space. I even got down-right techie to dig the details. I’ve decided to spare the readers from these bit and bytes and concentrate on the entrepreneurial-side of things.