Company: LightCyber | Who: Giora Engel, Co-Founder and CEO
SecurityWeek: How did you start out in the computer field and in particular, security?
Giora: My security background started in the military. If you look at other Israeli companies that focus on security, such as Checkpoint and Imperva, you can see that many of the entrepreneurs began their security career in the military. We have that advantage where the ideas originate in the military and at a later stage we can implement them in a different manner to fit the industry needs. Essentially, we get to know the technology ten years before they reach the industry.
After the military service, Michael Mumcuoglu – LightCyber’s CTO and co-founder, and myself studied physics and math at the university. We did some interesting research there covering different areas such as computer vision and physics. The theme that ran across these research topics was dealing with large amounts of data: extracting the essence out of these mountains of data, and turning them into actionable items. I found that studying the universe is similar in approach – although with a different data set – to detecting malware.
LightCyber is our second company – co-founded about 1.5 years ago, in 2011. Our first company was MeterLive which measured audience ratings for physical locations (say, how many people were at a certain location). We had a technology that tracked the cellular phone to gain the statistics.
SecurityWeek: What brought you to found LightCyber?
Giora: Cyber security is our core expertise. The world has changed very significantly within a short amount of time from the generic viruses and self-spreading malware. Today’s new threats are more targeted, focusing on specific types of damage. Malware is not restricted anymore to just spreading, but in most cases to stealing sensitive data and sabotaging. When we started out, all the market technologies were not relevant to this type of threat. We already knew a lot about targeted attacks and had a new approach that could change the market in that sense.
SecurityWeek: What does LightCyber do?
Giora: We detect the attackers when they operate in the core network.
The first step for attackers is to penetrate the organization. Although there are preventive measures, they’re not 100% successful. This leaves the few percentages that do enter the organization as the real threat since they’re targeting the specific network. Once the attacker enters the network, there’s no way to detect a cyber-attacker since everything looks normal. The attacker software usually operates within a specific computer with a certain set of credentials so it can access files and connect to other computers. Solutions that look for specific exploits or signatures do not work for these scenarios. We’re the first solution to detect the attacker by identifying suspicious behavior inside the network.
We don’t look at a specific packet or field to test whether it is too large. We look at the behavior. This means that every file access and every protocol could be used as an attack indication – even were it alright under a different context. What we do is model each computer and user separately, and maintain those models over time. Everything we do is based on history we gather from the network.
Take as an example users from the R&D and marketing departments. These users are totally different – they operate on different systems, they have different levels of network understanding, and they use different tools. There’s nothing common between these users and so they require a separate description. What would be considered normal behavior for an R&D user might be suspicious for a marketing individual so we track user and computer behavior. Furthermore, some entities are not actually users- they could be smartphones accessing the networks. As such, there are also separate notions of devices, computers and users.
SecurityWeek: Who are your competitors?
Giora: Today there are no solutions of this kind.
There is a big trend of using forensics tools such as Netwitness. They’re very robust but do not provide detection – although they provide visibility into the network traffic, they do not show what the problematic traffic is, and how the user is behaving differently.
We do something different – targeted forensics. During the forensics phase, we provide the user only the relevant piece of information required to detect the attack.
SecurityWeek: What is your business model?
Giora: We sell appliances, and offer both physical and virtual. We sell a perpetual license for the appliance and usually one appliance per data center.
SecurityWeek: What are your markets?
Giora: Obviously, we started out in the local market. It’s physically close, but also companies here are very open to using new security solutions in their organization – even before there is a product.
Now we’re focusing primarily on North America. It’s the first market we’re working on because this market tends to be an early adopter. It’s more advanced than other markets in the world – also in terms of advanced threats which are stronger in this region. In fact, we’ve just started sales there and we’re now also going to move our headquarters to North America.
SecurityWeek: Who are your investors?
Giora: More than a year ago we raised a seed round of $1.5M from Gliliot Capital. They’re a VC-fund that concentrates on cyber-security and we were their first company in their portfolio.
SecurityWeek: What is your greatest challenge as an entrepreneur?
Giora: The challenges just get bigger and bigger in time. Every month there’s something that does not compare to what’s at this moment. Technology is definitely a challenge, and that’s the core of what we do. Although we come from a rich a technological background, we have a very complicated technology and with the Israeli size of funding it’s not trivial to turn a product within a short time frame and a limited budget. Getting funding is also a challenge. Of course, also starting to sell is a challenge. We did pretty well in Israel and we’re starting now in the US.
Another challenge is that we have a different approach and a new kind of product that is very much needed. But because there is no other product out there, there’s the challenge of introducing something new to the industry. The companies know they have a problem – but still, being the first solution is a challenge on its own.
SecurityWeek: Other than yours, what’s your favorite start-up (whether in security or not)?
Giora: There are many good start-ups! In security it’s Cyvera. They came up with a new approach to protecting endpoints from zero-days, and have some great results.
Note: To run this interview, I was introduced to Light Cyber through Innovation Endeavors (IE) – an early stage VC, founded by Eric Schmidt. I’d like to note that I was very impressed by IE, showing the support and encouragement to a start-up which was not even in their portfolio. If you have a security startup, or know of one, and would like to participate in this column feel free to contact me using the contact form.