Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Security Startups: Interview with Covertix CEO Yoran Sirkis

Security Startups Feature on Covertix

Security Startups Feature on Covertix

Company: Covertix  |  Who: Yoran Sirkis, CEO

SecurityWeek: How did you start out in the computer field and in particular, security?

Yoran: I started my journey in the cyber- and information- security fields while at the Israeli Air Force, where I served as a captain. After the military service I joined Comsec, an international information security professional services firm. While working there, I spent three years in the Netherlands, establishing the European Headquarters, and then returned to head the Israeli branch. In 2010, I moved to manage Comsec Innovation, an internal investment house dedicated to the seed investment of cyber-security companies. We used the fact that Comsec comes in close contact with vendors, analysts, customers and partners in order to find the best solution – investing in the execution and penetration into the market. After two years there, Comsec made a small investment in Covertix, and although people told me not to fall in love with the startups – I had fallen in love with Covertix. I moved to be the full-time CEO of Covertix at the beginning of last year.

Photo of Yoran Sirkis
 Yoran Sirkis, CEO of Covertix

SecurityWeek: What’s the story behind the founding of Covertix?

Yoran: Covertix was founded in 2008 by Alon Samia who has a strong background in the US financial sector, and Tzach Kaufman who came with a strong background in hardware and application security. Tzach is Covertix’s CTO and had worked at companies such as Kavado, Radware, Kerenix and others. Alon and Tzach came to the conclusion that the traditional Data Leak Prevention (DLP) solutions aren’t good enough. Data can still be leaked from organizations because the current approach of guarding the gate doesn’t really cover the problem. In today’s business world, you need to share information all the time with parties outside the organization. However, the moment the enterprise shares information with the external party – the external party becomes the weakest link as they cannot invest the same amount in security. Therefore they developed Covertix which takes on a bodyguard approach: protecting according to file content and context and accompanying the confidential information inside and outside the organization. This bodyguard approach enables the enterprise to actually track, monitor and protect the information even after it left the organization.

Covertix basically combines the two main technologies of DLP and DRM to enable users to monitor and secure the information internally and externally. That’s why we do secure file sharing, file level protection and secure file collaboration.

SecurityWeek: How does the Covertix solution work?

Yoran: We have a patent where we know how to integrate small pieces of software into any type of file. We can define the policy, send it to any entity and make sure that only the policy that is defined by us in that small piece of software is the only policy to be worked according to. Only the legitimate usage can be used, and only by a legitimate entity outside of the organization.

We have two types of solutions: one which requires the installation of an agent, and one that doesn’t need an agent. The solution that requires an agent allows full collaboration and sharing, and is completely transparent to the user. For example, there’s no need to encrypt – encryption is part of the regular work flow while the piece of logic integrated in the file assists to define what’s allowed and what’s not. The second solution, which does not require the installation of the agent, is called the SmartCipher Mobility. It enables the sharing of information with anyone without preliminary registration and without the installation of an agent on the other end. It used for view-only functionality and annotation capabilities.

SecurityWeek: At what stage is Covertix now?

Yoran: In terms of headcount, we have about 15 employees. We have customers in Europe and in Israel. We recently started activity also in the US and that’s our main focus right now. The company is backed by the Office of Chief Scientist, while the current investors are micro-funds and angels. We’re now closing a rounding fund with a major investment house to help us execute in the US.

SecurityWeek: What’s your business model?

Yoran: We target medium and large enterprises. Our solution is subscription-based, sold via channels and as a service via cloud providers that are our partners.

SecurityWeek: What are your markets?

Yoran: We’re very strong now in the healthcare and financial markets. These are the most regulated sectors where the regulations demand the tracing and monitoring of private information and of course, the protection of that information.

SecurityWeek: Who are your biggest competitors?

Yoran: There are multiple competitors that actually rely on Microsoft platforms, and particularly, on Information Rights Management (IRM) and Rights Management System (RMS) technologies. Then there are also competitors that deal with the collaboration of information.

The uniqueness and advantage of Covertix is being able to protect any type of file – including design files, development files – and not just Office and PDF. We have very sophisticated policies that support a lot of business processes. These policies are not simply whether a file can be opened or forwarded and such, but they also contain a lot of business intelligence. For example, the policy can allow an individual to print only from a device that is connected to the domain. In that way, the individual cannot print from the home printer. A policy can also allow the individual to open the file from the desktop, but not from the mobile. In fact, one of our clients in the area of healthcare protects the medical e-records with Covertix and that enables the doctors to work according to a certain policy when inside the organization, and a totally different and limited functionality when they connect to the information remotely.

SecurityWeek: Where do you think your field is going on from here?

Yoran: We will see increasing demand for more secure file sharing solutions because the boundaries, the perimeter of the organization, are not defined anymore. Everyone wants information on their mobile, information is outsourced, and people work remotely. The current climate and challenge requires organizations to protect the data and not just the perimeters.

SecurityWeek: What is your biggest challenge?

Yoran: The fact that many organizations share their information and assets also with sub-contractors, and other external parties. For example, say you’re a car manufacturer and you need to create a design prototype – you’ll be working on the design also with external consultants and so you need to find a way to protect it also when it is outside the organization. Intellectual Property isn’t confined any longer just to the building. The challenge is how to protect information on multi-type of platforms that can be delivered on multi-type carriers and still enable the users to work in a user-friendly way and without too many obstacles.

SecurityWeek: Is Covertix hiring? If so, what do you look for when you hire?

Yoran: We are now hiring people in the US – sales and technical individuals to help us execute, support and complete projects in the US market.

SecurityWeek: Other than yours, what is your favorite startup – whether it is in security or not?

Yoran: I have 3 favorite startups:

– Cytegic. They cover an area which there is a huge demand and where there are not too many solutions.

– Shine Security. Mainly because of the person behind the company, Ron Porat, who I think is one of the most knowledgeable security experts I know. Shine tries to solve one of the most critical issues in cyber-security.

– GreenSQL. It has a very interesting model and a unique management team that in my opinion can lead the company to its next challenge.

Read More Security Startup Interviews Here

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility