Company: CyberARM | Who: Shay Zandani, CEO and Co-Founder
SecurityWeek: How did you start out in the computer field and in particular, security?
Shay: My background is with “Mamram” – the Israel Defense Force’s technical unit. Later, I joined the Israeli Air Force as a programmer where I worked as a team leader and officer. After a few years, I was asked to establish the information warfare department which, generally speaking, means using the enemy IT systems on the defense’s behalf. At that time all this was strictly confidential, not like nowadays where there’s an information warfare department, and counter cyber-attacks. After proving the team’s capabilities, I was asked to establish the “Blue team” which focused on protecting the systems. When I left the army, I gained industry experience with several start-ups. At one of the startups, we established the first Trusted Third Party (TTP). Unfortunately, the idea was ahead of its time – we had a great technical success but it was a marketing failure. After that, I joined PricewaterhouseCoopers (PwC). At PwC I became the CEO of the Global Risk Management Solutions (GRMS) Group. I spent more than 10 years there, running their risk management and IT practices. I left 1.5 years ago to establish CyberARM.
SecurityWeek: What brought you to found CyberARM?
Shay: I founded the company during January 2012 with my partner, Dr. Elon Kaplan. Having conducted several projects on risk assessment, we were able to collect and analyze many risks in the organization. Risks include financial risks, strategic risks, compliance, and operational risks. It takes a few months to complete these risk surveys or assessment processes. Many times when we presented the outcomes, the customer feedback was that most of those risks were current to the time that the assessment process began. However, since the cyber and the security risks changed dramatically over time, some – if not most – of those risks became irrelevant. The analogy is looking in the rear-view mirror while driving a car. We should be looking ahead and see what’s coming at us. The question then is how to face upcoming vulnerabilities and events. Thinking about this as well as correlating between real-time intelligence and the organization’s security posture brought us to establish CyberARM.
SecurityWeek: What does CyberARM do?
Shay: CyberARM does cyber defense posture optimization. More specifically, we correlate cyber-landscape intelligence – such as threat agents and attack methods – together with the security posture and the controls’ maturity of the enterprise’s business environment. This provides the management and the CSO with a decision-support system that helps them decide whether and where to invest their cyber-defense dollars. To achieve this we analyze the threat agents, the attacker psyche, attack trends, attack methods and tools and run this analysis on specific enterprises and business environments. Based on the current security posture and controls implementation, the product outputs the type of controls that the organization needs to implement or strengthen. Regarding the controls, it’s important to note that since we’re talking about processes then this means people and technologies.
SecurityWeek: At what stage is CyberARM now?
Shay: Our investors are mostly private angels from Israel and around the world. We’re now working on round one – we already have a term sheet from a local VC and we’ve got the approval of the Office of Chief Scientist. In terms of employees, we’ve already hired seven employees and are currently continuing to hire.
SecurityWeek: What are your markets?
Shay: Our markets could be major enterprises and even SMBs that will use our tool as a SaaS service. We focus on various verticals since we provide an objective platform for a discussion on the true threats to each vertical and geo-political region. The Verizon DBIR 2013, for example, showed that the financial sector is more vulnerable to cyber-crime threat agents and less by cyber-espionage – and our system reflects this vertical cut.
SecurityWeek: Who are your biggest competitors?
Shay: We have three levels of competitors, and an additional major one.
First, one could see the consulting companies as our competitor since we seemingly replace some of the security risk assessment processes that they run. Second, one might consider the big GRC products such as RSA Archer or IBM OpenPages as CyberARM’s competitor since they provide managers a way to manage their expenses regarding security IT. Third, others might think one of the cyber-intelligence startups that are now evolving like mad and provide a lot of cyber tactical intelligence as our competitors.
Actually, however, all those companies can actually cooperate with us. Consulting companies could leverage a lot from our outcomes. A great example of that is with PwC which uses our tool in Israel and globally to add value to their clients – instead of surveys lasting a few months, they get the results in a much shorter time. Looking at the GRC products, you can see that they do not deal with external real-time intelligence regarding cyber threats and the cyber landscape. In fact, we can use the organizational data collected by those systems and correlate it with external intelligence. As for the other tactical intelligence companies, these could be used as another source of cyber intelligence fed into our cyber intelligence analytical center.
That brings me to the most dangerous competitor – we call it the know-it-all-CSO. To be truthful, this type of individuals has nearly vanished. People are now much more open and not ashamed to admit that they’re not experts and they need some help. Just imagine a CSO that does not need a SIEM SOC system since they know all that happens to the organization. In a similar manner, there is a space for a solution that brings together cyber-landscape intelligence and the current situational awareness within the enterprise.
SecurityWeek: Where do you think your field is going on from here?
Shay: If a few years ago we were dealing only with security technologies, people are now talking about intelligence. In the near future it will be about getting the knowledge and deriving it to the enterprise’s specific means and to the specific business unit – what’s everyone calling Big Data. We need to not only identify trends from this Big Data, but also to correlate it with the needs and the vulnerabilities of the organization.
This is the place to note how ironic it is that the attackers are sharing much more information than the enterprises. Unfortunately, unless an attack or a specific incident is published and happens to be big news – there is no collaboration sharing platforms for specific verticals. Yet, this type of information is very useful for enterprises to understand up-front how to defend themselves. On the other hand, you can find on most of the DarkNet – and other hacker blogspheres –so many attack methods and tools against the enterprise that are shared between members. Until we establish – or implement – this platform, we will be limited to the extent of what we can do to defend ourselves ahead of the attack.
SecurityWeek: What is your biggest challenge?
Shay: The biggest challenge is to implement all our ideas and technologies at the speed of the market, client and regulatory needs – all the while when the cyber hype is occurring. It’s learning how to focus and deciding what is most important compared to all the other initiatives we’re busy with. Our major motive is that the client is our top priority.
SecurityWeek: Other than yours, what is your favorite startup – whether it is in security or not?
Shay: Covertix. It’s more about the CEO behind the company – Yoran Sirkis. I believe that it’s the DNA of the company founders and how they align it with the market needs and market development which make it impressive. Yoran stands up to that – he had a very interesting career path, going from ComSec to a VC and now to the CEO.