After interviewing Yonatan Striem-Amit, CTO and co-founder of Cybereason, Safety Detective’s Aviva Zacks feels safer in the cyberworld.
Safety Detective: How did you get started in cybersecurity?
Yonatan Striem-Amit: Growing up, I was interested in computer games, but at about age 12, I had a simulation game that was a bit too difficult. I thought if I could change the way the code worked, the game would be easier. For example, every time I bought something, the amount of money I had went down. I didn’t like that economical fact, so I started looking at how the code of the game worked and teaching myself how to read it. I was able to program the game so that my money actually increased when I bought things.
But during the process, I discovered that changing software and breaking software is much more fun than playing the game itself, and I was hooked. For the following six years, I was doing development and security and reverse engineering, but I didn’t even know the name for it back then.
When I was 18, I was chosen for the 8200 intelligence unit of the Israel Defense Forces (IDF) as a “PC kid,” with no formal training but many years of experience doing development and security on my own. The 8200 unit is absolutely the best environment in the world for kids like me who had the aspirations, knowledge, and a lot of free time to turn them into cyber entrepreneurs.
SD: It’s so refreshing to hear that kids in Israel have an outlet to use their cyber talents in such a meaningful way. How did you go about founding your company?
YS-A: Sometime in the middle of the 2010, Lior Div, our CEO, and I were sitting in the mess hall in one of the government institutions in Israel thinking and talking about cyber operations. During that exchange, we started building and playing with the idea of what would end up becoming Cybereason. Lior and I were thinking about focusing on what happens after the hackers get in.
We understood that when trying to achieve an agenda by hacking, getting that first foothold in the network was just the first step on a long path. This is true for nation state attacker, but this is also very much true for criminals trying to get their agendas over our corporate environment. So, we focused on reversing the hacker advantage.
SD: How does that work?
YS-A: Think about it. In the old thinking, Cyberdefenders must win every single battle, but hackers only have to win once to get away with their operations. If we reverse the hacker advantage, once the hacker is inside, they have no idea what to expect. It’s an environment they don’t know. At this point, we can capture even the smallest piece, we can unravel their operation. It’s like a tower of cards—you pull on one and then everything collapses.
We have complete visibility into every single thing the malicious adversary is doing with a machine learning driven engine that can find these threats. In almost every environment we have come up against, with our data and analytics we are able to completely remove the hackers’ presence—not just remove malware from the environment. That’s a big, big change compared to what the industry was, and still is today, for most vendors.
SD: What are your company’s goals?
YS-A: Our whole goal is to change the paradigm. We have to think differently. Even today, most of our competitors in our space are talking about how to make end-points more secure? And we’re saying “yes and”—that it is an enterprise protection problem.
Think of it like an immune system. Your body’s immune system doesn’t prevent every single cell from being infected, but it can learn how your body works and inoculate itself to threats. If nature had designed us as “every cell for itself,” no complex organism would live today.
It’s the same in the computer world. If we build a solution where we treat every computer as an island, we limit what we can do to prevent hacking. But if you think of the enterprise as a mesh of entities that can talk to each other, learn about each other, and use the observation of one to protect the group, the effect is amazing.
SD: How does Cybereason differ from the antivirus companies whose names we recognize – like Symantec and McAfee?
YS-A: The difference between legacy companies like Symantec and McAfee and the new age companies like Cybereason is that the legacy mindset was focused on malware. Innovative young companies like ours have decided to ignore the paradigm for the last 30 years and focus on solving the real problems of threats – finding and eliminating malicious activity.
SD: What are the trends in cyberattacks today?
YS-A: We’re seeing a lot of interesting trends which exposed a lot of risks to enterprises. What used to be nation state weaponry is now readily available for every single person on the internet. Everything that we used to consider top secret, state-level secrets, are now available on GitHub for every person to download. In the last couple of years, ransomware was a big deal, simply because It was a way for hackers to monetize on attacks.
On the national level, our infrastructure is becoming more and more connected. Elections are of course becoming more digital. The social world is also changing in that regard. There’s a lot of interacting events happening globally that create a perfect storm favoring the hackers.
There are a lot of trends around what’s called “living off the land.” Hackers operate without malware—they just use existing software on the target environment like Lego pieces to build their malware.
SD: How do you see cybersecurity developing in the next five years?
YS-A: We in the early stages of the reaping the values for automation and machine learning and our security, from the threat perspective. IoT is coming and the amount of processing and hackable entities is going to be increasing hundredfold. And on defense side, we have to bring much more automation, much more machine learning and AI to drive security for us.
At the end of the day, in the future, in order to manage a problem, automation has to be something that we do continuously, and it has to be driven by machine intelligence because we won’t be able to keep up otherwise.
SD: Do you see IoT as a risk or a benefit?
YS-A: Of course, risk is one part of it, but the benefit of IoT to the human race is amazing. Things are going to become easier and more connected. We have to walk in with our eyes open, understanding that with all this power we bring in, there is a risk and we can lose sight and our ability to control our environment completely. We have to understand that with this benefit there is risk, and then we have to own this problem and face it head on.
SD: We’re all very lucky that we have Cybereason to stay ahead of the curve and watch out for all of us.
YS-A: Cybereason announced in Q4 with ARM, an initiative to work with manufacturers to think more readily about how important security is and have standards and protocols built into the future technology of products. Hundreds of billions of devices could have a significant impact on Cybereason’s’ growth as a company and on the growth of the whole IoT industry.
IoT reminds us of the early days of computing in the sense of there’s no best way of doing things and there isn’t a singular operating system that’s responsible for security. We want to make it easy for vendors and manufacturers of devices to not only secure their own technology, but also participate in global defense. And the idea here, as we talked about earlier, is that it’s not just a single device at a time.
Today a hacker could easily hack into your power grid using smart meters and create a huge amount of damage to the network. Using our technology, this can be mitigated, protected against, and managed at the grid level as opposed to just the individual device on its own, which once again, emphasizes the effect of the group defense as it extends from computers to the IoT world. This is a very exciting development for us as we look at the future world.