With many thanks to Reuven (Rubi) Aronashvili, Aviva Zacks of Safety Detectives got the chance to ask CYE’s Founder and CEO about his company’s Hyver platform.
Safety Detectives: What motivated you to start your company?
Reuven Aronashvili: After my army service I found myself at a junction where I needed to decide if I was going to work for someone or develop my own ideas of creativity and innovation into something that is, much more relevant to my needs and aspirations. I didn’t see myself as someone’s employee and working for a corporation for a number of reasons. There are pros and cons for each and every one of my decision points, but at the time, I decided that taking my knowledge and creating something new in the market was really important. That was my passion, and I definitely don’t regret that I’m there.
SD: What do you love about working in cybersecurity?
RA: I think that this is one of the industries where we see that the problems have not yet been solved. A lot is invested in cyber on a continuous basis and still, we see that the success rates are very low and that’s a very interesting problem to solve. As someone who has always loved puzzles, I enjoy finding the difficult parts and working to bring a significant or interesting solution to solve these specific problems. In cybersecurity, I think that innovation and creativity are key for solving this big challenge that we have in every organization today.
SD: What is your company’s flagship product?
RA: The Hyver platform is a product that we’ve developed to really try and first identify the risk profile of an organization, then quantify the risk from the business perspective. We then take that information to what we call mitigation optimization and find the right way to invest in the cybersecurity budget of the organization. The point of the product was to build something that will provide value, not just on a one-time basis, but as a more continuous solution that addresses the hardest problems we see in the industry today. From my point of view, taking those specific issues that I’ve just mentioned and putting them in one cohesive and coherent system that provides clear visibility– a single pane of glass, that’s exactly what Hyver does.
SD: How does your company stay competitive in a world filled with cybersecurity companies?
RA: There are two things that CYE does differently. First, we are not trying to be a niche player. From our point of view, we are trying to solve a large and comprehensive problem. We do that with a comprehensive system that solves many problems. The second thing that keeps us competitive is the fact that we are actually listening and identifying the core issues that we see in the industry and building our solutions based on that. We don’t try to create a problem and then solve it, but really identify the core issues that we see, over and over again. We are deeply analyzing those recurring problems and solving the root cause using our integrated platform. That’s the point that differentiates us. There are very few companies in the world that are doing things that are so comprehensive across the value chain of the cybersecurity problem in organizations and we are one of them. Another thing that we do is our scientific data-driven approach. Everything that we do in our organization is based on measurable accurate figures that are reflected in our profiling to measure the risk in the organization, and of course, come up with the optimal plan to invest in the cybersecurity fund.
SD: What are the worst cyberthreats out there today?
RA: The criminal gangs we see out there are actually trying to find each and every one of the relevant vulnerabilities that can take them to actual threats that can cause significant damage to an organization. Today we split those items into two– pressure points and weak points.
Pressure points are the specific items in the organization that, if I find or get access to those points, I’m able to put pressure on the organization to pay something. For example, ransomware is this kind of concept. I encrypt your environment, If you want it back you need to pay me, and then you get back your access. The same applies when it comes to private information. Because there are regulations like GDPR, criminal gangs are trying to find a point in which once this data is exposed, the organization will pay. As a concept, regulation can be a very good thing for the industry, but sometimes can be used against the industry as a pressure point.
The second consideration is weak points. These are the more traditional ways of attacking organizations, whether those are denial of service attacks to harm the business continuity or any kind of business-related vulnerability, whether it’s in online banking or in eCommerce platforms and so on, taking the organization through a series of events that will cause in the end, either financial loss, some kind of brand reputational damage, intellectual property loss, and everything related to privacy and sensitive data in the organization.
SD: How is the pandemic changing cybersecurity for the future?
RA: One thing that was introduced in the pandemic, and will stay here with us for sure, is the hybrid work model. Working remotely is something that in the past, at least in some industries, was not even considered, like the army. Consider the military working remotely. That’s something that no one thought about. The same goes for government agencies, government organizations, banks, and others. Today it’s very clear that you cannot allow a situation where your organization doesn’t support remote access at all. When you don’t have a perimeter for your organization, every device can be part of your network at some point, that’s something that changes the basic assumption of perimeter protection for the organization. Everything that is perimeter protection oriented should be changed, reevaluated, and in the end, of course, reassessed in order to provide something that is more asset-driven protection, rather than perimeter-driven protection. You directly aim to the final targets or objectives of your protection and protect those rather than protecting the path to those objectives.