Attack is the Best Form of Defense
In a world in which billions of smart devices continuously communicate, sometimes without control, someone needs to ensure that your coffee machine isn't exposing secrets. With the support of the Innovation Authority, the Israeli startup Cy-oT (Cyber of Things) has developed a unique cyber defense technology.
The initials 'IoT' could also stand for 'Internet of Threats', warn the people at Cy-oT, a young and promising Israeli cybersecurity company. This catchy sentence is a good illustration of the company's philosophy, and its objective to protect organizations from the security problems that may be caused by the smart devices operating around them.
"The super-category of IoT and the latest technological innovations is the connected world", says Natan Bandler CEO and co-founder of Cy-oT. "The connected world is a fantastic step for mankind – from medical devices and groundbreaking inventions to mundane items that help us sleep properly and live more comfortably. But like anything new, it comes with risks which need addressing."
"Once completely innocent devices such as the office coffee machine or the ventilation system are connected to the Internet of Things, they inadvertently become an incredibly weak link in the defense formation protecting organizational information. In practice, attackers can easily use the smart devices around us to attack or hack into an organization: they simply take control of the device and use it to insert an attack tool. The attackers' common objectives are to disrupt business activity, hack into computers and servers, and leak sensitive information."
"The coffee machine doesn't really need to tell the attackers anything. The access it gains to other devices connected to the organizational network is enough. It can also create a channel of communication by connecting to the internet network of the café under the building. Other devices can assume the role of the coffee machine – a smart camera, a watch of one of the employees, or a smart television."
There are three partners at Cy-oT: Prof. Assaf Schuster - an expert on machine learning and data science who has a strong background in the world of cyber security; Daniel Moscovici – who is leading the product and its marketing; and Natan Bandler – who has accumulated more than 20 years of experience in the worlds of communications analysis and information security.
Bandler says that he likes the link between technology and business and technology's transformation into a value which equates with business. The company's team is mostly made up of graduates of elite IDF intelligence units – "because you need to know how to attack in order to defend", he explains.
"At Cy-oT we live among the attackers' communities, gaining substantial intelligence from them, and we can clearly see that they have designated hacking into companies via smart devices as a clear objective. Included in this category of devices are all the standard wireless devices, even if nobody has connected them to the network."
"The IoT opens the attackers a new door into an organization, one they are not always aware of. At Cy-oT, we know how to keep this door open while only admitting the good guys. The organizations to whom we provide service receive full 24/7 protection that is tailored precisely to them and to their needs."
When Crime Enters the Digital Era
"The Internet of Things is changing everything we do. It is essentially creating a common language of communication between devices, integration and analyses. This is a quantum leap – the Internet of People dramatically changed the world and now, the Internet of Things is generating yet another major change. We don't always notice it, but everything is becoming smart and connected. There are between 9-15 billion smart devices communicating with each other around the world and until recently, they were all regarded as completely innocent."
"A smart lighting system for example, is something which is easy to gain control over. It can be used to gain access to an enterprise because it will always be connected to it. In other words, it knows the user name and password to the network. Why? Because the installer of a smart lightbulb wanted control over it from a distance to be able to turn it off when the last person leaves the office. And so, without a lot of thought, something which can pass on information is connected. A smart attacker sees such a light as a way in or out – and the same opportunity can be found in a guest's telephone or in a boardroom video-conference system, all of which are commonly connected to the network, thereby creating vulnerability."
"Organizations are saturated with wireless networks. After all, the network's presence enables organizations to be more efficient, more modern and smarter – as they need to be – but these worlds are also highly vulnerable because they need to enable connectivity. Sometimes, this naturally comes at the expense of security, however the resultant threats must be guarded against. After all, someone sitting near the organization and who has access to these systems can easily and cheaply get to the organization's most sensitive assets."
"In the era of the IoT, a new, penetrable and vulnerable layer has been added to organizations which includes all the smart devices both within and surrounding the enterprise", Bandler explains. "Our system aims to close these gaps via 24/7 monitoring of the wireless frequency, identification of malicious behavior and the real-time mitigation of any threats."
"The world of crime has gone digital, and yet everyone is expected to assume personal responsibility and protect himself. Enforcement bodies are also part of the protection effort. The attitude should be that, as customers, we have deposited our trust and our information with large enterprises – and if they don't do everything they can to protect it, they should pay a penalty. The European Union, for example, has imposed clear responsibility: if a customer incurs damage within a certain enterprise, that enterprise will compensate him."
"Cy-oT believes that there is room here for regulation and that the government systems should participate in it. Information security in homes raises another question: is the police sufficiently prepared, as far as personnel and technology are concerned, to provide a response and investigate this issue? It's not at all certain."
"Crime elements have already understood the potential in this world and sell the means for hacking as a service for hire. This means that the entry threshold to the world of attack has dropped. Anyone entering the relevant networks can instantly hire this service. People from all over the world make widespread use of these tools every day, even some governments. Some of the central focal points of attack are banks and financial institutions. You don't have to walk in with a loaded weapon anymore – you just organize a strong group of programmers and start operating as a cyberattack group."
"Cyberwarfare has always been at the forefront of the Israeli high-tech industry", says Aharon Aharon, CEO of the Innovation Authority. "Israel is considered a world leader in this field. The winning combination of graduates from IDF technology units and an innovation environment supported by the Innovation Authority enables cutting-edge Israeli technology to shape the future already today."
"What We are Offering is Science Fiction"
"Our solution is analytic", says Bandler. "We possess one of the largest databases in the world of IoT communications. We conduct profiling, i.e., create behavioral profiles of these smart devices, so that we can identify them and use the data they are transmitting to know when they are behaving in a manner that is harmful or dangerous to the organization. And just as important, we possess the ability to stop them in real-time."
"We listen to wireless communications which are terribly noisy and are capable of listening smartly and analyzing who they are and what they are doing, according to the behavioral profile of the devices' communications. For example, we can identify from within the noise whether a coffee machine is just making coffee or if it is connected to a network and gathering information. Our technology continuously analyzes this data in hundreds of millions of devices around the world, enabling us to tell an organization which of its devices is endangering it. And when that happens – we can also prevent it."
"Our system creates an enveloping bubble around the customer's physical domain and protects him from all the surrounding devices: from watches worn by the employees, to their telephones and up to the control systems installed in the servers' room."
"Our team are highly skilled this connected world of ours, in which the major question is how to effectively analyze so much data and identify specific threats. We use every possible tool in the world of data science including machine learning. Our uniqueness is in our knowledge, in the ability to listen to this data and in the worlds of learning and analysis."
"Our technology causes many people to raise an eyebrow because what we offer can initially seems to customers like science fiction. The existence of a body like the Innovation Authority who was there to help us prove that it's possible, is of great significance and importance."
"We began operations two years ago. The Innovation Authority identified both the commercial potential and the unique technology which we bring to the market. The collaboration with them is superb and enables us to take steps that would be otherwise difficult. Aside from the funding, this is expressed in the contacts, assistance, knowledge and direction they supply. This is the first time that I have benefitted from their help and I was very pleasantly surprised."
"Our investors, among the leading investors in the world of cybersecurity, are also highly appreciative of the Innovation Authority. Amichai Shulman, the company’s first investor, is a phenomenal cyber expert and is rated as one of the super-investors in Israeli cyber. The Founders Group, which is invested in the company, is a company with a background and strong connections in the business world and extremely helpful, and the Pico Venture Partners Fund, led by Elie Wurtman, one of the industry's senior figures, has also proved to be of amazing assistance."
"We commenced sales operations several months ago and since then business has taken off. We sell service to any enterprise, large or small, that has fears about its cyber world, from financial and manufacturing entities up to critical infrastructures."
"It's amazing to see how the small seed has grown into operations of a global company generating income for Israel. We see the welcome Israeli cyber receives. The State of Israel's entire cyber ecosystem is simply unprecedented. We salute the state and greatly appreciate its assistance."
"We operate basically everywhere in the world via very robust business partners. We don't intend remaining a small startup but rather want to change this field through the customer value that we create. Our vision is to become a large, essential company providing all organizations with complete protection from the world of smart devices and wireless networks."
"This is a huge market and one that is growing because the world is becoming increasingly wireless. In a few more years, no one will say IoT – everything will just be connected as a matter of course. In a world like that, every organization will want simple, non-expensive, good-looking and updated devices – and it is not reasonable to expect that the cybersecurity will be so good that an organization will be able to safely say 'I'm covered'. We consequently see a great future for the company."
Smart Home – But Open to Attack
In the IoT era, cybersecurity problems are no longer a risk that only governments and large organizations need to relate to. With all the recent innovations, it's now apparent that our private home has also become a battle site.
"The dangers of the cyber world also exist in the private home. Today, via the internet, you can order a smart lock via which communicates with a digital personal assistant – this is great and makes our lives more comfortable and energetic, but it also entails risks."
"The problem is not only in an especially designated 'smart home' system, but also in things we wouldn't normally think of. Did you buy a water bar or a digitally activated device for steaming cauliflower? Beware of someone taking control of them via the cloud. Did a handyman you called want to use your home network to browse an online store for spare parts? Take into consideration that he can now change your bank password. Once an attacker has access to the network, it's game over. It's just a matter of time until gains control of all the information, and it won't take long."