The vaunted Unit 8200 represents the Israeli Defense Forces (IDF) exclusive IT spy agency responsible for collecting signal intelligence (SIGINT) and code decryption. The decades-old unit — considered by intelligence analysts to be the strongest of its kind in the world — has also produced some of the most sought after cybersecurity startup companies. Indeed, former IDF 8200 alumni have developed leading Israeli IT companies — Check Point, CyberReason, Palo Alto Networks, Singular, and CyberArk among them.
Case in point: last week, San Francisco-based Preempt Security — a firm comprised of ex-IDF 8200 members — unveiled a cybersecurity approach that marries user and entity behaviour analysis (UEBA) with adaptive response tools to develop a product for both detecting and responding to security threats. The Preempt Behavioral Firewall is designed to quickly and proactively identify and develop a response to malware in the network, with minimal involvement of the IT security team, to enable stronger business continuity.
According to Preempt co-founders Ajit Sancheti and Roman Blachman, the company’s Israeli military pedigree reflects a security approach that works to effectively infiltrate the heads of the hackers they protect against.
Figuratively speaking, of course.
Earlier this year, the company announced its latest funding round brought in US$8 million in new financing. Sancheti, an IT security vet who has founded companies such as Mu Dynamics (doing security testing for Canadian and U.S. firms), has worked for the Juniper Networks and also developed what was one of the first intrusion detection and prevention systems at OneSecure, notes the product effectively develops responses to match suspicious incoming and evolving threats.
The enterprise security perimeter is increasingly becoming obsolete, Sancheti argued, and it’s now more about securing people instead of infrastructure. This is particularly true when considering that credential theft is what’s driving the majority of data server breaches, he added.
User entity behavior analytics: the next phase in security visibility?
At the recent Gartner Security & Risk Management Summit in National Harbor, MD, tech analysts touted UEBA as one of the top security tools of 2016, and predicted the UEBA market to grow to almost $200 million by the end of 2017, compared to less than $50 million today. UEBA tools use proprietary algorithms to quickly detect individualized insider threats based on user behavior across the network.
The security solution offered by Preempt, includes features such as adaptive response and enforcement (including as block, notify, allow, re-authenticate or multi-factor authentication), and can be installed in either in-line proxy or span port (sniffer) mode. “The focus has been on using Active Directory as a data source,” he said.
Traditional firewalls are static, but by scanning and developing a response to user behaviour, roles and access — along with things like two-factor authentication — any successful security solution needs to effectively to learn along the way and avoid false positives, said Sancheti. He states the obvious that breaches are getting more and more common but offers that automatic enforcement and user behaviour analysis is the key to preventing security attacks, regardless of the organization size: “As a threat occurs, you should be able to respond to it,” he said, adding the business process should always be considered primary.
The need for solutions that actively respond to threats will be key — organizations just don’t have the time to manually respond to growing security threats, he argued.
Many of the team’s engineers were previously members of the IDF 8200 group, the squad responsible for upholding Israel’s reputation for an airtight cybersecurity network. Sancheti offers that these principles are baked into the solutions the company develops.
The thought of a future world where malware is eradicated completely from the network might never arrive — but global security teams are working on it, whether it is a platform or best-of-breed solution.
“One of the challenge for security teams is visibility — they don’t often know what’s wrong until it happens and have to investigate,” he said.
Analyzing credentials on the network can be the key to mitigating risk, he added.