19 May 2018

Spy Games: Ex-Mossad Chief’s Cybersecurity Startup Counters Attacks With A Hacker’s Mindset

By Ido Levy, NoCamels

For decades Tamir Pardo worked in the shadows, in a career that began in the Israeli military’s most elite commando unit and culminated in him leading the Mossad, one of the world’s most feared espionage organizations. Now, the former Mossad chief is in his second act – as a cybersecurity startup founder. After completing his term as head of the world-renown Israeli spy agency in 2016, Pardo, a veteran of the IDF’s Sayeret Matkal who served under the command of Yoni Netanyahu in Operation Entebbe in 1976, founded XM Cyber, a cybersecurity company that has since developed an automated advanced persistent threat simulation platform and whose tagline is “defense by offense.”


Pardo feels strongly about cyber threats, telling an audience at a cybersecurity conference for “smart cities” in Tel Aviv in February that they are akin to “a nuclear weapon — a soft and silent nuclear weapon.”

“It is cheaper [than war], there is no blood in the streets, but you can damage societies, destroy states, and win a war without firing a shot… There are no borders to cross,” he said, specifically mentioning as an example Russia’s interference in the US presidential elections in 2016 in favor of then-candidate Donald Trump and its hacking of Democratic National Committee emails.

“Think about how much money would have to be spent in a conventional war to cause this much chaos in a country,” he said.

Ex-Mossad chief Tamir Pardo at the Muni-Expo conference in Tel Aviv on February 13, 2018. Courtesy

“There is a lot more chaos coming. Chaos is the biggest threat to democratic countries,” Pardo warned, outlining different scenarios where hackers, whom he refers to as “hunters” with levels of sophistication that is “generations ahead,” take out telecom systems, electricity grids, and power installations, and engage in advanced ransom schemes that can inflict significant damage on brands. Some of this has already happened, he acknowledged.

The cyber threats

Indeed, just last year, a group of hackers allegedly connected to North Korea carried out the “WannaCry” ransomware attack, which threatened to destroy the data of hundreds of thousands of Microsoft users around the globe unless they paid a ransom. There was also the massive Equifax breach, which compromised the data of over 147 million consumers, and which has been described as the “most costly hack in corporate history.” In fact, damage from such attacks cost an estimated $5 billion in 2017, according to a report by Cybersecurity Ventures, up from $325 million in 2015.


And it is likely only the beginning. According to Cybersecurity Venture report, “cybercrime damages will cost the world $6 trillion annually by 2021.” In parallel, this will triple cybersecurity job openings to 3.5 million.

“As opposed to traditional weapons, which require huge investments and heavy industrial development, cyber weapons demand only easily accessible malware do-it-yourself kits, malware development organizations and/or hackers-for-hire,” Pardo tells NoCamels in an e-mail via XM Cyber.

“Yet cyber attacks can paralyze communication networks, transportation systems, hospitals, financial systems, government organizations, smart power grids and more. Hackers leverage blind spots that are created unintentionally by humans in complex and ever-changing infrastructures and networks,” Pardo explains, adding that “the only way to prevent a cyber attack is to identify in advance the attack vectors that hackers will use to compromise an organization’s critical assets.”

The XM Cyber platform

For this purpose, Pardo and his co-founders Noam Erez, a 25-year veteran of the Israeli intelligence community and Boaz Gorodissky, a 30-year veteran of the community, founded XM Cyber, based in Herzliya, to develop a preventive solution for cybersecurity.

After assembling a team of hackers from the Mossad, Shin Bet, and the army’s elite 8200 unit, XM Cyber developed the HaXM, its simulation platform.

Using a fully automated system, HaXM maps out all routes to a network’s “crown jewels,” or critical assets. A “red team” attacks the network, a common procedure among tech companies that often ask people to hack their systems to expose vulnerabilities. The goal of this group is to find as many vulnerabilities as possible and attack its own network. This procedure betters operators’ understandings of their networks and allows them to employ more effective measures to avoid actual attacks.

A “blue team” then indicates possible fixes to potential breaches, and analyzes the results of the red team’s efforts, coming up with solutions to eliminate vulnerabilities. These processes are fully automated, which XM says is quite unique.

Another distinctive factor is XM’s automated “purple team,” which it says is the first of its kind. This system maps all of a given network’s breach points up to the crown jewels. It is what allows users of HaXM to see their networks from “the hacker’s point of view,” according to Erez. This is the reason the company is called “XM,” an abbreviation of “extra mile” or “extra monitor.”

Erez explains that this approach sets XM Cyber apart from other cybersecurity companies that take a more reactive approach, working only to detect and shut down an ongoing attack instead of anticipating one in advance. He believes the emphasis should be on prevention rather than real-time countering, and that detection and validation are often inadequate since many hackers, as in the WannaCry attack, conduct “zero-day” exploits, or attacks that target previously unknown or new vulnerabilities. These would not appear as anomalies regardless of how good cybersecurity program’s quality may be, he says.

“For example, if I steal a key and use it to open a door, this will look normal and will not appear as an anomaly,” Erez tells NoCamels. The principal fear with this type of exploit is an advanced persistent threat (APT) attack, or the undetected entrance of an unauthorized person into a network for a long period of time with the intention of stealing data.

Erez tells NoCamels that the ability to see a network from the hacker’s viewpoint enables a more proactive stance that aims to find potential breaches before hackers have a chance to exploit them. He also emphasizes that the intelligence experience of XM Cyber’s employees has allowed them to “understand the threat” of cyber attacks more fully.

Pardo describes HaXM as a “solution that behaves like hackers.”

“Organizations must be equipped with a continuous view of which critical assets are at risk, what security issues they should focus on, and how best to harness their resources to resolve them. In order to achieve that, they need a solution that behaves like hackers, and this is why we have built XM Cyber’s automated APT simulation platform, which continuously exposes all attack vectors from breach point to critical assets, and prioritizes actionable remediation,” he says.

XM Cyber has clients in the US, EU, Australia, and Israel, and most recently moved into Asia as well. It has clients in various fields, including critical infrastructure, automotive, finance, medical, and manufacturing. For security reasons, XM Cyber declined to disclose the clients’ names, though Erez says that there are a number of “big names” on the list. XM Cyber Marketing VP Maya Schirmann tells NoCamels that since going out of stealth mode in late March, the company has been getting more high-profile clients.

A high-power client list would match XM Cyber’s impressive funding. In its seed round, XM Cyber raised $10 million, mostly from Swarth Capital, a private equity firm owned by Israeli billionaire Shaul Shani. XM Cyber is currently in another investment round.

The Israeli cyber sphere

Israel’s thriving cybersecurity ecosystem is second only to the United States, with 420 active cybersecurity companies as of 2017 and raised capital of just under $1 billion that year, both in venture capital funds and private equity. The sum made up 16 percent of the overall cyber investments made worldwide in 2017, according to a January report by Start-Up Nation Central.

Another report last month by New York data firm CB Insights showed that Israel accounted for seven percent of the cybersecurity global deal share in the years 2013-2017, far behind the US with 69 percent of the global deal share, but second worldwide.

The country’s cybersecurity prowess is also recognized worldwide. At the annual CyberTech conference in Tel Aviv earlier this year, which drew 15,000 participants from 80 countries, former CIA director Gen (Ret) David H. Petraeus praised Israel as a “cyber superpower.”

Petraus, who served as CIA director in 2011-2012 and is now a partner in the international investment firm KKR and Chairman of the KKR Global Institute, said that the collaboration between the US and Israel reached “news heights time and time again, far beyond what is being published in the media,” and that the partnership enables both sides “to cope effectively with increasing threats,” hinting at reported joint US-Israel efforts to set back Iran’s nuclear program in 2010 with the Stuxnet virus.

Pardo was selected as head of the Mossad in 2011 and served for the next six years- through the Arab Spring, the outbreak of the Syrian civil war, the rise of the Islamic State terror group in Iraq and Syria and its affiliate in Egypt’s Sinai Peninsula, the IDF’s Operation Pillar of Defense in Gaza in 2012 and Operation Protective Edge two years later, the signing of the Iranian nuclear deal and the alleged assassinations of Iranian nuclear scientists.

No comments: