The cyber security start-up company Element Security, which operated for three years under the radar, is now revealed for the first time and presents an advanced solution for continuous threat exposure management (CTEM - Continuous Threat Exposure Management). The cloud-based platform, which helps organizations manage the external attack surface with the precision and insight of an attacker, went on sale in early 2023 and has already been adopted by leading global companies in the finance, automotive and aviation sectors.
At the same time as the disclosure of the technology, Element Security announced that it has so far raised 5 million dollars from senior investors, among them: The investment fund Q Fund, owned by the Levant family and the Unger family, Eddy Shalev, a long-time and experienced cyber investor, Danny Yamin, former CEO of Microsoft Israel, and Kobi Rosengarten, A former partner in the JVP venture capital fund, the company currently employs 10 people, 6 of them in Israel at its offices in Migdal Akro, Tel Aviv, and the rest in Europe, and is recruiting more.
Element Security was founded in September 2021 by Daniel Lublin, the CEO, and Omer Cohen, VP of Operations and Business Development. In his previous position, Daniel established the penetration testing team of the Check Point company (Red Team) and during meetings with the company's customers he understood the difficulty and complexity involved in managing the external attack surface. This is how the idea was born to develop a product that would present the teams with the true angle of view of the attackers and filter out the background noise produced by other platforms, so that they could focus on the critical alerts for the organization's security. Lublin's partner is Omer Cohen, graduate of 8200, entrepreneur, attorney and businessman, specializing in management and sales, in the past he founded and sold several companies in Israel and the USA.
Element Security, which advocates a proactive attack approach, has developed technology that proactively, automatically and continuously tries to break into the digital assets that the organization exposes to the network - in cloud environments, local infrastructures (on-premise), third-party applications, applications and websites. As soon as the system detects a vulnerability in one of the assets, it activates an alert and presents the security team with a full report (POC), which includes the stages and steps of the attack, its exact location, the level of risk and the final result. The exact validation allows the security team to shorten the steps required to plug the breach and stop the attack , without the need for additional tests that take a long time and without false alerts.
The technology includes three main components: A discovery engine, which identifies all the digital assets that the organization exposes, a mapping engine that identifies technologies and services through which the assets can be penetrated, and an attack engine that actively and automatically initiates the type of attack relevant to each breach. The automatic capabilities of the technology make it possible to initiate complex and sophisticated attacks against organizations with tens or hundreds of thousands of digital assets.
The company has accumulated unique attack patterns that other platforms are unable to track. In the last year, it managed to stop an attack against a 200GB database of associated personal data (PII), it revealed vulnerabilities in infrastructures and applications that could have provided a foothold to attackers within organizations, it revealed wrong configurations that attackers could have exploited for advanced phishing attacks, and more.
The solution, offered as a cloud service (SaaS), was commercially launched at the beginning of 2023 and has already been implemented by large organizations in the world, including: One of the largest and best-known car manufacturers in Europe, a huge British airline, and a well-known finance company from Canada.
Daniel Lublin, CEO and co-founder of Element Security: "In the rapidly evolving digital age, many organizations understand the critical need for proactive protection of their external attack surface. Our platform represents a paradigm shift from reactive to proactive. We use advanced methodologies to identify and prioritize critical vulnerabilities in real time. Our automation enables continuous scanning of a wide variety of digital assets, far beyond the capabilities of traditional tools. This approach allows the information security teams to focus on verified problems (after validation) that pose an immediate threat to the overall security situation of the organization."
Omer Cohen, VP of operations, business development and co-founder, Element Security: "Our customer base, which includes first-class organizations, proves that our system solves an acute problem in a powerful, efficient, fast and user-friendly way. Our solution has been easily implemented in large organizations in various segments. We did all the sales in the first year ourselves, when one of our main goals is to recruit partners and distributors in the target markets who will help us increase the opportunities significantly. We intend to continue to grow in a healthy way and manage a responsible budget for many years to come."
Kobi Rosengarten, who invested in Element Security: "The company proved in a short time its ability to close substantial long-term deals with large customers, who adopted the solutions the company offers, and thus expressed confidence in the company and Daniel and Omer leading its rapid growth."