There is a new kid on the block who is seeking to transform “the cloud,” the amorphous digital space where more of the world’s data is being stored all the time, into something that can be defended against cyberattacks. Its defense will be assembled through a mix of inverting the playing field, using new capabilities and putting together a top team of former Israeli cyber intelligence officials.
The new CEO of this company, Gem, is Arie Zilberstein, who has rolled out its new platform: Cloud TDIR (Threat Detection, Investigation and Response), and announced $11 million in seed funding led by the cyber security umbrella firm Team8.
A unique approach
In an interview shortly after the Cyber tech conference in Tel Aviv earlier this month, he explained that what is so unique about Gem’s approach is “how we identify anomalous behavior in real-time, using threat intelligence and techniques… the ability to empower analysts to respond in real-time. We both know something [about it] faster and smarter to find it in real-time, and block it before something” much worse happens. "The response element is what is unique about the approach," Zilberstein said.
All of this is not to say that cloud security is brand new.
Founder and managing partner Nadav Zafrir of Team8, the umbrella parent company for Gem, said in the same joint interview that "the cloud changes the whole theory about what it means to do defense."
“Until five years ago [before the cloud] – we spoke about ‘defense in depth’: Know your perimeter, use an onion approach to your infrastructure, use your firewall… defend your ‘crown jewels’ [most crucial assets], use your Endpoint Detection and Response network.” EDR is an integrated, layered approach to endpoint protection that combines real-time continuous monitoring and endpoint data analytics with rule-based automated response.
“If you have a sophisticated attacker – an APT (advanced persistent threat) – they would have to go through all those levels,” to be able to do damage to a properly defended company, recounted Zafrir, who also is a former chief of IDF intelligence Unit 8200.
BUT THINGS have changed, he said. “Now, with the cloud, you don’t own your perimeter or your software – you don’t even know where your data is. But you have to get there [on the cloud], so you are between a rock and a hard place.
“The cloud is honestly a necessity. Only the largest companies in the world can live and build their own infrastructure. Another way to look at it is that with the onset of AI [Artificial Intelligence], even my mother can understand AI and ChatGPT,” Zafrir said.
“Data is the new gold,” he said, explaining that it “is almost irrelevant for most organizations without the cloud, because to use the infrastructure, to use the data – such as machine learning and AI – you have to be in the cloud.”
The data defender said that “10% of the world’s data is on the public cloud. So it is becoming almost inevitable for everyone to move to the cloud, not because of saving costs – sometimes you even incur more costs. But in order to be effective, to use AI, to be flexible and agile, you have to move to the cloud.”
Next, he said that “from the attacker’s perspective, it may be harder to attack in the cloud since [companies like] Google, Microsoft and AWS all have tons of resources. But from the defense side, you have lost the ability to do defense ‘in-depth.’ Sometimes one vulnerability which the defender has zero control over may lead to access, which is ultra-important from a defense perspective.”
Zafrir said that the cloud is accessible and discoverable. “It has to be – it’s public. It’s easier to attack automatically because the attack surface is flat. This is more efficient and effective from the attacker’s perspective. The cloud has a central control plane, which means swift and easy access to the most sensitive assets. It is easier to carry out attacks at scale automatically, to get to the ‘keys of the kingdom.’
He continued: “Ok, so you can’t defend what you can’t see because you lost owning your infrastructure and data – you can’t see what you’re doing. So you come up with visibility, which is the secret sauce for Gem.”
Visibility is important, Zafrir said, but it doesn’t have to be perfect. “By the time I finish pushing ‘sent,’ reality has changed. There will always be a breach, so you need online, real-time detection and response – otherwise, you’ll need to employ dozens or hundreds or thousands of people to go after everything visible without even prioritizing.
“Gem is saying: this is the reality – you will be breached and attacked,” he warned. “You need the ability to detect and respond to the attacks to the best of your abilities to mitigate that.”
“Everything is mapped out from the outside. Hypothetically, it is all accessible.”
Ariel Zilberstein
Likewise, Gem’s Zilberstein said that “it is not by mistake that organizations move so fast in the cloud that they are making their development and investors faster. But they are not the only ones getting faster: [The cloud] can also make cyber attackers faster.”
The Gem CEO explained that the cloud has no perimeter in a physical environment. “Everything is mapped out from the outside. Hypothetically, it is all accessible.”
The cloud's advantage
ONE CYBERSECURITY advantage of the cloud is the degree to which you can prioritize your defense efforts. “We need to use the power of the cloud, of automation and flexibility and the way it is built – which is at first problematic – to use it to our advantage,” Zilberstein said.
Before opening Gem, he said they worked on the new product for nine months.
Zilberstein had also worked for five years in the Sygnia portfolio company of Team8 as vice-president of Incident Response, “responding to hundreds of breaches, many of them [against] Fortune 500 companies. We see day-in-day-out how attackers are thinking and how they operate once they breach those companies.”
He said that you can see what is broken when you see attacks happening in the world; when you see clouds and their digital infrastructure being attacked without responding in real-time.
“I have been down in the [cyber] ‘trenches,’ seeing attackers adapting, how they succeeded and where the defenders failed,” Zilberstein said. “You can embed the tactics into your knowledge base for how the product should defend – this is the key to cloud security with Gem.”
Zafrir said that Zilberstein handled the response for countless large companies to many of the worst mega hacks worldwide in recent years.
He said they had waited to announce the launch until the product was already successfully deployed to around a dozen large customers.
“We will bring repeated value for unicorns who can scale up and need to protect their assets as they grow, as well as for bigger Fortune 500 companies or for companies with over 400,000 employees,” said the former Unit 8200 chief.
Gem is the 12th company to come out of Team8’s umbrella.
Zafrir said that he has a direct link to “a village of 350 CISOs [chief information security officers]” to test and receive feedback when Team8 rolls out a new idea and that “this is the most excitement I’ve seen so far from our villagers.”
Counterintuitively, Zafrir also said that despite 2023 being a period of cutbacks, this is the best time for large companies to change over to this next generation of cloud cyber defense – because when money is tighter, validation processes tend to be more thorough.
Gem’s other co-founders besides Zilberstein are CTO Ron Konigsberg and Product VP Ofir Brukner.