Ronen Yehoshua is the CEO of Morphisec, an Israeli cybersecurity company that protects enterprises around the world. Yehoshua has spent over 20 years in the high tech industry, spending the bulk of his career as Partner at Ceder Fund, a VC fund focused on investing in Israeli tech companies. In 2014, Yehoshua took his role as Morphisec’s CEO, which recently raised $31 million dollars in a financing round.
What were the founding principles of Morphisec at its inception?
“Cyber attacks have become very sophisticated, to the extent that the old approach of trying to prevent them doesn’t work anymore. Hackers have much stronger techniques, they change signatures, they can bypass all of the previously used layers of protection.
“Therefore, everyone can assume that they’re already breached; they need to do their best to detect and remediate attacks. That was the mindset when I had the opportunity [to start Morphisec]. The industry had given up on preventing attacks.
“I was fortunate enough to be introduced to a very interesting technological concept that was being researched in Ben-Gurion University, which investigated the idea of ‘moving target defense’. It’s technology that can bring back prevention, in a very sophisticated way because it’s not based on knowledge of what a hacker is doing.
It enables the industry to change positions: instead of defenders constantly chasing attackers, understanding what they do and building fences and walls around that, assuming that the next breach will be the same; we change it to a situation where now the attacker needs to chase after us, because we’re changing the target. Instead of the reactive approach, sitting and waiting for someone to come, we moved to a proactive approach.”
Without that script-flip from chaser to chased, what’s the cybersecurity environment like?
“Attackers have the advantage, because the target is known; static. They have all the time in the world to investigate the [mutual] weaknesses of applications, knowing that after they build this attack, it’ll work the same everywhere they run it – and they only need one door to penetrate. Defenders, on the other hand, can’t change, they’re always the same and they have many, many holes in their network, this is the basic problem.”
What you’re describing is a kind of constant pressure from attackers to infiltrate a system’s security - are there any instances where that pressure is stronger than usual, or comes to a head?
“The most popular time for an attack is when a patch is released. Every time there’s a vulnerability in a certain piece of software that’s being researched, it gets published alongside a patch that fixes it; if you can patch continuously, you’ll be safe.
But as soon as that information gets publicized, a race begins. The IT guys need to start patching the entire network, fast; and all the attackers now know about the vulnerability, so they try to use it.”
So it’s essentially a cycle of discovering a vulnerability, publication of a patch to fix it, and the scramble to then implement or exploit.
“For example: Hamas has missiles, so Israel built the Iron Dome; but they’ll eventually learn how the dome works, and they’ll make changes to get the missiles through. But our guys will learn what they did, and make an improvement; again and again.
In the physical world, all of those developments take months, or years. Our job [in the digital space] is to handle it in a matter of weeks. We were born in order to overcome all of these problems.”