we are coming back with a new series of interviews! We hope you have been missing that and you are looking forward to new ones.
Today we would like to introduce you Doron Kolton, CEO of TopSpin. We have talked about lack of resources and knowledge while dealing with cyber threats, need to educate businesses about them, false alarms and cyber security market in Israel. Enjoy reading!
[eForensics Magazine]: Hello Doron, how have you been doing? Would you like to tell us something about yourself?
[Doron Kolton]: I have been enjoying high tech for over 30 years in different positions. Half of the time I spent in the security arena and I find the cyber security to be challenging and exciting with different points of view to look at the same challenges that this industry introduces. There is always a place for new ideas and approaches.
[eFM]: Can you introduce us to TopSpin Security? What is it about, what do you do?
[DK]: Essentially, we provide a powerful deception and detection solution that enables organizations to quickly pinpoint malware and other cyber risks that have penetrated their peripheral defenses. We are backed by very prominent investors such as Shlomo Kramer, Mickey Boodaei, Zohar Zisapel, and Rakesh Loonkar who have founded and seeded cyber security successes including Check Point, Imperva, Trusteer, Palo Alto Networks, Aorato, Adallom, Lacoon and many others.
Today, there’s a general understanding in the industry that there is no way to prevent intruders from getting into the organization. At TopSpin, we believe that a unified approach, which combines different security engines that work in parallel to identify the attackers’ activity within the organization, is the way to go. Such a combination allows defense professionals to aggregate and correlate information gathered by multiple engines, and gain an accurate incident report. The reports that our DECOYnet system provides give a clear view of the trails of the attackers, what they are after and how they are operating inside the organization. As such, it helps security managers understand what they’re up against, and quickly take targeted action to eliminate the threat.
[eFM]: Can you tell us more about these reports? Can you give us an example of perhaps some surprising things that may come up in a report?
[DK]: Our reports can put into use data correlation from multiple customers’ networks. More often than not, these correlations can help us to detect suspicious activity faster and minimize the time a customer’s network is at risk - or even avoid the risk altogether. In the past, we were also able to detect malicious activity and malicious source days before they were posted on public black lists. We also found insiders who leaked data through unauthorized channels. These capabilities give our customers a real security edge.
[eFM]: How does DECOYnet engage with attackers? How does it know who is an attacker?
[DK]: DECOYnet takes several activities in order to engage the attackers and draw their attention. It starts by automatically (and persistently) setting assets inside the organization that mimic the organization’s assets, such as the operating system, the file system and the applications running on those assets. The mimicked assets can be part of current subnets of the organization or parallel subnets. DECOYnet publicizes the mimicked assets throughout the network in order to lure attackers, fool them and slow down their attack.
DECOYnet additionally distributes “mini-traps” to assets within the organization. The “mini-traps” are fake credentials that are set in assets in the “registry”, in files on the file systems, etc. These “mini-traps” are pointing the attackers into the mimicked systems that are spread all over the network.
[eFM]: It looks like you want your solution to be as easy as possible for the end user. Do you think it is very important to provide such solutions? Maybe people should have more contact with cyber threats to be more aware of them?
[DK]: Security teams always have a lack of resources. More often than not, they have to deal with products that trigger a lot of false alarms (aka “false positives”) while on the other hand, there’s a shortage in professional security analysts and expertise. That’s why it is very important that we provide them with products that are easy to deploy, require minimal configuration and provide accurate, digestible and actionable information that’s essential for their analysis.
[eFM]: Why do some products trigger false alarms? Is this a common occurrence? And how do you stop it?
[DK]: Unfortunately, false alarms, or false positives, are all too common in traditional security solutions. For example, a cautious IDS or WAF administrator will apply a high sensitivity level, increasing the chances that regular, non-malicious activity will get interrupted and interfere with people’s work. Users, managers and customers hate that because it’s annoying and disrupts productivity. This is an inherent weakness of any approach in which the decision to mark an event as suspect lacks absolute certainty, and is common in prevention technologies. The world and the activities in organization is very complex; there are many different tools, users are changing their activities, etc. This causes severe problems in prevention products. In order to identify whether activities are malicious or not, you need to understand the context of the activities and correlate the different events into incidents. Without having the real context of the activities, you’re doomed to trigger false alarms.
[BSD Mag]: Do you think that making simplifying usage for the end user can result in people viewing cybersecurity as “magical”, and therefore driving them away from understanding what’s really happening?
[DK]: Well, users need to work and they can’t be expected to understand the complexity of cybersecurity. Certainly, employees and managers need to be educated and they need to be aware of the dangers and consequences of an attack. But it’s up to us, as solution providers, to give IT and security professionals effective tools with which to tackle the security issue, and allow their users (the company employees) to work uninterrupted in a secure environment.
[eFM]: Do you have any philosophy behind the company? What is your mission?
[DK]: TopSpin’s mission is to provide security products that are accurate, easy to use and take into consideration the limitations that organizations are facing. We want to help our customers to stay two steps ahead of the attackers. We’re working very closely with our customers on the direction of our product and we are seeing great enthusiasm from them.
[eFM]: Do you live in Israel? And is your company based in USA? Why’s that? And what do you think about growing cyber security market in Israel?
[DK]: Like a lot of other Israeli companies, the research and development of the products is based in Israel while the sales, support and marketing is in the US.
The growing cyber security activities can be related in part to several companies that started this industry in Israel and to the IDF activities which provide a sort of “greenhouse” where a lot of young talent is grown. These extremely smart engineers are not only good at developing technology, they also feel they can do everything and change the world. And in a way, they do just that!
[eFM]: Is Israel facing the same shortage when it comes to talent pool as the rest of the industry?
[DK]: Sadly, this is an international phenomenon. Israel has many talented engineers and security experts. On the other hand, we have many cybersecurity companies – both established as well as startups – so while the talent pool per capita is big, so is the competition for talents.
[eFM]: From a strategic standpoint, what are some of the biggest challenges organizations currently face in the cybersecurity world?
[DK]: The main challenges facing organizations today can be divided into two main aspects: technology and management. On the technology aspect, today with the different communication channels in use within organizations and on the Internet, organizations are more interactive than they used to be. All these new communication channels are extremely important for the organization's’ productivity - but they also create an abundance of vulnerabilities that attackers can exploit in order to infiltrate the organization and extract significant data.
On the management side, while there’s a growing awareness to risks, in many organizations, the crucial importance of cyber security is still not fully understood by all levels of management. CISOs often need to fight in order to elevate and educate the CEO and the Board regarding the significance of cyber security investments and plans.
[eFM]: How do you think this issue can be solved? Or will it have to come to even more spectacularly catastrophic security breaches for CEOs and Boards to start taking this seriously without mentioning it multiple times?
[DK]: As I mentioned, we see that awareness amongst managements is steadily increasing. In this respect, I am optimistic that, with time, we will see more and more investments going into cybersecurity. However, history does prove that major breaches – especially those that are followed by negative publicity – serve as a catalyst for companies (affected or otherwise) to take action.
[eFM]: Which new cybersecurity trends would you pick as the most crucial?
[DK]: Cyber security will be involved in all parts of our life, starting, of course, with the work place, and all the way to our cars and homes. In each of the different areas, one must assess the risk vs the investment to mitigate the risk. From this point of view, I would concentrate on protecting the data in the organizations and protecting the infrastructure (municipality, energy, water, etc.). We have to remember that the attackers will always go first after the easy targets – so not investing in protection is a certain way to get hacked.
[eFM]: Any important plans for the future that you would like to share with us?
[DK]: During 2016, we plan to continue to expand our footprint in North America and enhance our development efforts. To do that, we’re growing the team, adding more muscle to both the R&D as well as to the sales and marketing groups.
[eFM]:Any tips or tricks for cyber security enthusiasts?
- If you are not certain about how to start a data protection plan, take time to figure out what your most valuable assets are – and begin by protecting those
- Always assume that you’ve already been hacked
- Some protection is better than no protection
Doron Kolton, founder and CEO of TopSpin, has 30 years of managerial experience developing advanced software and data security solutions. Prior to founding TopSpin Security in 2013, Doron was in charge of web application firewall (WAF) development as VP of Engineering of Breach Security, a position he continued to hold after the company was acquired by Trustwave. Prior to that, Doron held a number of senior management positions including VP of R&D at Gilian Technologies, Head of the Software Department at Motorola Semiconductors (Israel) and Software Development Manager at Radway.
Web page: TopSpin Security
LinkedIn: LinkedIn Page