Founders of a leading Israeli cybersecurity company issue a stark warning against what they see is a failure of Israel to prepare for the increased risk of cyberattacks bolstered by the use of AI, which they say could even disable the Iron Dome missile defense system, as well as critical infrastructure.
More stories:
by American acquisitions of Israeli hi-tech companies haven’t caused any great excitement in Israel for years. We’ve gotten used to it. But when it’s the other way around, when an Israel company buys an American company, is always refreshing news. Two weeks ago, cyber giant Armis pulled $20 million out of its wallet and bought American AI company CTCI that specializes in identifying cyber threats.
This is no small sum, but Armis can afford it. Recent reports suggest the company is currently also negotiating the acquisition of an Israeli startup called Silk Security. Armis, a privately owned company valued at $3.4 billion with an annual revenue rate of almost $200 million, is widely regarded as a flagship Israeli cyber company. With 650 employees across the globe, half in Israel, Armis’s defense systems countering cyber-attacks secure 35 of the 100 Fortune 100 companies ranging from Colgate Palmolive through to Milka and Toblerone’s parent company, Mondelez. The company protects over a billion devices connected to the Internet in various ways.
What has a cyber company got to do with AI?
"We’re already seeing AI’s dramatic impact on the scale of cyber-attacks worldwide," says Armis CEO Yevgeny Dibrov. "AI tools allow even a relatively small attacker to produce an attack on a particularly large, unprecedented scale – a hundred, sometimes a thousand-fold."
Armis CTO, Nadir Israel: “Just imagine an attack on a huge target – let’s say fence miles-long. AI can operate at a speed that can simultaneously locate and exploit breaches and weaknesses. For the first time, we’re now also seeing AI-based attack platforms. It’s like with the Houthis. We’re not used to thinking of superpowers as cyber powers but now, with weapons that cause enormous damage, they’ve become superpowers overnight.”
Armis was founded nine years ago, an eternity in the world of frenetic high-tech. Despite the company’s young age, its two founders, Dibrov (35) and Izrael (38), rank among the most experienced managers in Israeli cybersecurity. Few industry executives have such extensive knowledge of both the visible and concealed in the long and hard battle against hackers in Israel and across the globe.
Is it true that during the months of war there has been a dramatic leap in cyber-attacks on Israel and government targets?
Nadir: "Yes, but these are relatively light tools. We haven't yet experienced the heavy tools. Attacks overseas have shut down entire countries – and not just once or twice. To be completely honest, my fear is that we haven’t yet seen the Cyber October 7, either in Israel or in general. We haven’t had a situation in which Israel is without electricity or internet for days. It’s clear that the tools do exist on the other side, and that our degree of readiness as a country is not amazing. We mustn’t think we’re so protected. It’s clear to everyone that this weapon is a step up. Like in the physical world, there are always capabilities that aren’t used except in extreme situations, but the fact that they haven’t been activated yet doesn’t mean they don’t exist. Here, too, there is a balance of fear."
Is there a connection between cyber defense from economic damage - like harming insurance companies - and cyber defense averting state damage like shutting down water and electricity infrastructure?
Nadir: “The best example of a gamechanger would be the 2017 NotPetya Russian attack on Ukraine. The virtual weapon, originally aimed at Ukraine, quickly spread across the globe disabling huge companies. This made us realize that it makes no difference whether you’re a government office, a chocolate manufacturer or a delivery service. You don’t even need to necessarily be the target to get hurt. This shift in the equation has meant that everyone started protecting themselves from everything.”
Is there any connection between an intelligence failure such as October 7 and a failure of the country’s cyber system? Did cyber damage, to which maybe we’ve been less exposed, occur simultaneously?
Nadir: “I don’t think there’s any proof of that. But I will say that even a smart fence built out of connected devices can be breached. I don’t know if that’s what happened. I’m sure that even if it did, it’s not information that’ll come to light anytime soon.”
Is Israel not ready? No other country has such a high concentration of companies dealing with cyber defense.
Nadir: “I’m not, Heaven forbid, saying that defense organizations aren’t thinking about it but, given what we know about Israel’s level of preparedness, I’d have to say no. As a nation, it’s hard for us to prioritize addressing things we haven’t seen happen. I’m not just talking about an attack on a hospital. I’m talking about one day finding ourselves with a barrage of rockets and suddenly the Iron Dome systems aren’t working and we have no idea why. We’re very lenient toward companies that don’t keep their information secure, are constantly getting hacked and aren’t addressing these failures.”
Yevgeny: “In cases of attacks on cyber companies like Target and Equifax in the US, the CEOs were sent packing along with the rest of company management. If the CEO knows he’ll be gone if he doesn’t do everything to protect the company, he’ll behave differently. Public companies in the US now have to report every cyber-attack.”
Just this week, Google published a report about an Iranian cyber group attacking the aviation and defense sectors in Israel and the Middle East. Is Iran a cyber powerhouse?
Nadir: "Yes, in other fields too. The fact that the Russians are currently fighting the Ukrainians with Iranian drones and UAVs tells us a lot about the degree of Iranian involvement on the world stage. That doesn't mean we’re not good, but it does mean they should be taken very seriously. No less worrying is the alliance taking shaped between Iran and countries like Russia, China and North Korea, each an independent superpower."
Fake News has been a very difficult issue during this war. It’s included targeted distribution of false written information, pictures and videos. Do fake news and cyber overlap in any way?
Nadir: “Groups engaging in cyber-attacks and those spreading fake news are invariably the same groups. You might wonder how a country like Russia is connected to fake news in our conflict. The answer is that the war is against the West, not just against Israel. It happened with the Covid vaccinations debate and in US and European elections. The countries in question – Russia, China, North Korea – are very experienced at consciousness engineering and have been implementing it on their own citizens for years. Ever since social networks have taken such a central part in our lives. They can now do it on the West.”
Aren’t you thinking of getting into this field and developing tools to also fight fake news in all its forms?
Nadir: “Our customers don’t need such tools, but technologically yes, there is overlap. Some developmental initiatives our employees have been addressing on a voluntary basis in civilian war rooms during the war, have touched on the battle against fake news. With the development of AI, technology can also change the rules of the game. As a country, I’d put my money there. “
Yevgeny: “With good technology, we can definitely make the truth, and our position, more accessible. And we’re good at technology.”
2024 must be a challenging year for cyber: Half the world is going to elections this year. Moody’s, only recently, warned of an increase in cyber-based espionage due to worldwide elections.
Nadir: "True, and the challenge isn’t just protecting the election systems themselves. The timing of major cyber-attacks in close proximity to the elections can change their results. We must remember that cyber-attacks are extremely cost-effective with the lowest price relative to the strongest effect. Even more so than terrorism."
Although classic products of elite units (Izrael served in and Dibrov in 81) where they first met while working on a joint project that won the Israel Defense Prize, neither fits the stereotype:
Dibrov was born in Ukraine. His parents divorced when he was a year old and he immigrated to Israel at the age of four with his mother and grandparents who settled in Rehovot’s Sha’arayim neighborhood. After his military service, he completed a bachelor's degree in Computer Science at the Technion. He then worked for a year at Mellanox (now Nvidia) before joining the founders of the Adallom. When Adallom was sold to Microsoft, he was free to set up Armis.
Izrael grew up in Kiryat Ata. His mother, who had a serious car accident, suffered disability and almost complete blindness and needed the support of both her children. He attended yeshiva high school and, at night-time, taught himself computer programming from a book his father had given him. After serving for six years in 8200, he studied Computer Science and Physics at the Technion. He met up with Dibrov once again on the Lapidim Excellence Program and started working at Google’s R&D center at the end of his junior year. In 2014, he joined Dibrov on the Armis adventure.
Is the fact that neither of you were born with a silver spoon in your mouths a motivating factor for success?
Yevgeny: “It’s a very important factor. My mother and grandmother had very well-respected professions in Ukraine but, in Israel, they worked picking oranges and clementines. My grandfather worked pumping gas. There was no money for a car or travelling overseas, but what little there was, they put into my education – books, every possible extra lesson etc. I very much appreciated it, even when I was very young. This hunger definitely meant I’d work hard and that I’d have what they didn’t.”
Nadir: “I was raised in religious education and, over the years, I’ve developed empathy and the ability to see beyond the visible aspects of things. Caring for my mother meant we took on responsibility from a very young age and it gave me the ability to manage under difficult circumstances. You learn to make your way in life and understand that you always have responsibility, including toward others. Serving in 8200 and 81 was definitely a springboard. In these units, you feel the responsibility of carrying out the task that, come what may, has to be done – even without resources or manpower.”
Dibrov and Izrael never imagined the experience they accrued in stressful situations would serve them later in life, in October 2023. Approximately 20% of Armis employees in Israel were drafted to reserve duty and the company devoted the first days of the war exclusively to the care for the conscripts and their families and ensuring those not drafted were functioning completely.
And you have big customers with ongoing needs.
Nadir: “Yes. Overseas, they understood the complexity of the situation and we knew we could count on their empathy, that we just had to push through, however hard it was. If big companies, can’t rely on Armis at any given moment for protecting their most critical infrastructure, when considering what product to buy, they’ll go for a product that’s not Israeli.” Yevgeny: “We quickly conveyed a Business-as-usual message to our customers and we ensured our customers wouldn’t feel anything had changed.”
Nadir: “If an employee wasn’t functioning on a certain day, there would be others functioning okay, and we made it clear that it’s alright to talk about it and allow people to help one another. We tried compensating with teams from overseas and move on. A few weeks into the war, most workers wanted to get back to a regular work routine where you have control in a situation which is less controlled.”
There was an instant click in 2014 when the two young men met up again at the Technion. It was clear to Dibrov and Izrael that they would found a cyber startup. But they didn’t know anything more than that.
Hospitals did not have basic anti virus protection
How do you launch a startup without knowing what you’re going to develop?
Nadir: “We did something that’s quite common now, but at the time was considered a bit odd: We approached people we knew in the cyber industry – data and systems security CEOs – and just asked them what they felt they were lacking. We asked them what their biggest problems were that constituted the greatest challenge that not everyone knows how to solve.”
Yevgeny: “We gradually realized how organizations had changed. Whereas most devices in organizations used to be laptops PCs, every device is now a computer serving all purposes – smartphones, tablets, TVs, MRI machines in hospitals, industrial control systems (ICS), security cameras. They’re all connected one way or another to the net and they’re all part of organizational systems. The guys told us they didn’t have anti-virus systems for these devices, so they couldn’t be protected from hacking through these devices.”
Nadir: “I remember being astounded that the average hospital just doesn’t know what devices it has. Think about it in military terms: You’re planning a campaign without even having a map of the area. So, in its first stage, Armis offered organizations such a map surveying everything linked up to, and belonging to, the organization. The next stage used the map results, locating risks, problems, weak spots to be addressed. “
Yevgeni: "Before we conducted the tests, organization network administrators would tell us they had somewhere between 100 and 200 devices, but they didn’t know how many or what they were, and some were only represented by an IP address. They were stunned when we showed them the system we’d built. It could identify every device on the network by name, manufacturer model, IP address and operating system, and indicated where its weaknesses were and what the potential consequences were for the organization.”
On what principle do you base your protection?
Nadir: “Think of a vast array of organizations across the world: aviation companies, hospitals, factories, banks, hi-tech companies etc. All these environments in which Armis is already networked constantly teach us how specific devices behave. Device X links twice daily to website Y and carries out Z. We learn this behavior and use it to know when a device is doing something it’s not supposed to. If one device out of 1000 suddenly does something different to its friends, it’s almost never good news.”
Yevgeny: “We’re continuously monitoring something on the scale of 4 billion devices. A security camera in an organization usually films, receives updates from the Cloud and sends information to a certain server. The moment it suddenly sends information to a server in China for example, or makes contact with Russian servers – it’s a bad sign. The vast amount of information we gather about device behavior allows us to identify these anomalies in real time and halt the attacks the moment something happens."
You operate in huge environments. From your experience, can you say where most of the hacking is coming from?
Nadir: “It’s usually from the simplest things. How many times have you ignored security updates on your browser or operating system. It takes world organizations an average of 180 days to discover a weakness in their system and address it. But it only takes 7-12 days for a tool to appear that can exploit a new breach and attack it. This discrepancy is very problematic.”
Yevgeny: “A large part of organizations’ and countries’ most critical systems are old. Many devices haven’t been updated for years and weaknesses accumulate. Some just can’t be updated. If you have a 40-year-old factory and the machines work fine, you’re not going to suddenly throw them away. You simply need to make sure that nothing external gets to them.”
Nadir: “Until a year or two ago, tools identifying and then reacting to attacks were commonplace. Our approach is different. It’s cleaning up the entire area. Instead of protecting each device separately, we protect the area from attack. We create a collection of obstructions along the way, preventing the devices from being exposed to harm at all.”
Cyber hacking has become a much more profitable business
What’s changed in cyber-threats since you founded the company?
Yevgeny: “Firstly, the scope of threat has increased. In 2015, when we checked which types of devices were connected to organization networks, laptops and PCs made up 50% of devices in an average organization. It’s now under 2%.”
Nadir: “Secondly, as a rule, the world’s become a more dangerous place. Cyber hacking has become a much more profitable business. We’re seeing a lot more ransom attacks than we used to. When we were serving in the IDF, dealing with cyber was under the radar, always as part of complex intelligence operations. Today, states carry out cyber-attacks on one another, almost openly.”
And yet, even when the identity of the attackers is exposed, they always talk about "groups of hackers," hiding behind various aliases.
Nadir: "Compare this to what is happening now in the Red Sea. Who is allegedly attacking? The Houthis. And who’s really attacking? The Iranians. This what it’s like in cyber: Countries have many more options when they’re not officially doing the attacking, but rather a 'group of hackers' - as though acting independently. And in the end, it’s Russia, China, North Korea and Iran. It’s also acceptable between countries. They just do it differently, and for different purposes."
Of the cyber-attacks worldwide, for how many are countries responsible and for how many are groups of crooks, just wanting to make money, responsible?
Nadir: “Good question. Sometimes it’s hard to tell the difference and there isn’t always a difference. Let’s imagine a ‘group of hackers’ attacks a bank for financial gain, but at the same time, also attacks a hospital because that’s where they’ll be politically directed. Either way, the percentage of attacks with countries behind them has risen dramatically.”
The Covid pandemic also exacerbated cyber-attacks as the world was online. Following the pandemic, our dependance on technological tools, especially the Cloud, is much higher. We use more apps and carry out more actions online. Companies have learned that they can access their computers without actually going into the factory. They learned this – and so did their attackers.”
Does this justify the huge number of cyber security companies operating in the market, especially in Israel?
Nadir: “You can compare this to wars too. Up until the Russia-Ukraine war, it looked like nothing new could be done on the battlefield, and then along came the drones and the UAVs. Changes like this require developing new defense and combat tools. A similar development is also taking place in cyber and at an indescribable pace. All these changes, coupled with the rapid and sweeping transition to the Cloud, to “everything’s connected,” create new cyber targets.”
“But yes, it is true that there are too many cyber companies. The economic reality coupled with new opportunities that came along during the pandemic means everyone set up companies. The threshold for setting up a company two or three years ago was very low. This is how companies that wouldn’t be set up today came about. Now, the strong survive or have all kinds of mergers.”
Yevgeny: “The trick is building a complete platform made up of several products applicable to various markets. Companies that don’t make it are either bought out or they close down. We know this from our meetings with companies working with us pushing us to provide them with comprehensive solutions. They don’t want one supplier for one problem and another supplier for another.”
Do you believe cyber in Israel is stable and strong enough and that hi-tech companies in medicine, climate and food should be helped?
Yevgeny: “Yes. Cyber is more stable because world demand is more stable. Even if organizations need to make budget cuts, you just can’t take those risks with cyber. When we protect a company like Gilette, or Proctor and Gamble, it’s not just nice to have. If the factory shuts down, hundreds of millions of dollars are thrown away. And over the years, a strong infrastructure of cyber companies has been built up in Israel.”
Are you optimistic about hi-tech’s future in Israel?
Yevgeny: “Very optimistic. I have great faith in the human element here, in Israeli talent that benefits from very good training in the army and at the universities. They have to keep investing in it. It’s also important to incorporate more diverse population elements into hi-tech.”
Nadir: “Diversity is important at all levels – people, ideas, fields of activity. Excessively relying on one kind of population type, even one way of thinking, degrades. I’m optimistic, but it’s unwise for an industry to base itself on just one or two fields in which we’re very strong. If anything were to change, and the rug is pulled from under our feet, we’ll collapse. AI is a field we’re not good at right now, but we definitely could be. The world will undergo massive changes in the coming decade – in the energy market, quantum computers, AI etc. Each of them changes the whole picture in their own right. Each one of them is an opportunity for Israeli hi-tech.”