Aviva Zacks of Safety Detective had the chance to sit down with Gilad Peleg, CEO of SecBI. She asked him about his company’s threat detection services and learned about a whole lot more that it offers.
Safety Detective: How did you get into Cyber Security and what do you love about it?
Gilad Peleg: While serving in the IDF as a young man, I was in the security and cryptography unit. Back then, “cyber” didn’t really exist, at least not by that name; it was called information security. During my professional career, I moved from customer-facing activities, to product, back to customer, and then to business development. Just an interesting aside, I was the first person to install a hotspot in an airport lounge.
While working for one of the pioneer wireless companies, I told a prospective customer that they needed a wireless connection. They didn’t understand why they needed it, so I explained it’s value. With cybersecurity, we don’t have this problem—people understand the need. Perhaps they don’t understand how it works, what drives hackers to get into their network, or sometimes they don’t quite understand how extensive the damages can be for their business. And here’s the most interesting thing about cybersecurity—the fact that we are up against adversaries who are extremely motivated and smart, so it’s an ongoing competition. In cybersecurity, you are always up against a new kind of attack or malware, and as the cybersecurity provider, you have to find new ways to overcome those new threats.
SD: It occurs to me that your answer explains why the cybersecurity industry is so prevalent in Israel. You described the new cyberthreats that you constantly have to look out for and it’s very similar to what the Israeli army goes through both physically and in cyber.
GP: That’s the reason that I would say that Israel is the cyber capital of the world.
SD: How does SecBI protect its users from threats—specifically with threat detection?
GP: Threat detection is just one piece of the puzzle. There are a lot of security controls installed in customers who are primarily large organizations or enterprises, whose job is to prevent bad things from happening. I’ll give two examples of very common cyber tools installed in a medium to large business: One is a firewall, and another is an anti-virus solution. Let’s call them the windows and doors of cybersecurity. You don’t go out of the house without closing those windows and doors, but sometimes bad people figure out a way in anyway. After all, they are motivated to get into an enterprise’s network because cybercrime can bring large rewards for minimal effort. So, they’ll find a way through the window, through the door, or under the cracks.
Therefore, you need the second line of defense, which is detection, to find what the prevention systems have missed. Prevention systems must make very, very quick decisions. If you’re accessing a website or sending a file, you don’t have time to wait and start analyzing a billion things to decide if it should be blocked. The AV manager and the firewall have to make very quick decisions at high speeds, and their information is based on policies controlled by humans, meaning they’ll make mistakes, which are exploited by hackers.
By the way, the majority of what gets through is benign. Overall, in an enterprise’s network, there’s good communication, but some of it isn’t, and that’s the hard part—finding the bad
So, you take all the data that was blocked by the prevention system and then you have to analyze it and understand what part of it is actually suspicious or malicious. The way you do that is by behaving like any investigator. You look at all the data; you try to make sense out of it. You combine the relevant pieces together until you get a clear picture of what has happened, and then you can decide if that picture represents something good in the majority of cases or something bad, like a suspicious or a malicious activity. The difference is that the SecBI system does this investigative process automatically, based on AI, meaning it takes a few minutes and works more accurately.
SD: What types of enterprises does your company sell to and why specifically those?
GP: From financial institutions and insurance companies but also manufacturing, health, retail, consumer goods, telecom, technology providers, and service providers, in general, are our customer base. Any mid-size to very large organization that has valuable data will need SecBI. We have a small bio-pharmaceutical customer that is developing a cure for cancer, so all their data is extremely important.
SD: What cyberthreats do you feel that people should be concerned about today?
GP: If you’re a bank, for example, you’re worried that somebody will steal all the financial credentials that you’re holding and at the same time, you are concerned that your web service or your services to your customers will continue to be available.
SD: How do you see cybersecurity developing in the next few years?
GP: Cybersecurity develops according to the advances made on the adversaries’ side, so as they become more sophisticated and utilize additional vectors of attack, so must we, the technology vendor. There’s going to be more use of machine learning and AI in different ways. There will be much more automation, and more decisions will be handed off to machines. The world of cybersecurity is going to have to find a way to deal with the growing number of the ways and paths taken by cyberattacks. For example, we know about the internet of things (IoT) and that everything is moving towards being connected, which will make us all the more vulnerable. Without the right cyber defense in a connected world in all types of business, you’re going to get hacked, plain and simple. And that’s a big challenge because we’re not there yet.
One more thing is going to continue to happen—hackers will continue to utilize the naivety of human beings. We’re all going to get tricked and socially engineered to do things that we don’t want to do—whether to believe something that is not real, or to click on something which leads to a bad place, or to reveal something that we shouldn’t, like passwords.