With much thanks to Vladi Sandler, Co-Founder and CEO of Lightspin, Aviva Zacks of Safety Detectives got a good understanding of what his company does to protect its customers’ cloud infractructure.
Safety Detectives: Can you tell me about your journey to cybersecurity and to Lightspin?
Vladi Sandler: I started my journey in the military in the Information Security Corps as a captain in incident response. After five years, I retired and joined Ernst & Young as Senior Consultant for penetration testing. About six months after I joined them, I initiated and become to be the head of the application training program where I trained 24 pen testers. During this period, we also worked with the American and European market customers.
Two and a half years after, I got the opportunity to join General Electric in vulnerability and cloud. That is when I discovered that I really loved cloud, and Cymotive, which is partially owned by Volkswagen, asked me to join them to initiate their automotive cloud security architecture team. We provided consulting/secure design services for the Volkswagen next-generation cloud called ODP, One Digital Platform. I was responsible for the secure design of the project review together with my team. After that, Or Azarzar and I decided to initiate Lightspin.
SD: Can you tell me what your company does?
VS: Lightspin is a Contextual cloud security platform, which means we analyze your environment as an attacker’s offensive approach. We do this with read-only permissions and in a passive way when the solution itself is a proactive solution, which means executed once the deployment happens or during the deployment process of the cloud environment. We analyze your cloud stack from infrastructure as a service to platform as a service. We analyze permissions, configurations, vulnerabilities, credentials, and misconfigurations and map them in order to connect the dots. We have a sophisticated, patent-pending algorithm that can show you the red glasses of the attacks. It will show you how the attacker sees your environment and how the attacker can exploit the different problems. We detect it as one chain. So if it sees there is a server exposed to the Internet, it’s problem number one. If this service specifically has improper network information to other servers, it’s problem number two. If the next server has some problem, it’s problem number three. We connect the dots and show you how exactly the attacker can cause the damage and obtain sensitive information in this case. Separately, these problems might not be so severe’ it’s the path that connects between them that makes the issue critical.
SD: What verticals use your services?
VS: I think the beauty of Lightspin is we can give a solution to any kind of market that you can imagine because everyone uses the cloud today, especially because of the digital transformation process. So any organization that uses infrastructure as a service or Kubernetes as a platform as a service can be a potential customer. We are more dedicated at this stage to the financial and technology sectors in central and western Europe, the United Kingdom, and central east coast of the United States, and other areas as well.
SD: What are the worst cyberthreats today?
VS: In my opinion, because people moved to cloud, they have less experience and knowledge of how to manage their cloud security posture. As a result, attackers exploit the classical misconfiguration, causing damage like a data breach or information disclosure, which can cause their reputation or financial point of view of their organization.
We are seeing all the time an improper implementation/deployment of Kubernetes and AWS environments, including cases such as exposure of sensitive assets to the internet or attach over permissive and risky permissions to internet/improper assets in their cloud environment, but at the end of the day, the attacker does not always come from the internet and internal threat who exploit the improper permission to make a privilege escalation some times more dangers than an exposed asset to the internet.
SD: Where do you think cybersecurity is headed now that we’re living through COVID-19?
VS: I think the COVID accelerated the number of attacks just because of the data transformation process. As I said before, the maturity of this organization to the cloud and the maturity of the security and the cloud is lower than on on-premise because most organizations much more experience and understanding in on-prem environments than in cloud. I think attackers today are much busier than four years ago—taking advantage of more recent opportunities.