Some of the biggest investment rounds were made in two standout start-ups to emerge from Israel’s cybersecurity sector in recent years: GuardiCore and Fireglass. Last year these companies — both of which made CNBC’s inaugural Upstart 25 list — raised funding rounds of $20 million. GuardiCore, founded in 2013, helps customers detect active breaches inside their data centers in real time, reducing the time it takes for a company to realize it’s even been hacked from months to minutes. FireGlass, founded in 2014, uses isolation technology to protect networks. Users browse the internet or read email within the Fireglass service, which effectively places a secure buffer zone between the user and any malicious online content, preventing hackers from reaching the network. Large enterprises and Fortune 100 companies use the services of both companies to secure their data centers and protect their employees.
Although they are separate companies, they share one characteristic that’s at the heart of each start-up’s meteoric rise: Both the founding teams of GuardiCore and Fireglass contain former members of the Israel Defense Forces.
For nearly four decades the Israeli military has been grooming a new kind of soldier: cybersecurity intelligence experts.
Some are trained in the elite Talpiot program, where they earn degrees in physics, math or computer science. Other soldiers, including some trained in Talpiot, work in the famed intelligence unit of the IDF, credited with creating the Stuxnet virus that infected the computers inside Iran’s nuclear enrichment program.
“In Israel, companies and customers are more open to experimentation. So you have this small playground where you can try stuff.”-Ron Berman, assistant professor of marketing, Wharton School of the University of Pennsylvania
In the Israeli military, the focus is often on securing large enterprise systems and data centers, practical training that has proved useful to IDF veterans who went on to found their own companies.
“When people leave the military, many go out and start their own companies. When you’re finishing your army service at age 21 with three super-intense years of cyberdefense training at the highest level, that’s really the biggest edge,” said Tal Slobodkin, a veteran of the IDF and now partner at StageOne Ventures in Israel.
Leading the charge
The payoff has been huge. Israeli cybersecurity firms own roughly 10 percent of the worldwide $11.9 billion market today, and the country is home to some 300 cybersecurity companies. In 2016 alone, 83 new cybersecurity start-ups were founded, according to YL Ventures, an investment firm with offices in Silicon Valley and Tel Aviv.
“Israel has always been defense-minded and proactive in their defense,” said Judith Germano, senior fellow at New York University’s Center for Cybersecurity. “Combine that defense mind-set with an entrepreneurial spirit, and within Israel that has helped to create this boon.”
According to YL Ventures data, $560 million was invested in Israeli cybersecurity companies in 2015. In 2016 that number rose to $689 million.
Of course, Israel has a history of cybersecurity success to draw upon. Check Point Software, among the earliest companies to develop firewalls to keep hackers out of computer networks, was founded by three IDF veterans and went public in 1996. CyberArk, whose co-founder and CEO Udi Mokady served in the intelligence unit of the IDF, makes software to identify and then block unauthorized access to privileged parts of an organization’s computer network once hackers have made it inside.
Because the Israeli military tries to predict and plan for how cyberattacks of the future will be carried out, it’s typically the case that those soldiers who receive cybersecurity training are “ahead of the curve with where things are going,” Slobodkin said.
That carries over when IDF veterans found private companies. When CyberArk went public in September 2014, it was already pulling in revenue of more than $100 million. Following the hack of Sony Pictures Entertainment two months later, its share price rose quickly as large organizations recognized the need more than ever to protect their digital assets. By the end of 2015, CyberArk had $161 million in revenue, a 42 percent year-over-year increase, and was worth $1.42 billion.
Staying on the offensive
“Israel has been on the cutting edge on the military side of developing offensive and defensive cybersecurity. It’s natural that this stuff has migrated from military applications to consumer applications,” said Scott Tobin, a partner with Battery Ventures, based in Israel, who led the firm’s investment in GuardiCore’s latest funding round.
That cutting-edge cybersecurity found its way into GuardiCore and Fireglass.
Fireglass co-founder Guy Guzner worked 13 years at Check Point as director and then head of security products before leaving to start his own company. His co-founder, Dan Amiga, is a veteran of the IDF’s intelligence unit, which is how isolation technology became the core of Fireglass’ business today.
Cybersecurity expert Guy Guzner, co-founder and CEO of Fireglass
“He was doing network security, and they were using the concept of isolation, of keeping threats away, for their classified network,” Guzner said. “It’s a military-grade approach to security. We combined it with my experience with enterprise security to bring it to the civilian world.”
GuardiCore started out in a similar fashion. Co-founders Pavel Gurvich and Ariel Zeitlin both worked on cybersecurity technologies in the IDF, according to GuardiCore’s vice president of marketing, Dave Burton. In addition to helping customers detect breaches inside their data centers, GuardiCore also specializes in deception defense. When a hacker does manage to make it inside a network, GuardiCore’s technology allows the company to simultaneously see every move a hacker is making while also leaving enticing digital breadcrumbs to lead hackers away from the most important files.
Technology’s second wave
Start-ups such as GuardiCore and Fireglass are beneficiaries of the second wave of cybersecurity in Israel, according to Talpiot graduate Ron Berman, who’s now assistant professor of marketing at the Wharton School of the University of Pennsylvania. The first wave took place in the 1990s, when companies like Check Point were creating the first firewalls to guard organizations from the large volume of new internet traffic. After the dot-com bubble burst in the early 2000s, the surge in venture funding to new cybersecurity tech slowed in Israel.
But large-scale hacks in the United States in recent years powered a second wave. Examples abound: Target, Home Depot, the Office of Personnel Management and then the Sony hack in November 2014. As enterprise companies started clamoring for quick solutions, that created an opening for small, agile Israeli start-ups to step in.
Because Israeli start-ups, like GuardiCore and Fireglass, often have founding teams with military backgrounds and experience in enterprise security, they’re positioned to focus on the next round of cybersecurity challenges for companies: cloud security. Being able to keep watch over a virtual environment as well as servers in a physical data center will be key over the next decade.
“Every big corporation is moving their data center into a modern, virtualized environment. They all have this need,” said Tobin. “For as much talk as there is about the cloud, we’re still at the formative, early stages.”
Whether GuardiCore or Fireglass becomes as big as Check Point or CyberArk is still a question. But if Israel’s track record means anything, there’s a good chance.
“In Israel, companies and customers are more open to experimentation,” said Berman. “So you have this small playground where you can try stuff.”
The SA Israel Chamber of Commerce was founded in 1978 and restructured in 1999. With more than 170 corporate members on board, and growing, it is known as the only Chamber of Commerce which promotes business and investment between Israel and South Africa.