“The state of global cybersecurity is not faring well,” warns XM Cyber co-founder and CEO Noam Erez, “and the consensus is that it’s about to get worse.”
That outlook might seem bad news for companies looking to make their data watertight. It’s a goldmine for companies like XM Cyber, founded out of Israel’s formidable intelligence community, which are using ever more innovative ways to keep cybercriminals away from companies’ prized assets.
Yet despite the fact that the global cybersecurity market will grow to $224.48bn by 2022, it is still difficult for startups in the space to flourish. “There has never been more interest in cybersecurity, and ever more start-ups and yet funding is still very difficult,” says Erez. “What’s more, good ideas are always copied.”
Thankfully for Erez and his experienced team, XM Cyber has a very good idea indeed. For years companies have hired penetration testers, and performed red team exercises, to simulate cyberattacks.
Red team automation was the next goal. But it hasn’t quite been mastered. Firms have struggled to function as an automated red team one-on-one, without affecting network availability and user experience.
“This is a major hurdle that cyber companies have not succeeded to overcome to date,” says Erez, who spent over 25 years working for the Israeli state. Second co-founder Tamir Pardo is a former Mossad Director, while the third is Boaz Gorodissky, is a longtime head of tech in the Israeli government.
“My co-founders and I realized, the only way to prevent a cyberattack in a highly connected eco-system is to enter the mindset of a hacker and identify in advance the attack vectors hackers may use to compromise an organization’s critical assets,” adds Erez.
“We brought our expertise and unique approach to the table to develop to deliver a data-driven solution that could continuously assess critical assets at risk,” he says. “Our solution provides a simple, and most importantly, prioritized actionable guidelines for resolving the pressing issues.”
XM Cyber’s HaXM APT (advance persistent threat) simulation provides the closest mindset to attackers pursuing vectors, considering the tools, tactics and processes they use to reach companies’ digital property. It comprises 24/7 attack and defense – red and blue teams – to ensure a holistic and exhaustive approach to security.
HaXM is, in the company’s words, the “first automated purple team”. Since its foundation just two years ago XM Cyber has won a series of awards, and interest from vendors and experts all over the world. It is success Erez pins to experience, innovation and trust – and that which he hopes helps his company scale fast.
“Ramping up quickly while still innovating drives business, provides value and garners the respect of people that either want to partner with the company or invest in the company,” he says. “Building up strategic partnerships quickly helps start ups gain traction and move up in the business food chain.”
Coming from Israel, which has the most number of cybersecurity startups behind the US, hasn’t hurt XM Cyber’s prospects. “There is a culture of starting all over again and keep on going, which is crucial for the cultivation of a start-up scene,” says Erez.
Above all, Erez hopes his company can help plug a growing gap in the security market, that could precipitate a flood in attacks. There are currently a million unfilled cybersecurity roles worldwide, and that number could reach 1.5m by next year.
Automation, and the development of a 360-degree purple team, gives XM Cyber the edge to succeed in that precarious environment. “I think systems that automate security and compensate for the skills gap could be a direction worth exploring,” says Erez. “The growing need for automated security solutions is further fueled by next-generation hackers and their increasingly sophisticated tactics.
“Cyber-attackers, with a lot of resources at their disposal are turning to improved tools that automate attacks and exploit networks,” he adds. “For organizations, already running thin on security resources, the unprecedented scale and sophistication of future hackers should be a major concern.”