Jul 21, 2015 - continued to Akamai as the Senior Director of Security Product Strategy. When I joined, Akamai had just e
Frost & Sullivan Market Insight
Published: 21 Jul 2015
Movers and Shakers Interview with Roy Katmor CEO of enSilo Date Published: 21 Jul 2015 1n 2013, one of the largest ever data breaches hit US retailer Target emphasizing to enterprises that attackers continue to be intent on data and are capable of stealing that data out of their network. The paradigm shifted towards the need to prevent exfiltration by external threat actors, inspiring the formation of a security company that could help enterprises protect sensitive and confidential data from the threat of exfiltration. In this edition of Movers and Shakers, we talk to CEO Roy Katmor about enSilo, a company he co‐ founded in August 2014 focusing on just that – blocking data exfiltration even in the face of a compromised business environment. Tell us how you started off in the security industry? I studied Information Systems at the Technion – Israel Institute of Technology and as a student, I worked at Rafael Armament as a software engineer. After graduating from University in 2003, I joined SAP as a software team leader. My first foray into developing security solutions was with Breach Security. Eventually, I became its Chief Architect, and as the position required, I moved to the United States and filled a leading role in the company's acquisition in 2010 by Trustwave. I headed Trustwave's Product Management for the Web Application Firewall (WAF) and after a couple of years, I moved on to Imperva as Director of Data Security Product Management and Architecture. At Imperva, I worked on data security products such as developing data activity monitoring tools. After leaving Imperva, I had a short stint at Carmel Ventures, one of the largest VCs in Israel, helping to develop its security strategy. I continued to Akamai as the Senior Director of Security Product Strategy. When I joined, Akamai had just entered the security market. My role was to envision and execute a longterm security product strategy and scout for security acquisitions to enhance Akamai’s security portfolio. Akamai is still strong on security, aiming to be one of the world's leading security vendors. It was during my time at Akamai that I realized that the security industry needs to reevaluate its strategy in the face of advanced targeted attacks. At that stage, I was eager to try something new which led me to cofound enSilo. You’ve had a lot of success in various roles at different security companies. What inspired you to leave and create enSilo? I have always been very interested in targeted, persistent and advanced attacks, understanding their trends and predicting how they will evolve over time. The Target breach served as a wakeup call to me that it’s time to consider solutions that help protect against the consequences of an attack. After all, a targeted attacker will eventually manage to penetrate a business network no matter how strong its defenses. What happens then? In parallel, the rise of advanced targeted threats is bringing enterprises to a stage where they are inundated by alerts. Threat response should be better designed with clearer warnings and not massive amounts of alert information that makes it difficult for anyone to consider the right remediation action. With these two aspects in mind, I started thinking of the right solution against advanced targeted attacks. I mapped out the problem, pointing out where the security industry is currently positioned and the gap to achieve actual protection. We need to change our mindsets. Enterprises need to live under the assumption that they are already compromised. What they need to focus on is how to prevent the consequences of an attack. Creating a new security company focusing on a new paradigm shift with a new technology is definitely a challenge. However, I’m lucky to have the right people join enSilo. For example, Udi Yavo, our cofounder and CTO, led the cybersecurity unit at the National Electronic Warfare Research & Simulation Center of Rafael Advanced Defense System. We have a good research base, and we’re continuously thinking of ways to address the pain companies face when it comes to cyber threats. We were quite intrigued to hear about enSilo’s value proposition that focuses exclusively on the exfiltration process. How does your technology work against data exfiltration? enSilo provides a platform for preventing data exfiltration by external threat actors. We can detect and block malicious outbound activity, and offer the platform as an onpremise appliance, in the Cloud, or both. The platform is a hybrid security solution with two components – a collector on a communicating device and a gateway. The technology works in the following manner: 1. enSilo’s collector on the computing device collects OS metadata. 2. Upon connection establishment, the collector sends to the enSilo gateway OS metadata together with a snapshot of the connection establishment. 3. The enSilo gateway uses patented technology to analyze the collected OS metadata and enforce
the antiexfiltration policy. 4. Only identified legitimate connections are able to communicate outbound. The solution is highlyfocused on preventing exfiltration of data. However, various security companies seem to be working on similar exfiltration as well. Which companies do you compete with and how do you differentiate yourself from them? There are a few companies now speaking about data exfiltration, most of which are already in the business of infiltration detection and provide advanced persistent threat solutions. I believe there are a few that have, or can build in, the ability to block malicious outbound communications. There are two inherently distinct differences between our solution and the competitors. First, we are not in the infiltration detection field. This means that we do not provide mass potential infiltration indications. Unlike those solutions, the value we bring to the table is that the business can continue operating as usual, albeit an infected environment. Our mission is simple: to ensure that the threat actors do not get away with the data. Second, enSilo generates just one single alert per an active threat. The benefit to the security professional is huge; the security analyst no longer needs to perform the painstaking process of deciphering alerts. Rather, the analyst knows instantly whether there is a real, active threat and that the threat is blocked. At that point, the analyst can start building and responding to the attack. We help with the initial steps of building that attack story by pinpointing the compromised device and even the communicating application that the threat actor piggybacked on. How did the brand, enSilo, come about? The idea first came from the fact that we wanted to create a concept of “enabling silos”; to communicate that it is important to silo your data from threat actors. Together, this becomes “enSilo”. If you look at our logo, the alphabet “E” is designed as a dot surrounded by an open square representing that if your data is shared correctly, the green color represents that it is safe. However, if your data is exfiltrated, the “O” at the end has a dot in it to represent that it should be siloed and enclosed. What are your plans for global expansion? Can you share a little more about your goto market for AsiaPacific? enSilo’s R&D is based in Israel where we started our company. The company’s headquarters recently opened in California where we mostly manage the business operations and sales. We provide support across the US through our experienced and wellestablished sales team. I’m proud to say that we opened a channel with APAC, almost since day one of enSilo. We partnered with ArimTech, our representative based in Singapore. Through the partnership, we were able to establish a channel network for APJ countries such as Singapore, Indonesia, Hong Kong, Macau, Taiwan, and potentially Australia. We have also appointed distributors and are working with their partners to go to market effectively. We’ve achieved much success in this market where several key enterprises are already seeing the efficacy of our products. In fact, we forecasted that about 20% to 25% of enSilo’s business will come from APAC, centralized around Singapore. Any chance you’ll be coming over to Singapore to work and oversee the business? Of course! Singapore has high potential which is why we strategically started enSilo’s representative base in Singapore. If business in APAC grows well and makes sense for it, I may develop bigger plans for this. What can we expect next from enSilo? enSilo’s next product version is coming up soon in September. The version will be really disruptive – enabling users with visibility into the communicating applications on top of the current exfiltration prevention capability. We will also provide a shared enterprise application policy to make it easier for users to whitelist the communicating applications according to the requirements of their industry. We will share more updates on this very soon, so do watch this space! BACK TO TOP
RETURN
