Cybereason CEO and Co-Founder Lior Div
For Cybereason CEO and Co-Founder Lior Div, protecting companies from cyberattacks has more to do with offense than defense. He applies a mindset cultivated during his time in the Israeli Defense forces, where he was trained to handle offensive cyber operations, learning skills that can help companies respond quickly to the most threatening attacks – including those from nation states and other hacking groups. In an interview with IPO Edge, Mr. Div also explained Cybereason’s recently-launched mobile product, which is more important than ever as workforces around the world shift to stay-at-home frameworks that could remain in place for an extended time.
Cybereason’s investors include Masayoshi Son’s SoftBank Group Corp. and Lockheed Martin Corporation, who, among others, have invested more than $350 million in the company and valued it at over $1 billion. The Boston-based company continues to expand organically into new countries, recently making additions across Europe. Looking into the future, Mr. Div said an IPO is certainly on the table as a possibility. The full interview is below:
IPO Edge: Can you tell me about your experience in the military and how you have applied skills you learned there at Cybereason?
Mr. Div: My cyber experience really started in the Israeli Defense Forces. In Israel, every citizen joins the military after high school, and I landed in Unit 8200 where I was trained to handle offensive cyber operations. That operative mindset and approach to cybersecurity was really the foundation for how I approach anything cyber-related, and was the impetus for launching Cybereason. I wanted to bring the same approach applied in a military setting to the corporate setting simply because it was a strategy that worked.
Companies need more than just software to prevent attacks, they need the ability to correlate events and understand the threats inside their network. And that’s what we’ve developed at Cybereason. Our automated platform can consume massive amounts of data from devices across networks and analyze activity between them in real-time, in order to identify even the subtlest of attacks. It is designed to engage with millions of endpoints in any one network for optimal threat hunting. The Cybereason platform delivers a ratio of one analyst to 150,000 endpoints, compared with the industry benchmark of one analyst to 20,000 endpoints, making Cybereason the highest-performing EPP offering on the market today.
Hackers are constantly innovating – once you learn how to defend against one attack, they’ll surely find another. Cybersecurity, then, is quite like a game of cat and mouse. To catch the mouse, the cat has to identify every possible point of escape and secure it before the mouse can escape.
IPO Edge: There are many cybersecurity companies appearing, especially in the last few years. How is Cybereason different in its approach?
Mr. Div: Cybereason’s technology is wholly inspired by my time, and my co-founder’s time, as cyber intelligence operatives in the military. We’re not a cyber defense company, we’re a “stop offensive attacks” company, and there is a big difference. Our offerings are designed to eliminate an attack in its entirety, not just merely one aspect of it. We have an offensive mindset that is reflected in our technology and service offerings, and our understanding of adversaries and their techniques enables us to protect against future occurrences.
Cybereason EDR was the first product on the market to focus on behavioral telemetry rather than recording known-bad behavior or instrumenting third party logs. It captures the most complete, useful data for real-time detection and remediation of malicious operations (Malops) with the least disruption to business. In EPP, or endpoint protection, Cybereason is among the highest true positive detections of malware and at the same time the least false positives. We were also the first to extend this detection to Linux, which now extends the full solution and not just a portion to iOS and Android. Cybereason also enjoys the highest ratios of endpoints-to-analysts at over 150,000 endpoints per analyst in its own and customers’ operation centers, compared to the industry average of 20,000 endpoints per analyst.
Another big differentiator is our ability to protect organizations from nation-states and other hacking groups. IT security companies can’t do this. They specialize only in firewalls, anti-virus, etc.
IPO Edge: What kinds of companies are a good fit for your services?
Mr. Div: Any company with connected endpoints or connected devices – which really these days, is everyone. We work with businesses across the globe to secure their workforce, including mobile devices, laptops, desktops, IoT devices and more.
We recently launched a mobile product, which we have been seeing more and more demand for as employees work from home en masse. Mobile is becoming a more integral part of day-to-day job requirements, and companies are spending to secure those devices so as not to suffer a catastrophic breach. With Cybereason Mobile MDR, enterprises have access to a team of security analysts to monitor for advanced mobile threats 24x7x365 across Android and iOS devices for a more efficient process when discovering, triaging and mitigating incidents.
IPO Edge: What are the reasons hackers decide to attack a company?
Mr. Div: There are many reasons: for financial or political gain, to sow doubt, to create diversions as part of another campaign. Recently, we’ve been seeing an uptick in hacking activity as it pertains to IP, specifically around the coronavirus, which is more likely than not an attack meant for political gain. The current state of affairs has created a struggle for a new global order, and cyber will certainly play a role in a nation’s attempts to get ahead.
IPO Edge: What is the company’s formula for growth in terms of organic expansion versus M&A?
Mr. Div: Cybereason’s growth thus far has been 100 percent organic. We’ve doubled revenues and customers the last few years, and are on track for another record year. We have several options for continued growth, including acquisitions. We have also built a strong ecosystem of investors and channel partners, which has been an important driver of our growth and foray into new sectors and geographies. We recently expanded into the Middle East, for example, and have become the fastest growing cybersecurity company in the EMEA region and have customers in more than 30 countries. This will continue to increase and we’ll be announcing additional major strategic partners and customers in 2020.
The most important driver in Cybereason’s growth, though, is in our investment in technology – which has been, and will continue to play a key role in our growth. We have a great R&D team responsible for building our platform.
IPO Edge: What is your company’s geographical footprint now and where do you see it growing over time?
Mr. Div: We are currently headquartered in Boston, with three additional global offices in London, Tel Aviv and Tokyo. We have regional offices in many other countries throughout Europe, Asia and North America. We have more than 600 employees around the globe and 700+ customers. We recently expanded into Spain and have traveled deeper into the Benelux and Nordics territories.
IPO Edge: What are your thoughts on going public and where might you list?
Mr. Div: A company of our size really only has two options: go public or get acquired. An IPO is certainly an option for us and it’s on the table. We can also continue to grow the business organically as there has never been more interest in our company, our products and the innovative things we are doing for enterprises of all sizes.