Israeli house of cyber powerhouse Team8 emerges from stealth with their answer to the challenge of critical infrastructure security
In a massive funding announcement that marks their debut after a long period of stealth mode, Team8’s latest startup Claroty released today that they have raised $32 million in a combined Series A and B round.
The primary backers of the new company are Bessemer Venture Partners, Eric Schmidt’s Innovation Endeavors, Marker, ICV, Red Dot Capital Partners, and Mitsui & CO., Ltd. David Cowan, a partner at Bessemer Venture Partners, has joined Claroty’s board as its director.
Co-founded in 2014 by CEO Amir Zilberstein, Chief Business Development Officer Galina Antova and CTO Benny Porat. Each of the founding team members come to this project with extensive backgrounds in the field. Zilberstein was a co-founder at Waterfall Security that also dealt with critical infrastructure and Antova has served as Siemens’ Global Head of Industrial Security Services.
Both Zilberstein and Porat led research teams in the IDF’s cyber core, an organization which has had its fair share of practice learning how to penetrate and defend these kinds of systems.
Nadav Zafrir, Team8 co-founder and CEO who also serves as Claroty’s president, tells Geektime that they looked to tackle critical infrastructure as their next project after illusive networks because they saw it as an ideal opportunity. Unlike the enterprise space where you have to reinvent the same set of solutions with a slightly different take, he sees this sector as a place where his team can innovate and become market leaders.
“We’re pioneers,” he says. “In the industrial space, this is an area where cyber is pretty nascent. The networks were previously pretty much isolated by an air gap, disconnected from IT. This no longer stands. They are connected to operational and information networks, and this introduces a new kind of threat to this sector. We’re not just talking cyber attacks but incompatibility with other networks that can shut them down.”
Zafrir believes that, “The current thesis on how to protect critical infrastructure is not keeping up to the pace of the attackers. So we’ll come up innovative solutions to hit them where it hurts most.” In doing so, he says that they are going after the platform approach as opposed to a point product to bring the most comprehensive solution possible to market.
The challenge of critical / industrial infrastructure security
The need for security solutions in the industrial sector has only really come about in the past few years. In a story that came out only in the past few years that highlights the potential damage that can be caused by attacks on industrial targets, the U.S. and Israel worked together to launch a virus known as Stuxnet aimed at severely damaged Iran’s nuclear enrichment efforts. Instead of attempting to shut their operations down, Stuxnet went after the programmable logic controllers (PLCs) to make the Iranian centrifuges run just a bit faster than they should have, damaging them while tricking the monitoring system to think that all was fine.
More recently, there has been a constant stream of stories wherein attackers are suspected of having hacked into critical infrastructure targets like when the power grid in Ukraine all of a sudden went off line.
As opposed to enterprise security which deals primarily with just IT networks, industrial infrastructure throws in the the component of operational technology (OT) networks into the mix, creating added challenges. Unlike IT networks which run on a relatively small set of protocols, the OT world is heavily based on proprietary technology and a wide range of vendors that work on their own systems.
Furthermore, there is a significant fissure between the OT and IT teams at a given plant, due in part to the fact that the introduction of IT into this space is a fairly recent development. While the integration of IT has helped to make processes at these facilities more efficient, they are severely underprotected.
Porat tells Geektime that, “Industrial systems were not built with security in mind,” and that remote attacks were never really considered a threat. However as Zafrir points out, the global trend that is moving towards greater connectivity, whether it be in smart cities or pharmaceutical production facilities, and the security industry has to catch up to defend these networks.
There has been some pushback from within the OT side against the IT revolution. Porat says that, “There is a lack of collaboration between the OT people that work on the infrastructure and the IT folks that are in charge of networking and security. They often have a serious disconnect. If you don’t have good collaboration with the person who does the security and the person who knows how the machine works, it can make the job very difficult.”
Adding to the haze is the fact that haze types of plants are built by contractors and utilize a variety of vendors. It is hard to know what they are doing and get a full picture.
In hopes of winning over the old school operations folks, Zafrir says that their product provides added value with solutions for detecting errors (including those made by humans) and maintaining process integrity. He says that they can provide full visibility throughout the different layers of the OT and IT networks without being in the network.
Perhaps most importantly, Porat says that their platform is able to create reports and alerts in a common working language that both the OT and IT sides can easily understand, helping them to communicate more efficiently when responding to an incident.
Describing the process of creating the technology, Porat says that they spent a long time researching the different factors at play in this ecosystem. Ranging from engineering stations, to equipment from vendors, and many stops in between like PLCs and sensors, they tested them to gain a baseline understanding of how they are supposed to work. Beyond giving them the capacity to create an all-in-one product that can handle nearly any kind of vendor or station, Zafrir says that by knowing how these systems are expected to act under normal operations, they are able to pick up on any threats, including zero days. With real-time monitoring across the board, he says that they can spot any attempts to change the protocols.
Moving forward post funding
For the last year, Zafrir says that they have deployed their solution to paying customers in North America, Israel, Europe, and Asia. By the nature of the scale of their businesses, looking at the energy, manufacturing, pharmaceutical, and other large industries, these are very high value clients that Claroty is seeking out and appears to be landing. Zafrir notes to Geektime that due in part to the size of the clients that they are going after (many of which are unaccustomed to working with startups), this combined funding round and the confidence from investors in the company that it represents, should help them to stand out as viable solution providers.
Following this round, they plan to continue building their research team as well as their sales operations throughout the US that are run from their HQ in New York.
Part of the funding can also be expected to go into other ongoing research from the Team8 crew.
They tell Geektime that they are already planning to launch two new companies next year, taking on other challenges in the cyber security arena.
A rapidly growing sector
Speaking with national security experts, threats to critical infrastructure continue to top their list of concerns. Fears that countries like Russia and China that have extensive and skilled cyber units could knock out power to cities, or worse – think about the controls of a nuclear power station being hacked – are well founded, even if these kinds of attacks are still considered taboo like biological or chemical weapons.
Criminal gangs have also become far more capable, gaining access to black markets where they can purchase the exploits and viruses to harm infrastructure.
The fact that these were not previously a much thought about issue, has shifted starkly and now both government and industry are demanding solutions to these threats, and the security world is beginning to respond.
Zafrir’s assessment that the industrial infrastructure security market is still a wide open range, it is worth noting that there are already a number of others attempting to homestead in this space.
In the Israeli market alone, CyberX and Indegy both raised substantial Series A rounds that were announced over the summer, also from very capable backers. These companies are also still at the early stages, having been founded in 2013 and 2014 themselves, and are home to many of the same veterans of the cyber units and firms that Claroty has tapped into. Having interviewed both teams previously, they all have a similar approach to giving the partially reluctant OT industry people the added value of better visibility beyond the security aspect, hoping to win them over to the need for better cyber solutions. Machine learning is also showing its importance in all of these companies’ products, studying functions of the networks to pop up red flags when behavior suddenly changes.
What Claroty, as a part of the Team8 family, brings to the table is the backing of Zafrir’s talent and expertise pool that has already proven itself with its work in building illusive networks. If they are able to bring even part of that success in the product and the excitement that has built up around it, then they will have a very good chance at really pulling ahead of the pack.
Thankfully, the newness of this market leaves open a lot of room for these three companies and others to enter into. As a significant portion of industrial centers are still in need of solutions, and the smart city movement is still steaming ahead, demand will only increase for critical infrastructure security, which should make this one of the hottest sectors to watch as it continues to develop.