×

Former cyber-intelligence sleuths for Israel now work to uncover malicious hackers

Israel's focus on national security for decades has created fertile ground for many former members of its famed intelligence agency to take their cyber-sleuthing and anti-hacking skills to the private sector.

Outside the United States, Israel stands out for the large concentration of cybersecurity firms it has produced over the years — some of which, such as the Nasdaq-listed Check Point Software, have gone on to become global success stories.

Many in the industry say this phenomenon ties back to the high-tech spy agency called Unit 8200, the local equivalent of the NSA.

Jetta Productions | Getty Images

"What (Unit) 8200 has been able to do is create a pretty unique, and very effective, screening program, which for the most part lets you identify not the people with the most knowledge, but rather the people with the aptitude to learn new technologies, ideas very, very quickly," Nadav Zafrir, co-founder and CEO of Team8, told CNBC.

Team8 is an Israeli company, founded by veterans from the intelligence agency, that is part-think tank, part-incubator and part-venture creation foundry that develops cybersecurity startups from the ground up. Prior to co-founding Team8, Zafrir was the chief of Unit 8200.

Gil Shwed, who co-founded Check Point, was a member of Unit 8200, as was Udi Mokady of CyberArk and Nir Zuk of Palo Alto Networks.

Unit 8200 starts identifying talent in Israel as early as high school. Candidates are screened based on grades and recommendations from their schools, Liran Grinberg, co-founder of Team8 and another Unit 8200 veteran, explained to CNBC.

Potential candidates are then taken for a half-day experience at a separate location, where they take tests and engage in simulations of various kinds. Grinberg said some tests were gauging the candidate's current knowledge and skills and others were more focused on testing the ability to learn new things very quickly — a crucial skill for responding quickly to cyber attacks.

"(The) next stage includes an interview, as well as more simulations," said Grinberg. "At the end of it, there are different skill sets and professions within the unit. Based on the tests and simulations, the majority of the people do not pass."

The candidates who pass go on to serve with Unit 8200 in various roles — technology-focused or intelligence-focused — for their mandatory military service after high school.

Grinberg said he couldn't specify the exact nature of operations at the unit. Previously, a Financial Times report said the unit snoops on Palestinians living under Israeli occupation in the West Bank or naval and air blockade in the Gaza Strip. The New York Times reported in 2012 that the unit was part of a collaboration between the U.S. and Israel that took out Iranian centrifuges spinning to purify uranium."

After completing their service, some stay on with the unit, while others leave to seek further education or employment in the private sector; many opt to also start their own companies.

"The reasoning is that the culture that (Unit) 8200 brings creates entrepreneurial spirit," according to Grinberg. "The talents leave the unit (and) go to the industry with quite a few years of professional experience working with the most cutting edge technology."

In an industry where one of the biggest problems companies face is a shortage of talent, having access to an abundance of skilled individuals is an advantage to Israeli cybersecurity startups.

"The military has become one of the thresholds of innovation and technology in the last couple of decades because of this phenomenon," said Zafrir.

He explained that Team8's philosophy in building startups from the ground up is guided by the need to solve big problems using the resources they have at their disposal. Every year, the company starts by choosing an area of cybersecurity they want a company to address: from cloud to mobile or enterprise, after having conversations with many industry stakeholders as possible.

Following that, Team8's research team spends a few months to identify the exact problem. If the problem is big and sophisticated enough, the project moves onto the next, ideation, stage, where resources are examined to identify how they can create a more efficient solution. Finally, the project goes to the validation stage before a company is set up.

"We go through this process once a year and it usually takes about 12 months, and at the end of that period, if we think we got all the ingredients to attack the problem … we go and put the first investment in each of our companies," said Zafrir. "And then, it goes into the execution phase and becomes part of our portfolio."

One of the companies that came out of Team8 was illusive networks, which uses deception technology to mislead hackers who have breached a network.

"The domain that we chose for illusive was that for targeted attacks," Ofer Israeli, CEO and founder of illusive networks, told CNBC. "I'm referring to those groups that will target a very specific organization in order to perform very specific damage, whether it's stealing data, disrupting data or commodifying data. And they're going to invest heavy resources in order to do so."

Illusive's technology will create false versions of a company's network to lure the hacker. Once the hacker accesses this alternate version, security teams are immediately alerted and the attacker's connection is slowed down but kept alive. That allows a forensic team to investigate what the attacker is doing from the compromised machine, essentially trapping the hacker within the false version of the network.

Illusive is backed by companies like Microsoft Ventures, Cisco and Team8 among others, and has raised over $30 million since its founding in 2014.

Another company Team8 has helped to build is Claroty, which secures and optimizes industrial control networks critical to run day-to-day operations. Recently, the company added former FireEye CEO David DeWalt to its board as chairman.

A third company currently in stealth mode is looking at a new way to resolve workplaces' perennial conflict between security and productivity. "We'll bring to the enterprise a very high grade security and at the same time, free the users from the restrictions that they have today based on this technology," said Grinberg.

Team8 is backed by some big names in the tech and financial services sectors. Investors into the company include venture arms of Microsoft, Qualcomm, Citi, Cisco, AT&T, Accenture, Nokia, Singapore government's investment arm Temasek, Japanese conglomerate Mitsui, Bessemer Venture Partners and Innovation Endeavors, according to Reuters.

Expanding Team8's reach into Asia, the company will co-host a thought leadership series in Singapore on Friday with Temasek, Singtel, CIO Academy and the Singapore Exchange. It will be part of a global series held in New York, San Francisco, Tel Aviv and London, where prominent stakeholders in the industry gather to explore the latest trends in cybersecurity.

The move to Singapore also paves the way for Team8's expansion plans into the region, and Zafrir said it would serve as the regional headquarters.

"If we want to enable an interconnected, safe world that continues to prosper based on data and machine learning and so on, we need to design a safer world as well."