Israel’s cyber security bonafides are well-known with the country’s cybersecurity companies raising $581 million in 2016, totaling 15 percent of the global cyber pie. In the last few years, multinationals like Cisco, Amazon, Qualcomm and Microsoft have acquired several Israeli companies and others, such as, EMC, Deutsche Telekom, Paypal, Oracle, IBM, Lockheed Martin have established their presence in Israel’s new cybersecurity center in Beersheba.
While some of these global giants are in the process of mapping out or scouting the local cyber talent, Cisco and Microsoft made their bets early. Since 1998, Cisco has made 25 investments and put in more than $2 billion in the acquisition — not all in cyber — of Israeli companies.
In the last few years Microsoft has signaled that its security strategy relies heavily on Israeli cyber companies. Since November 2014, Microsoft has bought three Israeli cybersecurity companies. In 2014, it bought Aorato, Advanced Threat Analytics platform for $200 million, in September 2015 Adallom, a cloud security vendor, sold for $320 million and in October 2015, Microsoft acquired Information Protection and Control solution Secure Island Technologies for $150 million.
In the midst of the company’s ongoing Israel-blitz, I had a chance to speak with Michael Dolinsky (Aorato), Assaf Rappaport (Adallom) and Yuval Eldar (Secure Island Technologies), the founders of the aforementioned companies, about Microsoft’s security strategy and the role of Israel in curbing global threats. Following their respective exits, all three assumed operational roles in the company.
In January, coinciding with the company’s cyber spending announcement, Microsoft’s investment arm acquired a stake in Team8, a Tel Aviv-based developer of cybersec companies, and later in the month it made a strategic investment in Illusive Networks, a cybersecurity company founded by Team8.
At a recent cybersecurity event in Tel Aviv, Microsoft’s VP of security, Bharat Shah, said that the company will continue to invest $1 billion annually on cybersecurity R&D.
“Think about what $1 billion buys you annually. That’s a tremendous number,” said Eldar.
Eldar, whose company is now integrated into Azure Rights Management Service, believes Microsoft’s security approach is unique.
It’s not the approach of traditional security companies. Our three companies — now operating as part of Microsoft — are concentrating on entities that you may see in the future: identity and data.
Identity and data are the kinds of currencies that eventually will endure. Microsoft tries to tackle that from a different angle rather than the traditional angle of security vendors: network and infrastructure. This is the main reason why they’ve bought companies like ours.
According to Dolinsky, now group manager of Microsoft Advanced Threat Analytics, his new employer understands that security is no longer an option, but a necessity in the face of the increasingly cloud-based world.
“This is the second time Microsoft is trying to build a security business, but this time — because it’s a cloud provider, security is in the heart of its offering. In the past, Microsoft developed on-prem security products. Back then, security and other operational aspects, were the responsibility of the customer. Today, in the cloud world, this is a core value of Microsoft’s cloud platform.”
“Security is no longer an option for Microsoft, but a necessity. Security is the number one concern for customer looking to go from on-premise to cloud,” Dolinsky said.
Rappaport agrees. With the global rise of cloud, as opposed to on-premise security solutions, Microsoft is swimming with the current.
The most important thing for CISOs is to understand they must enable productivity. You can no longer be a “CI-NO”. Businesses need to move fast and must be agile. As organizations rely more heavily on the cloud, they fear losing control of their data. But Microsoft and other cloud vendors are substantially investing in security. With Microsoft Cloud Application Security, organizations can stay productive while not compromising security.
Dolinsky, who was a Microsoft employee previously (2008-2012) says that under the leadership of Satya Nadella, Microsoft has understood the primacy of cloud security.
“Having worked with Microsoft in the past, I was part of the first wave of security focus when it was “nice to have”, but today it is really succeeding.”
As for Israel’s wider cyber industry that boasts over 500 companies, 170 of which are VC-backed, Dolinsky says there are too many companies looking to break through, while new and emerging industries such as automotive, are creating a demand for a new batch of startups.
We are seeing consolidation. The companies that started with us have been assimilated into big companies. We need to delve one level deeper. In the sphere of cloud security and network security — there are too many companies. But there are new sub-markets such as automotive and industrial security. These areas will grow in the coming years and we will see many acquisitions. In the end you need more unified solutions.
Local advances in cyber security can be traced back to the army’s special units where most Israeli founders and CEOs — including Dolinsky, Rappaport and Eldar — earned their stripes and honed their craft. Investments will continue to pour into local cyber ventures with the government and military fostering talent at a young age.
“Cyber will always be bigger in Israel than anywhere because of the army. Israel is also probably the most attacked nation and it sees attacks first. Unfortunately we are experienced. We are also seeing investments from government that include high schools and university programs and of course, Beersheba’s cybercenter,” Rappaport said.