Cyber Warfare vs. Chess Grandmasters – What Do They Have in Common?
In cyber warfare, like in chess, the game outcome is not determined by a single exploit (or move), but rather by a patient silent-predator strategy.
The same can be said of hackers sniffing a corporation’s many interfaces until they have an “in”.
When a hacker further exploits the corporation without detection – till it’s “checkmate” and Doomsday arrives. Suddenly the company makes headlines with its data leaks and everyone gets busy with damage control and corporate reputation PR, millions in equity and funds are lost, and sadly, a few executives lose their jobs as well.
I learned how to think like a hacker from my uncle, Vladimir Liberzon.
Vladimir was a Russian and Israeli chess grandmaster. At his prime, he was a chess force to be reckoned with, practicing disciplined moves and strategies that made their way into chess textbooks. His skill made him one of the most consistent performers of his time in Russia, Europe and Israel.
What I absorbed in my youth from “Uncle Vladimir”, as we called him, I took not only to the chessboard hobby but also to life and my greatest passion — Cyber Warfare. It is amazing to see the parallel lines we can draw between these two mind-battlefields. I saw that by anticipating the opponent’s moves, multiple steps ahead, I could be on both the defense and offense to protect my pieces and wipe out all of his, to win the game.
With this insight I founded Pcysys. My objective was to give every CSO his own “grandmaster” of cyber in the form of intelligent penetration testing software. The ability to perform machine-based pen testing, that continuously thinks and acts as hackers do, is the best way to make sure that corporations have their cyber defense line as tight and strong as it can be. Defense lines must adapt to threats at the same pace as hacking techniques advance.
The fact is that today more than 95% of cyber technology expense is invested in defense technology, which does not have the ability to evolve and align that defense with a hacker’s perspective in mind, one that takes into account multi-step attack “vectors” or “kill chains” rather than just desperate vulnerabilities.
Whether we like it or not, it’s a two sided game that we’re managing day in and day out thinking a few steps ahead. Software and AI are the key to giving corporations the upper hand.
For those who want the full story of this grandmaster, read more about him here: Wiki
And if you can see how your corporation could use a grandmaster to protect against cyber warfare, please drop me a note to email@example.com.
Arik Liberzon, led an elite cyber warfare group at the Israeli Defense Force’s computer service directorate. His group was responsible for penetration testing strategic asset networks and national mission-critical systems. Following a decade of mastering the penetration testing profession, Liberzon applied his mastership of ethical hacking in software and together with serial IT entrepreneur Arik Feingold, founded Pcysys in 2015.
Liberzon holds a B.Sc in Aerospace Engineering from the Technion Institute of Technology, a Masters Degree in Finance from Ben-Gurion University and an MBA from Tel Aviv University.
Co-founder & CTO
Despite major investments in their security suites, organizations continue to be breached. Our Co-founder and CTO, Arik Liberzon, recently sat down with CyberNews to discuss the value of the adversarial perspective and where his inspiration from Pentera came from. Starting out, I arrived at the idea for Pentera and Automated Security Validation in a pretty...
In this post, we will examine one method of encrypting data-at-rest, specifically how to achieve Data-at-Rest Encryption for MongoDB Community Edition (CE) containers through eCryptfs. Introduction Our goal at Pentera was to implement a solution that prevents data discovery upon theft when the system is offline (e.g. if a host is stolen or someone is...
After CentOS 8 was declared end-of-life (EOL), we had to find an alternative operating system (OS) for our on-premise solution, as did many other teams and organizations. Although our deployment is container-based, we still had to prepare the groundwork for different OS areas, from security patches and network modifications to installing required packages. We had...