October 27, 2019
Aviva Zacks of Safety Detective caught up with Arik Liberzon, Founder & CTO of Pcysys, to find out how PenTera™ can protect its customers from threats.
Interview originally published on: https://www.safetydetectives.com/blog/interview-arik-liberzon-pcysys/
Aviva Zacks of Safety Detective caught up with Arik Liberzon, Founder & CTO of Pcysys, to find out how PenTera™ can protect its customers from threats.
Safety Detective: How did you get into cybersecurity and what do you love about it?
Arik Liberzon: Before founding Pcysys, I led a red team in the IT branch of the Israeli Defense Forces. Our mission was to run penetration tests and red teams against extremely secure networks. I developed the attacker’s perspective of cybersecurity that is very different from the defender’s perspective.
What I like specifically from a cyber offensive perspective is that while 95% of cyber investment is related to the defensive part, only 5% to 10% is invested in the offense, which is more creative and nonlinear. It’s always fun to try and break into something that a group of people has been building for years and find the way to sneak inside. It’s thrilling—you need to control many disciplines to do it well and use all the information you collect throughout the attack. You’re constantly advancing to the next step towards the end game—the grand prize.
SD: What are some of the industries that use your technology, PenTera™, and why?
AL: Our current technology is industry agnostic. A network—is a network—is a network. It doesn’t matter if you are a hospital or an insurance company. Our clients range from banks, hedge funds, investment houses, insurance companies, telco’s, high tech to legal, retail, higher education, and healthcare. Even cyber-security technology companies buy our product to ensure their network is resilient to all of the latest cyber threats.
SD: How can Pcysys’ PenTera protect customers from threats?
AL: PenTera is an automated penetration testing platform. With a single mouse click, you can check whether your IT infrastructure is secure and understand the issues that need to be fixed based on the severity of their potential breach outcome.
The automated penetration testing revolution is long overdue. Service-based pen-testing takes a lot of time, is very costly, and only offers a point-in-time snapshot. Automation of this important activity presents many benefits:
SD: What do you feel is the number one threat in cybersecurity today?
AL: The human factor is always the first-degree risk. The human factor can be a careless worker or employee’s misconfiguration action. A great number of breaches in recent years were caused by the misconfiguration of controls and human error.
The second risk is the leakage of nation-state attack tools. In the last few years, lethal nation-state attack tools were leaked to the public intensifying the cyber threat risk. There is a clear indication that attacks are becoming more and more sophisticated and multi-step by nature.
SD: How do you feel the cyber threat landscape will change in the next 5 years?
AL: Attackers are becoming increasingly automated and leverage attack programs over current rudimentary toolkits that are operated by a person. This is a rapid ongoing arms race. We need to think of the threat evolution that we don’t see in the same lines of the security industry. In a similar way leading EDR and SIEM systems use more AI and algorithms to detect attacks, the attackers are also using similar technologies on the offensive side.
As budget and adequate personnel remain a bottleneck, the call of the industry is for automation in all aspects of cybersecurity—validation, remediation, prevention, detection, response, and recovery. Pcysys leads the charge in automated risk validation.