Or Eshed’s Post

I am very proud of the LayerX Security team for making it to LinkedIn's Top Startups in Israel list (second cybersecurity company after Wiz). None of us knew that the company is being evaluated, as this is a no-apply list. This only makes it sweeter. This recognition tells a lot about the top talents we managed to get into the company. Having a 'commando-mentality' means lean structure, accountability and responsibility, creativity and fast execution. This is exactly what a startup needs in order to be competitive in today's cybersecurity market. Super happy and proud of my team. What a great way to start off the new year. Shana Tova! 🍎 🍯

Many security vendors boast about their research teams, claiming they are at the cutting edge of threat intelligence, discovering vulnerabilities no other vendor can find. Do you know what the real top vulnerability is for organizations? Stolen credentials. (Don’t just take my word for it, go to the pinnacle security analysts, like Verizon DBIR). Which means that plain old account takeovers should be a top priority for organizations, not the latest shiny zero-day exploit. I’m not saying you should dismiss the risk of zero days, but if you’re calculating risk and deciding where you need to invest your resources, account takeover should rank much higher on the list. I can’t be certain, but I do think I know why security vendors downplay—or even diminish—the account takeover risk. It’s because they can’t protect against it. Legacy solutions just don’t have the granular visibility into malicious account takeover actions that occur through fake or intercepted login pages and malicious browser extensions, and they don’t have a solution for MFA fatigue. Sure, vendors will give you the visibility pitch, maybe even talk about zero trust and insider threats. That’s all valid, but it doesn’t address the risk where it matters most—on the internet, at the point of interaction with the browser. It’s like letting the thief in your house but locking your jewelry in a safe. Lock the door first… Which is why the most effective way to deal with account takeovers is through browser security. Until the browser is secure, account takeovers will keep happening. Secure the browser, prevent account takeovers. It’s that simple. (and if you’re thinking - oh no, not another security tool in the stack, please go back to the top. It’s all about calculating risk. Where should you invest your resources? Unless all your employees aren’t using a browser, the browser should be a top security priority). Prove me wrong ;)

I had a great time together with Kobi Samboursky at the The Ecosystem Podcast talking about innovation and new markets. Thank you Alon Cinamon and Eitan Gueron for the invite!

What's going on in the browser space? Disclaimer - this post goes outside of the security side of things, but is actually very relevant to security in general. Here we go.... Apple has recently launched a campaign promoting Safari among users. This campaign is on billboards across NYC (saw it, to my amazement, on the way to Newark airport), and (even more important than that) here on LinkedIn. Alongside this campaign we've recently seen Safari, so far the most complex browser for enterprises to manage, adding more enterprise controls. This is valid especially for browser extensions, where many restrictions that existed in the past are fading away. Apple is not monetizing on traffic, and Safari is free of charge. It has some advantages on iOS and besides that it is quite on feature parity consumer-wise. However. it isn't (hasn't been?) on feature-parity for corporate IT. The goal is clear - Apple doesn't want to lose the enterprise market. It isn't necessarily a clear revenue play, but a strategy to be easy to consume within enterprises. This strengthen Apple's moats - user stickiness and loyalty. Many enterprises (especially the large ones, that have a mature security program) restrict browser usage at the workplace, limiting it primarily to Chrome and Edge. Apple is taking a security and IT enablement play that is supposed to empower its general strategy. What does it mean for IT and security leaders? The browser is becoming increasingly appealing as a main enforcement chokepoint. Whether it is for security purposes (hmm hmm LayerX Security is the best tool for that) or for access and availability purposes, the browser is becoming an easier place for enterprise controls than the network layer, and sometime the endpoint layer (due to the use of BYOD). This trend is reflected in what seems to be a pivot move of some of our competitors that gradually give up on their dream to build an #enterprisebrowser and move (late in the game) to the extension approach. In the picture - an expensive LinkedIn campaign of the most consumer-minded company, promoting a free tool without premiums.

#BlackHat2024 is busier than ever. I'll be spending the next hour at the LayerX booth SC113. Come and say hello!

My feed is all about vendors-CISOs relations at BlackHat and what is considered a reasonable sales tactic. Looking backwards at past events, it is clear to me that under all the conference noise, it is impossible to have commercial success without having professional success. Security leaders come to this week in Las Vegas to progress and challenge their security assumptions. It is impossible to get there without having an eye-level, professional discussion about the risk landscape. This means that badge-scanning, FoMo and cheesy sales tactics are doomed to die in the spam folder the week after. Valuable discussions are likely to live beyond the flight back home. I have made a personal decision to keep discussions on a functional, strategic level. No ambulance chasing, no FUD. Our main pivot will be the risk scenario and the actual value proposition (i.e. "we will discover 95% of X within Y amount of time, and by that allow you to have Z" instead of "we use AI to fight AI"). And to my CISO friends that find the commercial side of the conference exhausting - remember that service providers are spamming the security vendors as much as they spam you (and even more). Imagine spending 100K on a conference just to find out that offshore R&D BDs have took over your agenda. This is the circle of life. I wish all my friends and colleagues a great conference full of personal development

Most attacks exploit the same ol' weaknesses. This is spot on

Deloitte launchpad just opened applications for Batch 8. The program helps Israeli founders scale in the US and as a proud alumni, I’d 100% recommend it. It’s not just the Deloitte value, but the connections and shared experiences with other founders that truly made it stand out.   Don’t think twice: https://bit.ly/3LkZXM9

It's that time of year again..

What a day 🙏🏻❤️