Illusive Networks, Team8, and the Israeli Cybersecurity Industry


Illusive Networks Attacker View, released February 23, 2016

Illusive Networks, the first member of Israeli cybersecurity syndicate Team8, today announced Attacker View, a technology highlighting the links, access and privilege escalation options, and unseen attack paths that are used by cyber criminals on an enterprise network.

Launched last June, Illusive Networks has turned the tables on the attackers, by exploiting their psychology and the way they work inside a company’s network once they penetrate it. “We said let’s focus on the attacker, and specifically, let’s focus on the attacker’s vulnerabilities,” says Shlomo Touboul, Illusive’s CEO. ”We have very intimate knowledge of attackers because most of Illusive’s R&D staff has served in [Israel’s elite cybersecurity Intelligence Corps Unit] 8200 and have been attackers for many years,” he adds.

Once inside the corporate network, the attacker, explains Touboul, finds answers to two types of questions: Which computers are connected to the one breached and how to acquire the privileges that are needed for the next step deeper into the network.

Traditionally, cyber defense systems used “honeypots” or decoy servers that trapped intruders into alerting security professionals to their presence. Illusive goes much further by creating a virtual deception layer over the entire network, proactively engaging with attackers at every network component. The attackers are stopped in their tracks because the data they rely on to make their next move is deceptive.

With the new Attacker View, Illusive provides a network map allowing security professionals to visualize possible attack paths and dynamically, continuously, adapt their security strategy to mitigate the attacker’s lateral movement. According to the press release, “Attacker View illuminates the connections, accessibility, paths, privilege escalation options, and unseen attack vectors that are used by cyber criminals. No other software gathers and visualizes this view of the network’s hidden attack vectors.”

Eric Schmidt, Google’s Chairman and founding partner at Innovation Endeavors, one of Illusive’s investors, says that the company “is a perfect example of the kind of ‘out of the box’ thinking necessary to challenge the growing threat of targeted attacks.” Other investors in Illusive’s two funding rounds over the last year, totaling $27 million, are NEA, Bessemer Venture Partners, Marker LLC, and Citi Ventures.

Illusive is the first company in the portfolio of Team8, formed a year ago by Nadav Zafrir, Israel Grimberg, and Liran Grinberg, all veterans of Unit 8200 (Tzafrir was its commander in the last 4 years of his distinguished military career, as well as the founder of the IDF Cyber Command).

This cybersecurity syndicate (tag line: “We don’t invest in cyber-security companies. We create them”) links together research and business development capabilities with entrepreneurs, investors and other partners, to define and develop “out-of-the-box” cyber solutions. Today, Team8 announced a $23 million round of funding, bringing the total raised to $41 million and adding AT&T, Accenture, Nokia, Mitsui, and Temasek to existing investors Cisco, Alcatel-Lucent, Bessemer Venture Partners, Marker LLC and Innovation Endeavors. It plans to launch two new companies and recruit an additional 150 people in 2016.

Team8 is at the center of a thriving cybersecurity innovation network in Israel. According to an IVC research report (PDF), 430 cybersecurity companies operate in Israel, up from 250 in 2006 and only 20 in 1996, when Check Point went public. In addition, there are 40 cybersecurity-related R&D development centers in Israel, operated by multinationals. 18 cybersecurity startups were acquired in 2015, for a total of $1.16 billion. The IVC report provides a great outline (and an accompanying map) of the networked components of the Israeli cybersecurity innovation landscape:

If the Israeli Defense Force is the first circle for cyber technologies, graduates from IDF’s 8200, MAMRAM, Talpiot and other technology units within the IDF, make up the second, constantly expanding, circle of entities providing cyber technologies and services to the private and business sectors. Other entities were added to those two cycles in recent years. On the one hand is the Israeli National Cyber Bureau active since 2012, under which the national cyber event readiness team (CERT-IL) is operating, leading the government’s assessments and recovery plans. On the other hand, hundreds of Israeli cyber startups established by veterans of the industry join a third circle. Shlomo Kramer, a former founder and partner at Check Point, left the company in 1998 to form four cyber companies since. Among them, is Imperva, currently traded on NASDQ for $1.85b, Trusteer, sold to IBM for $650m, and more recently, Kato Networks, where he was joined by former colleagues and employees from previous startups. These teams that form at one company and move on to the next, are a strong characteristic of the local cyber industry, where Shlomo Kramer is not only a high profile example, but a representative one. To these, a fourth circle is added, representing multinational technology companies that acquired Israeli cyber companies to form a local R&D center based on these acquisitions. These R&D centers may themselves later see veterans leaving to form new startups, and so the cycle continues.

Analyzing the IVC numbers, Israeli VC Erez Ofer observes that there are about 230 active cybersecurity companies that were established in the 2004-2015 timeframe. He predicts: “Many, of course, will not survive. A growing number will be picked up for their technology by the established players scouting Israel extensively for M&A opportunities (Microsoft being the most aggressive), and a handful will establish a business model and a scalable revenue trajectory that will make them the next independent cybersecurity companies following the footsteps of Check Point, Imperva, Varonis and CyberArk.”

Originally published on