Attacks/Breaches
1/21/2014
10:29 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Israeli Cybersecurity Start-Up Aorato Emerges From Stealth Mode

Aorato's approach is to focus on Microsoft's Active Directory services activities by observing network traffic between AD servers and active network entities

TEL-AVIV, Israel, January 21, 2014 /PRNewswire/ --

Today, Aorato launches into the international cybersecurity market with the first context-aware, behavior-based Directory Services Application Firewall (DAF). The company's solution profiles, then not only learns, but also predicts entities' behaviors enabling context aware real-time decision making.

Initially coming out of the Cyber Security unit within the Israeli Defense Forces (IDF), historically a source of security technology and innovation, Aorato's founders Idan Plotnik, CEO, Michael Dolinsky, VP R&D and Ohad Plotnik, VP of Professional Services, have spent the last decade in cyber-security.

Previously, co-founding and running Foreity, a Microsoft security subcontractor acquired by a leading IT services firm, and holding the prestigious Microsoft MVP awards for enterprise security, the founders are very much intimate with Directory Services and their cyber-security issues.

Aorato has received approximately $10 million of investments from notable firms and security luminaries including leading global venture capital firm Accel Partners, Mickey Boodaei (co-founder of Imperva and Trusteer), Rakesh Loonkar (co-founder of Trusteer), Innovation Endeavors -VC funded by Eric Schmidt - and Glilot Capital Partners.

"The timing could not be more appropriate to launch Aorato into the cybersecurity market. 2013 showed the world the risks of advanced threats in parallel to the implications of insiders' access to sensitive corporate data.

Both proved the need for a technology like Aorato to make a difference within the enterprise security posture," said Idan Plotnik, CEO of Aorato.

Kevin Comolli, the Partner who led the investment for Accel Partners, said:

"Accel is excited to be partnering with a world-class team building a pioneering product. Aorato's Directory Services Application Firewall is a unique solution for a very important part of enterprise infrastructure, and the founders'

cyber-security expertise is second to none."

Aorato's approach is to focus on Microsoft's Active Directory (AD) services activities by observing the network traffic between AD servers and the active network entities (users, devices etc.). The technology uses the interactions identified in this traffic to create the Organizational Security Graph[TM] (OSG), a model of the observed relationships over time. Aorato monitors AD traffic comparing activities against the OSG model looking for anomalies that could represent attack behavior or security policy violations (e.g., cleartext/simple passwords, AD protocols violations, deleted/disabled users /computers activities etc.). The DAF alerts on suspicious activities inserting them into an Attack TimelineTM, providing security professionals with the needed means to identify the steps in the attack chain from the seemingly harmless individual events.

"In today's world of persistent threats, malicious insiders, and Single Sign On leveraging account access, paying attention to Directory Services' activity is key to an organizations' security. Aorato's creation of the Directory Services Application Firewall and OSG to focus on Active Directory provides a new level of needed insight within enterprises," said David Monahan, Research Director, Enterprise Management Associates.

Aorato's advisory board includes:

- Gil Kilkpatrick: Gil Kilpatrick is a Microsoft MVP for Directory Services

from 2005 and was the Chief Architect of Quest Software for Active Directory and

identity management solutions. Today he is the CTO of ViewDS, an identity solutions

provider. Gil has founded and chaired The Experts Conference, the premier conference

for Microsoft identity and access technologies.

- Harry Sverdlove: Harry Sverdlove is the CTO for Bit9. Prior to joining Bit9

Harry was principal research scientist for McAfee, Inc., where he supervised the

overall architecture of crawlers, spam detectors and link analyzers.

- Prof. Gil David: Prof. Gil David brings to Aorato over 17 years of

governmental, industrial and academic experience in the data analysis and cyber

security fields, both in Israel and the USA.

- Neil W. Book: Neil Book serves as the President & CEO of Jet Support Services,

the world's largest provider of hourly cost maintenance programs for business jets.

Previously, Neil was VP at Juniper Networks, leading their mobile security business

unit.

To learn more about Aorato, please visit: http://www.aorato.com

About Aorato

At the core of Aorato's founding was the acknowledgement that Active Directory is exposed - by default and by design. Combining the company's intimate knowledge of Active Directory and cyber-security, Aorato has filled in this blind spot with their Directory Services Application Firewall (DAF). DAF protects Active Directory and leverages its central role in the network to protect organizations from advanced targeted threats. DAF automatically learns the behaviors of all entities engaging directly, or indirectly, with Active Directory. By profiling the entities, DAF builds an interaction graph between all entities in order to detect in real-time suspicious entity behavior. Today, Aorato is a strong financially-backed company and boasts several enterprise customers.

About Accel Partners

Founded in 1983, Accel Partners has a long history of partnering with outstanding entrepreneurs and management teams to build world-class businesses.

Accel today invests globally using dedicated teams and market-specific strategies for local geographies, with offices in Palo Alto, London, New York City and Bangalore, as well as in China via its partnership with IDG-Accel.

Accel has invested in over 500 companies, many of which have defined their categories, including Angry Birds (Rovio), Atlassian, Cloudera, ComScore, Dropbox, Facebook, Groupon, Imperva, Kayak, Playfish, QlikTech, Spotify, Supercell, and Wonga. For more information, visit the Accel Partners web site at http://www.accel.com find us on Facebook at http://www.facebook.com/accel.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4467
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4479
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4480
Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.