Attacks/Breaches
1/21/2014
10:29 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Israeli Cybersecurity Start-Up Aorato Emerges From Stealth Mode

Aorato's approach is to focus on Microsoft's Active Directory services activities by observing network traffic between AD servers and active network entities

TEL-AVIV, Israel, January 21, 2014 /PRNewswire/ --

Today, Aorato launches into the international cybersecurity market with the first context-aware, behavior-based Directory Services Application Firewall (DAF). The company's solution profiles, then not only learns, but also predicts entities' behaviors enabling context aware real-time decision making.

Initially coming out of the Cyber Security unit within the Israeli Defense Forces (IDF), historically a source of security technology and innovation, Aorato's founders Idan Plotnik, CEO, Michael Dolinsky, VP R&D and Ohad Plotnik, VP of Professional Services, have spent the last decade in cyber-security.

Previously, co-founding and running Foreity, a Microsoft security subcontractor acquired by a leading IT services firm, and holding the prestigious Microsoft MVP awards for enterprise security, the founders are very much intimate with Directory Services and their cyber-security issues.

Aorato has received approximately $10 million of investments from notable firms and security luminaries including leading global venture capital firm Accel Partners, Mickey Boodaei (co-founder of Imperva and Trusteer), Rakesh Loonkar (co-founder of Trusteer), Innovation Endeavors -VC funded by Eric Schmidt - and Glilot Capital Partners.

"The timing could not be more appropriate to launch Aorato into the cybersecurity market. 2013 showed the world the risks of advanced threats in parallel to the implications of insiders' access to sensitive corporate data.

Both proved the need for a technology like Aorato to make a difference within the enterprise security posture," said Idan Plotnik, CEO of Aorato.

Kevin Comolli, the Partner who led the investment for Accel Partners, said:

"Accel is excited to be partnering with a world-class team building a pioneering product. Aorato's Directory Services Application Firewall is a unique solution for a very important part of enterprise infrastructure, and the founders'

cyber-security expertise is second to none."

Aorato's approach is to focus on Microsoft's Active Directory (AD) services activities by observing the network traffic between AD servers and the active network entities (users, devices etc.). The technology uses the interactions identified in this traffic to create the Organizational Security Graph[TM] (OSG), a model of the observed relationships over time. Aorato monitors AD traffic comparing activities against the OSG model looking for anomalies that could represent attack behavior or security policy violations (e.g., cleartext/simple passwords, AD protocols violations, deleted/disabled users /computers activities etc.). The DAF alerts on suspicious activities inserting them into an Attack TimelineTM, providing security professionals with the needed means to identify the steps in the attack chain from the seemingly harmless individual events.

"In today's world of persistent threats, malicious insiders, and Single Sign On leveraging account access, paying attention to Directory Services' activity is key to an organizations' security. Aorato's creation of the Directory Services Application Firewall and OSG to focus on Active Directory provides a new level of needed insight within enterprises," said David Monahan, Research Director, Enterprise Management Associates.

Aorato's advisory board includes:

- Gil Kilkpatrick: Gil Kilpatrick is a Microsoft MVP for Directory Services

from 2005 and was the Chief Architect of Quest Software for Active Directory and

identity management solutions. Today he is the CTO of ViewDS, an identity solutions

provider. Gil has founded and chaired The Experts Conference, the premier conference

for Microsoft identity and access technologies.

- Harry Sverdlove: Harry Sverdlove is the CTO for Bit9. Prior to joining Bit9

Harry was principal research scientist for McAfee, Inc., where he supervised the

overall architecture of crawlers, spam detectors and link analyzers.

- Prof. Gil David: Prof. Gil David brings to Aorato over 17 years of

governmental, industrial and academic experience in the data analysis and cyber

security fields, both in Israel and the USA.

- Neil W. Book: Neil Book serves as the President & CEO of Jet Support Services,

the world's largest provider of hourly cost maintenance programs for business jets.

Previously, Neil was VP at Juniper Networks, leading their mobile security business

unit.

To learn more about Aorato, please visit: http://www.aorato.com

About Aorato

At the core of Aorato's founding was the acknowledgement that Active Directory is exposed - by default and by design. Combining the company's intimate knowledge of Active Directory and cyber-security, Aorato has filled in this blind spot with their Directory Services Application Firewall (DAF). DAF protects Active Directory and leverages its central role in the network to protect organizations from advanced targeted threats. DAF automatically learns the behaviors of all entities engaging directly, or indirectly, with Active Directory. By profiling the entities, DAF builds an interaction graph between all entities in order to detect in real-time suspicious entity behavior. Today, Aorato is a strong financially-backed company and boasts several enterprise customers.

About Accel Partners

Founded in 1983, Accel Partners has a long history of partnering with outstanding entrepreneurs and management teams to build world-class businesses.

Accel today invests globally using dedicated teams and market-specific strategies for local geographies, with offices in Palo Alto, London, New York City and Bangalore, as well as in China via its partnership with IDG-Accel.

Accel has invested in over 500 companies, many of which have defined their categories, including Angry Birds (Rovio), Atlassian, Cloudera, ComScore, Dropbox, Facebook, Groupon, Imperva, Kayak, Playfish, QlikTech, Spotify, Supercell, and Wonga. For more information, visit the Accel Partners web site at http://www.accel.com find us on Facebook at http://www.facebook.com/accel.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVE-2014-6080
Published: 2014-12-18
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.