Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/21/2014
10:29 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Israeli Cybersecurity Start-Up Aorato Emerges From Stealth Mode

Aorato's approach is to focus on Microsoft's Active Directory services activities by observing network traffic between AD servers and active network entities

TEL-AVIV, Israel, January 21, 2014 /PRNewswire/ --

Today, Aorato launches into the international cybersecurity market with the first context-aware, behavior-based Directory Services Application Firewall (DAF). The company's solution profiles, then not only learns, but also predicts entities' behaviors enabling context aware real-time decision making.

Initially coming out of the Cyber Security unit within the Israeli Defense Forces (IDF), historically a source of security technology and innovation, Aorato's founders Idan Plotnik, CEO, Michael Dolinsky, VP R&D and Ohad Plotnik, VP of Professional Services, have spent the last decade in cyber-security.

Previously, co-founding and running Foreity, a Microsoft security subcontractor acquired by a leading IT services firm, and holding the prestigious Microsoft MVP awards for enterprise security, the founders are very much intimate with Directory Services and their cyber-security issues.

Aorato has received approximately $10 million of investments from notable firms and security luminaries including leading global venture capital firm Accel Partners, Mickey Boodaei (co-founder of Imperva and Trusteer), Rakesh Loonkar (co-founder of Trusteer), Innovation Endeavors -VC funded by Eric Schmidt - and Glilot Capital Partners.

"The timing could not be more appropriate to launch Aorato into the cybersecurity market. 2013 showed the world the risks of advanced threats in parallel to the implications of insiders' access to sensitive corporate data.

Both proved the need for a technology like Aorato to make a difference within the enterprise security posture," said Idan Plotnik, CEO of Aorato.

Kevin Comolli, the Partner who led the investment for Accel Partners, said:

"Accel is excited to be partnering with a world-class team building a pioneering product. Aorato's Directory Services Application Firewall is a unique solution for a very important part of enterprise infrastructure, and the founders'

cyber-security expertise is second to none."

Aorato's approach is to focus on Microsoft's Active Directory (AD) services activities by observing the network traffic between AD servers and the active network entities (users, devices etc.). The technology uses the interactions identified in this traffic to create the Organizational Security Graph[TM] (OSG), a model of the observed relationships over time. Aorato monitors AD traffic comparing activities against the OSG model looking for anomalies that could represent attack behavior or security policy violations (e.g., cleartext/simple passwords, AD protocols violations, deleted/disabled users /computers activities etc.). The DAF alerts on suspicious activities inserting them into an Attack TimelineTM, providing security professionals with the needed means to identify the steps in the attack chain from the seemingly harmless individual events.

"In today's world of persistent threats, malicious insiders, and Single Sign On leveraging account access, paying attention to Directory Services' activity is key to an organizations' security. Aorato's creation of the Directory Services Application Firewall and OSG to focus on Active Directory provides a new level of needed insight within enterprises," said David Monahan, Research Director, Enterprise Management Associates.

Aorato's advisory board includes:

- Gil Kilkpatrick: Gil Kilpatrick is a Microsoft MVP for Directory Services

from 2005 and was the Chief Architect of Quest Software for Active Directory and

identity management solutions. Today he is the CTO of ViewDS, an identity solutions

provider. Gil has founded and chaired The Experts Conference, the premier conference

for Microsoft identity and access technologies.

- Harry Sverdlove: Harry Sverdlove is the CTO for Bit9. Prior to joining Bit9

Harry was principal research scientist for McAfee, Inc., where he supervised the

overall architecture of crawlers, spam detectors and link analyzers.

- Prof. Gil David: Prof. Gil David brings to Aorato over 17 years of

governmental, industrial and academic experience in the data analysis and cyber

security fields, both in Israel and the USA.

- Neil W. Book: Neil Book serves as the President & CEO of Jet Support Services,

the world's largest provider of hourly cost maintenance programs for business jets.

Previously, Neil was VP at Juniper Networks, leading their mobile security business

unit.

To learn more about Aorato, please visit: http://www.aorato.com

About Aorato

At the core of Aorato's founding was the acknowledgement that Active Directory is exposed - by default and by design. Combining the company's intimate knowledge of Active Directory and cyber-security, Aorato has filled in this blind spot with their Directory Services Application Firewall (DAF). DAF protects Active Directory and leverages its central role in the network to protect organizations from advanced targeted threats. DAF automatically learns the behaviors of all entities engaging directly, or indirectly, with Active Directory. By profiling the entities, DAF builds an interaction graph between all entities in order to detect in real-time suspicious entity behavior. Today, Aorato is a strong financially-backed company and boasts several enterprise customers.

About Accel Partners

Founded in 1983, Accel Partners has a long history of partnering with outstanding entrepreneurs and management teams to build world-class businesses.

Accel today invests globally using dedicated teams and market-specific strategies for local geographies, with offices in Palo Alto, London, New York City and Bangalore, as well as in China via its partnership with IDG-Accel.

Accel has invested in over 500 companies, many of which have defined their categories, including Angry Birds (Rovio), Atlassian, Cloudera, ComScore, Dropbox, Facebook, Groupon, Imperva, Kayak, Playfish, QlikTech, Spotify, Supercell, and Wonga. For more information, visit the Accel Partners web site at http://www.accel.com find us on Facebook at http://www.facebook.com/accel.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36124
PUBLISHED: 2021-05-07
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user (clients and administrators).
CVE-2020-36125
PUBLISHED: 2021-05-07
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly.
CVE-2020-36126
PUBLISHED: 2021-05-07
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment term...
CVE-2020-36127
PUBLISHED: 2021-05-07
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the opt...
CVE-2020-36128
PUBLISHED: 2021-05-07
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token (called X-Terminal-Token) to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its ...