Black Hat: Defending Against Website Spoofing With Memcyco’s Israel Mazin

Shira Rubinoff: Hi, this is Shira Rubinoff broadcasting live here at Black Hat with Techstrong. I’m here with Israel Mazin from Memcyco. Israel, it’s a pleasure to be with you here today and I’m so happy I was able to catch you between meetings at Black Hat and able to get some of your time. It’s just you’re running an incredible company. So please introduce yourself to our audience, tell them who you are and a little bit about your background.

Israel Mazin: Thank you for having me here, Shira. It’s a pleasure to be here with you. Yes, I have about 30 years experience in building startups to very successful software companies, especially in the cyber. And some of my companies were public in the Nasdaq. We had also significant exits. Also, my management team working with me almost in the co-founders the last 25, 30 years.

So we have a lot of experience in building these type of companies and we are using it now when we founded Memcyco about two years ago with all the experience that we have and also new entrepreneurs that working with us that coming from the Israeli intelligence development. So we develop and build very strong team to run this company.

Shira Rubinoff: Well thank you. You certainly have an impressive background and I love the fact that you took your management company with you and everybody came together and continued to move along in the successes of different companies. A strong team always yields a great result. So kudos to you and your management team of continued success. So Israel, please tell us a little bit about Memcyco, how the brainchild about it came about and where Memcyco stands in the ecosystem of cybersecurity world.

Israel Mazin: Great. Yeah, thank you. So actually we founded it two years ago. We also already raised the seed round of 10 million a few months ago from two top VCs, capital ventures and venture guides. And what we are actually doing in Memcyco, we provide full protection from website spoofing and brand jacking actually to the customer and also to the customer of our customers. And this is where we are unique from other companies in this space. From the moment that the fake website is alive until it is taken down. This window of exposure, it’s the most risky because all the attacks is happening there and what we develop, it’s a completely unique solution that protect in this window of exposure. Most of the companies today in this space, they are doing more threat intelligence and take down. We are doing it also, but it’s just 10% of our solution.

Claroty

What the real differentiation that we have that actually we protect in this window of exposure when these fake sites are alive, we know exactly who are the attackers, we know who are the user, the gold scams and everything in real time. So this is the uniqueness of our solution. Also, it’s very easy to install and implement. It’s a SaaS based solution. So the customer that’s installing us, they can see the value almost immediately in very short time. Like we started to sell the product at the beginning of this year. We have already customers for many sectors like banking, like retails, logistic, educations, charities and more. So it’s go all over everybody. Almost every company is suffering from these scams today. Actually, we are changing the paradigm of fighting against these type of scams.

Shira Rubinoff: Very interesting. The talks in the cybersecurity world, you have to be proactive as well as reactive and both of them are equally as important. And one of the elements that I find tremendously powerful that Memcyco is doing obviously a lot of things, is that they are looking at the proactive. You’re looking at the proactive piece as a very important tool. And when somebody has to be proactive in their cybersecurity stance, they have to have different ways that people could know. And as you’re saying the sites, we need to know that we’re on the correct site. And one of the things that I see that you do is you take the onus off the user. When the user comes, they know that they are on a protected site without doing extra steps. And one of the human factors pieces when dealing with people and being proactive, when you give extra steps to users or you make them do something in order to be protected, everybody’s moving at warp speed.

People are doing multiple things at once. And when people are doing that to do the extra steps, no one’s interested in doing. Either they’ll go around it, they’ll break it, they’re circumvented. And then at the end of the day they may or may not do those extra steps to be protected. So one of the pieces that you’re doing that I think is tremendous is that you’re not having the user think about if they are protected or do anything, they will know and they for sure will know based on how your solution works without doing extra steps. So a few of the things that I believe that you’re doing in order to strengthen the space around cybersecurity, you’re telling organizations, look, your insurance can go down your cyber insurance because you don’t have that human factors piece of a human being, the weakest link in the chain because you’re taking that off.

You’re saying, okay, we know we’re protected, we don’t have to do that. The training factor, yes, everybody needs to be trained and you have to do it in a way that’s good for the organization and good for the people within and the consumers on the other side they need to know. But that training piece of letting them know and how do they do things they know. So can you talk to that aspect a little bit and explain to our audience a little bit more around that key piece of knowing that you’re protected without the extra steps and why that’s so important?

Israel Mazin: Yes, of course. First today there are a lot of budget cuts as you know in all the organizations, less in cyber but still the CISOs today they need to decide where to put the budget and we can help them to reduce the budget cost and also insurance costs as you mentioned before. Actually, our solution give a few features that are very important as you mentioned before. One, we are detecting and protecting in real time the organization and their users by giving alerting red alerts when they are entering to a fake sites the users.

So immediately, we stop them from entering to these sites and also report to the organization that there was a scam and which user tried to go scam by the hackers. But we also provide, as you mentioned before, that the user will know that they’re on the genuine site. We provide a very unique watermark that actually to every user it’s different one, it’s animation and a code or a photo that he knows and every time that the user enter to this site, he will see this watermark and he knows that it’s for sure 100% on the general or the correct side.

If he doesn’t see this one mark, so it’s in a fake side. So this give to the user the confidence that they’re accessing to the genuine site. The problem today that because there’s so many fake sites and it’s so easy to do it today with this AI and all of these kits as a servicer, to do spoofing as a service. So users are afraid to access to these websites. Even they get the mail or message or advertisement, they’re not accessing. So it’s reduced revenue to these potential customers and it’s affect all these reputation and also when the customers using our solutions, so the CISOs has less, they can reduce the budget as you mentioned before training, but they need to do less training and awareness because we are protecting, we are there.

So the user doesn’t need to think and what to do because we protecting them. And this is the most important in our solution that we protect the user and we protect the organization in this windows of exposure that this fake site are alive and attacking them.

Also, in additional to this, what we are doing, we give a lot of story information about the attacks. So we reduce also the SOC people that investing time and to find where is the scams, how it’s happened. A lot of investigation hours or days, they don’t need it anymore because we give them this information in real time to the SOC, we integrate it to the scene like you rate us or Splunk or others. So they don’t need now even to do any investigation. We give them all of this information. I can tell you that some of the customers that we are working, that’s all we know. We felt that we were blind before and now we feel that we didn’t know even that all of this happening, it took us hours or days to know it. So we can now shift the system, the SOC can shift their budget to other activities when they’re using our product. And it’s critical because today they have limited budgets, so they need to find more budget to other solutions.

Shira Rubinoff: Correct. You touched on a very important thing and that’s one of the things that CISOs are scrambling. It’s their budgets and they’re going to the boards explaining they need more budgets, but there’s only a certain amount of money to go around in the companies in order to yield protection. And when the CISOs are trying to figure out budgets, when they’re looking at solutions, if there’s extra involved, whether there be training, whether it be people and personnel, they probably put that to the side. We look at solutions like a good to have, a need to have and a must have. Good to have is everything, need to have is we will get it as soon as I’ve budget for it. And a must have is this is critical, this is something that’s needed now because one either reputation’s involved, money’s involved, different things are involved that could curtail either business as usual or slow down production and have companies scrambling just to get up to speed.

So you really hit on an important point that I know that CISOs are dealing with on a daily basis. So thank you for really explaining that. And if you could also describe to our audience a little bit about the proactive approach and reactive. You’re talking about real-time warnings and the real-time warnings are critical because something that you see minute one, minute 30 can be completely different story. Can you talk about that real-time versus a little bit of lag of time?

Israel Mazin: Yes. So all the solution today in the market before we came without solution, what they did is threat intelligence and take down, and this is reactive as you said, because first, not always you can do the take down, not always it’s possible. Secondly, not you’ll always find all these sites, the fake sites. What we are doing is completely different approach that actually, when our product is inclement and installed in these organizations. So when there is this fake site, this hacker send your fake sites and you try to access to these fake sites, immediately we alert on it to the user and to the organization. So they don’t need to search for it, they don’t need to find it because we are there when it’s happened. It’s like you have a house and you have alarm and lock and the locker when you enter and if there are no lock, you can enter.

So it’s what if you discover that there is thief around but you stop it from entering into your house? This is exactly what we are doing. We stop them when they’re trying to attack the users. Sometimes hundreds of users, sometimes hundreds of thousands of users or millions. We are there to catch it in real time. And this is the big difference from reactive and proactive approach. We are proactive because this is what really protect the users and also the organization. And also in addition to this, we give them all the information so they know who attacked them, when they attack them and most important, who are the user that got scam because then they can do some action for it.

Shira Rubinoff: That’s excellent. Once you give them that information, they can take it further whether that specific user might need a little more training specifically, so you don’t have to go across the whole organization. Maybe that one user might be a negligent insider threat, which doesn’t mean they’re trying to take down the organization or do something wrong, but they just don’t know. They don’t realize they fall prey to attacks. So really honing in on it, yeah, it saves the budget and it saves the organization and really educates the organization as a whole so they can be better, stronger, faster and do what they need to do, whether it being operations and security and hand in hand. So if you could tell our audience when you look out at the audience and you want to really educate them and say, this is a very important product for you.

We talked about being proactive, we talk about being reactive, we talk about real time, we talk about taking away the onus on the user. We’re lowering the CISOs budgets. So literally sounds like this is the solution to have. So if other organizations are using other solutions, how does it stand out when you talk about taking down the user in all the different areas, what could be your five points if you could just make it easy, informative information that people could say, okay, check mark, check mark, check mark, check mark all the way down and they say this is just a surefire win? What can you say to that in a very concise way for our audience to understand?

Israel Mazin: Yeah. Okay. So first the most important that we protect this window of exposure when the site alive until if at all it is taken down. We don’t need to search, we know. This is the big difference from us to others. We know because we are there in real time. So most important, as you said, a few points that are important, one that we protect, we give you all the visibility in real time that as the customer said, we were blind before, now we are not blind anymore. You start see what’s happening in your system. You know who are the user that works scam, you know who are the hackers from where it’s coming, what is the fake website so you can start acting. We also give protection because we know the authorized devices of every user. So if hacker succeed to take some credential, he cannot enter because we stop it because we know that he’s not authorized.

We have very unique capabilities of device DNA, device fingerprinting. So these are another point that we are protecting. The third one that we have also this unique watermark because when we discussed with customers, they said, yeah, we are protecting them now with your solution but how the customer will know that we care for them because there are a lot of regulation today that they need to show that they are protecting the customer, they’re liable? In the UK, they are regulation now that they need to protect the customers, in other European countries. It’ll come later to the US and Australia and others.

So it become more and more liable to their customers and compensate them and also then it’s expose the system and other to more personal liabilities. Our product protect them from this because don’t need to doubt or guess, they know. And this is I think the big difference from us to searching and take down. We are doing today, detect, protect and take down, but the protection is the 90% of what’s really important in what we are doing and what important not to us. One customer told us, “When I have your solution, I’m going to sleep well at night.” I think this is the most important sentence. They can go to sleep well at night, the CISOs, the floor, the SOC, because we give them the right protection. We don’t guess, we don’t search, we know.

Shira Rubinoff: Excellent. And a lot of organizations, they look at technologies and solutions about what does it take to implement this solution? How long does it take? Do we need some training to implement? What does it cost us to implement the solution? How many people need to be involved in it? Can you talk a little bit about implementing the solution and the ease of use it is?

Israel Mazin: Yes, this is very important. When we develop it, we said we must have something that it’s very easy to use, agentless, the end user don’t need to install anything, register anywhere. So it’s very easy to install, its agentless solution. It’s take 10 minutes, even large organization to install it and then to implement it. They almost see immediately because we do everything automatically. It’s SaaS model. So after they install, it’s like a few line of codes and that’s it to install in the organization. That’s it. A few minutes installation and after it, we start collect the data and start showing the data and protecting. So they see the value immediately. They don’t need any training almost because everything is automatically. Some of the customer that we installed were shocked, they said, “I don’t believe that we can see this value immediately so fast.” So this was something very critical for us when we developed the product because this is part of our experience, that all of this long implementation in the past on-prem that’s it, it’s not relevant anymore.

Customers today, they have so many solution, they want to have something that they install and that’s it. And this is what we focused to solve real pain, that it’ll be proactive and the installation implementation will be very easy immediately can civilian. So it’s very easy. You don’t need almost any training. We showed them the demo, we showed… I don’t think that we have any unsuccessful POC. After we do a POC, they see immediately the value and moving to procurement. So it’s very easy installation and implementation, almost no training.

Shira Rubinoff: So one other question around this area that people worry about man in the middle attacks to spoof. Is there any way a man in the middle attack could occur in order for them to spoof a real site even to maybe grab whatever they think that the user’s supposed to see? How do you protect the user from man in the middle attacks?

Israel Mazin: It’s exactly what we’re protecting because many in the middle it’s exactly because they can then bypass the multifactor authentication and other authentications. When they install our product, we catch it immediately. When they access, they cannot even go to the next step because when they access to the site that installed us to the fake site, we alert it immediately and we stop it. So they cannot men in the middle. It’s exactly strong solution for men in the middle, maybe the only solution because it’ll not help you in the men in the middle when you search and take down in this window of exposure.

This window of exposure can be days sometimes. And then they do this man in the middle and then they catch a lot of the credential of the users and even worse, the employees and then they can do one somewhere and all over. So this is exactly the good solution for the man in the middle that you are mentioning.

Shira Rubinoff: Excellent. And any other cybersecurity points you want to leave our audience with that you might want to just give some extra pointers to them? And just speak from your great vast experience around the cybersecurity world.

Israel Mazin: Yeah, I think that today very critical to have all these advanced solution like us and others even in other cybersecurity protections and areas. I think that ransomware start from fishing and taking credential or from vulnerabilities. We see ransomware all over. So they need type of solution like us to protect ransomware, but also the vulnerability to protect because this is the main way to do ransomware. And we hear it almost everywhere in hospitals, in the other organization that they actually succeed to penetrate and encrypt the data. And I think that is very important today when you have and the AI today or using AI, it’s much easier to do all of these scams, fake sites, ransomware all over. It’s much easier. So I think that customer need to increase the cyber. I think today it’s more risky. So I think organization need to increase the cybersecurity.

Even the cut budget, they still need to give more budget to cybersecurity because it’s more risky today, it’s easier to attack even hacker that are not professionals today with this AI and all these kids can do…

Shira Rubinoff: That’s true.

Israel Mazin: Yeah. So I think that if we look on all these cybers, I think there are a lot of threats today, sometimes from more professional, even sometimes states or countries, but 70% coming also from hacker that are not professionals and you need to protect against them also. So I believe that your organization need to increase their cybersecurity budget and not reduce it, even their reduced budget, but also focus on what really can protect them and also their users because the user is actually what give them to live and the revenue and to protect their brands.

Shira Rubinoff: Sure. So Israel, I know you have some exciting news that you want to share with our audience, some announcement and I’d love to give you the stage. Can you please share with us the news that’s coming out at Memcyco?

Israel Mazin: Yeah. So as I mentioned, when we start in Mexico, we want to develop suite of products on the digital trust that protect the organization, the employees and also their customers. So we are going to, this is the first time that I’m talking here and announce this. We have a new product that we are going to protect the STEM way that we are protecting the websites to protect the login page of single sign like Microsoft or Okta or others.

Today, it’s really entering and doing through this login page, many scams that doing this ransomware as I mentioned before. So we are going to release a new product in the next few weeks that will protect the login page of these SSOs and against this type of account takeover. We have all of this technology including the watermark and the protection and detection in real time to these login pages. We talk with tens of customers that looking forward to this because it’s happened to them. What we saw in the survey that we did with them that between 15% to 30% when they’re doing this simulation, fall to these scams and give the credential in this SSO login page. So we are coming with really unique solution to protect this login page of these SSOs that it’ll help against ransomware and data leak and everything.

Shira Rubinoff: Well, congratulations on that. It sounds like a very much needed technology and I’m sure it’ll do really, really well. So I encourage our audience to take a look at what Memcyco is doing. Israel, a pleasure to speak with you as always and I’m so glad we had a chance to speak here at Black Hat and I look forward to speaking to you again soon.

Israel Mazin: Thank you Shira. It’s really a pleasure to be with you here as always too. Thank you so much.

Shira Rubinoff: Thank you.

Avatar photo

Shira Rubinoff

Shira Rubinoff is a recognized Cybersecurity executive, and Cybersecurity & Blockchain Advisor, Speaker & Influencer, who has built two Cybersecurity product companies, and led multiple women-in-technology efforts. She currently serves as President of NYC tech Incubator, Prime Tech Partners & social-media-security firm, SecureMySocial as well as on the Boards of the Executive Women’s Forum for Information Security, Leading Women in Technology, Blockchain company, Mainframe, AI company, TrueConnect , AI company, Pypestream, and Crypto company, Castillo Networks.

shira-rubinoff has 8 posts and counting.See all posts by shira-rubinoff

Application Security Check Up