Tal Kollender, Gytpol: “hackers exploit OS security gaps due to misconfigurations”
Human error might be something that’s inevitable in any field, however, it arguably poses the most danger when it comes to cybersecurity.
Incorrectly configured operating systems lead to insecure or simply non-functional systems, and the worst thing is, these misconfigurations are very hard to notice. Your malware detection and device security monitoring software are letting hackers breach your devices and allowing them to laterally move within your organization unnoticed to plot and execute a ransomware attack.
But the good news is that spotting and fixing these misconfigurations is possible, albeit not exactly the easiest.
That’s why Cybernews reached out to Tal Kollender, the Co-Founder and CEO of Gytpol, a company that provides a security configuration management platform. Gytpol helps its customers deal with cybersecurity risks born out of misconfigurations in their systems which can’t necessarily be simply fixed with a patch.
How did the idea of Gytpol come about? What has the journey been like since your launch in 2017?
Gytpol was conceived in a café in Tel-Aviv on the back of the napkin. Sadly, the napkin no longer exists. But the concept I sketched that day is still very much the basis of what Gytpol is today.
I had just become a teenager when I was exposed to hacking. It was not long before I realized the impact it had if applied in both good and bad ways. This excited me and drove me to want to learn everything about it, and become an accomplished “hacker”.
When I turned 18, I had to do my mandatory army service in Israel. In the beginning, I was selected to attend the prestigious pilot’s course, however, my passion for cybersecurity got quickly noticed, and I ended up serving my country in one of the leading cyber units. The experience and training I received has no rivals anywhere else in the world, which is why Israel has become famous as the “Start-Up Nation” for Cybersecurity.
Once I returned back to civilian life after my army service, I worked for a number of companies in both IT Admin and IT Security roles. It was there that I started applying my “white hat” experience and skills to keep the organizations I worked for protected and secure.
By then, I had perfected my hacking knowledge and prevention techniques. I noticed that there were no tools available to address security gaps caused through misconfigurations. For each company I worked for, I needed to write my own tools repeatedly.
And this is where the Gytpol idea came about. To provide a robust, enterprise tool which would allow organizations to “think like a hacker” and get visibility of and remediate the security gaps which hackers exploit all the time when breaching organizations.
Can you tell us a little bit about what you do? What challenges do you help navigate?
Approximately 40% of successful attacks go undetected by EDR solution because hackers exploit OS security gaps due to misconfigurations such as human errors and default settings.
We provide a Security Configuration Management platform which continuously monitors devices, detects these misconfigurations, and then provides a complete remediation capability, which allows these risks to be resolved in a fast, automatic manner with zero impact to the existing IT & business operations.
Across all industries that you work with, what vulnerabilities are the most common nowadays?
I am going to get a bit technical and precise now. Firstly, we like to distinguish between vulnerability and misconfigurations. Vulnerabilities are often used to describe both, but there is a difference.
Vulnerabilities cover software bugs detected in applications and Operating Systems which have a security risk that can be exploited. They are sometimes referred to as zero-day vulnerabilities, and are registered in the Common Vulnerabilities and Exposures (CVE) database. These vulnerability risks can only be mitigated if the software vendor fixes the bug and releases a software patch for the organization to deploy to all related devices. There are “VA” tools which can help with that.
Misconfigurations are not resolved by software patching. In most cases, it requires the correct configuration to be performed, and validation that it’s been applied successfully. This is where a Security Configuration Management tool such as GYTPOL can be used.
In the last 6-12 months, the most common and very dangerous misconfigurations were SMBv1, PrintNightmare (Print Spooler), PetitPotam (NTLM), supply chain attacks such as SolarWinds & Kaseya, and PowerShellv2.
Have you noticed any new threats arise as a result of the recent global events? Were there any new features added to Gytpol?
For sure. What’s interesting is that most of the recent successful attacks are still exploiting well known misconfigurations, such as those that I referenced above. Organizations are just struggling to get the right visibility on these items and then, once identified, the ability to remediate them quickly and automatically.
One of the challenges with remediation is ensuring you don’t break something during the fixing process. This is a very long and time-consuming effort. The last thing a CIO wants is an angry call from one of his/her executives complaining that the organization’s business operations has stopped due to an action taken by IT Admins. Fortunately, with GYTPOL we have resolved this by performing zero impact remediation. It is a game-changer and saves organizations significantly in terms of time, cost, and risk.
The belief that only large and well-known companies are prone to cyberattacks is only one of many misconceptions still prevalent today. What other cybersecurity myths do you come across nowadays?
That your EDR, coupled with threat modeling prevention, will catch 99% of all attacks. As I mentioned earlier, the data shows that 40% of attacks are under the radar of the EDR, especially when the hacker exploits misconfigurations, takes control of a device’s system and switches off or works around the EDR which has been reverse-engineered. Go figure!
What are some of the worst cybersecurity habits that can put a company at risk for a security breach?
Taking a passive approach and believing that cyber insurance is their “get out of jail” card. We are already seeing insurance companies re-thinking their approach to cyber insurance premiums, and this will require a much improved level of cyber hygiene.
The number of organizations affected by cyberattacks grows exponentially. And yet, many organizations take action only after an incident occurs. Why do you think people push cybersecurity to the background?
This is not true for all organizations. However, it starts at the top. The executive boards of organizations need to understand the true cost impact of a successful ransomware attack on their business, and do the calculation saying that it is much better to invest in prevention.
Secondly, allocating funds to cybersecurity prevention is not going to be an open checkbook. Therefore, you need to have experienced and talented cybersecurity executives who know how to apply the right strategy, adopt a robust framework, and procure the right tools with minimal overlapping capabilities. Today, cybersecurity budgets could be utilized much better if the overlapping capabilities were addressed.
In your opinion, what cybersecurity practices are a must these days, especially for organizations?
Cybersecurity is non-trivial and a fast-changing environment. For most, it is almost impossible to keep up with the latest trends, must-haves, and capabilities. Organizations should invest in the right talent and training, and where this is not possible, find the right partners who can act as their trusted security advisors.
Would you like to share what’s next for Gytpol?
Misconfigurations are everywhere, and we want GYTPOL to be synonymous with helping organizations prevent attacks due to these security gaps. In the coming months, we will be expanding our reach in terms of device types supported which will include Linux, Mac and Android (including Chromebook) devices. We will also be expanding into IoT devices, as they are fast becoming a favorite for hackers.
In addition, whilst we are mainly serving medium to large organizations, later this year, we’ll be offering a fully SaaS based solution which will cater for SME as well as for the medium or larger organizations which have that preference.