Benny Lakunishok was working on Microsoft’s EDL team, which produces one of the best such systems on the market, yet all of his customers were getting breached.
“When I analyzed why this is still happening, I saw that the root cause of most of the attacks is that the network is open from the inside and it’s extremely difficult to segment every machine, which is what you really want,” said Lakunishok, Co-founder and CEO of Zero Networks.
“And I immediately understood that if we change the approach, it’s actually solvable,” said Lakunishok, who got his start as a programmer in an intelligence unit of the Israeli army. “I have to say in retrospect that I should have chosen something simpler to do because it’s extremely difficult. But I’m happy to say that we’ve succeeded now in solving one of the biggest problems in cybersecurity.”
Existing segmentation solutions that address this problem are notoriously complex, labor intensive, and often do not provide comprehensive protection.
Zero Network’s multifactor authentication-based segmentation solution promises to automatically restrict network access to only what users and machines really need. Its fully automated SaaS platform does so by learning how users and machines normally communicate.
Accessing sensitive protocols that attackers often use to move laterally within organization networks to exfiltrate data or launch ransomware attacks is enabled only after users undergo multifactor authentication.
“We really want the product to be as broad as possible and deep as possible with everything that the customer asked for,” Lakunishok said. “Many of the features incorporate things customers asked for. We take their inputs to make the product better suited to the market.
“But we also think outside the box of how to do it – how to build in a way that’s the simplest, and that allows us to accelerate our development of the software.”
The platform is agentless, so there is almost no friction in the deployment stage. It’s fully automated, so the customer just needs to click on a button to segment a machine. Unlike competing solutions, it doesn’t require major human involvement, and it’s easy and fun, Lakunishok said.
“We’ve designed it so even people who aren’t versed in cybersecurity can do it,” he said.
In addition, Zero Networks enables organizations to securely connect remote employees and third parties to their network with zero trust principles and maximum network performance.
“When we looked at Zero Networks, and realized what it was able to do across network segmentation, access and user rights, we realized it had moved from a supporting technology to a cornerstone technology,” said Chris Turek, the CIO at Evercore.
“And we’re really looking to rebuild our IT stack with Zero as one of these cornerstone technologies, because there really isn’t another vendor that does the same thing. You really can’t just take a piece of Palo Alto and a piece of CrowdStrike and put it together and get what Zero does.”
The company is targeting businesses of all sizes and stripes. It has a diverse roster of about 100 customers in the U.S., Europe and the Middle East, including global commercial and investment banks, major US retailers, large manufacturing corporations, a global container shipping company, hospitals, law offices, construction, telecom, and public sector institutions.
The company recently closed a Series B funding round, raising $20 million from investors led by U.S. Venture Partners and including Dmitri Alperovitch, Co-founder and former Chief Technology Officer of CrowdStrike. The money will go toward product development, sales and marketing, and support.
In total, it has raised $45 million since it was established in 2019. Its product went commercial in March 2022, and has a string of awards and honors, including Gartner’s Cool Vendor designation. It took the top spot in the product innovation and network security categories in CISOs Connect’s 2022 CISO’s Choice Awards and was a finalist in the Network Security category for the 2023 awards.
According to Lakunishok, the company aims to become the one-stop shop for network security, which will require the addition of capabilities that will allow organizations to essentially throw away all of their firewalls. It is also adding more cloud-native features to the solution and adding depth and breadth to the platform in conformance with customer needs.
Lakunishok dismisses the idea that there are “trends” in cybersecurity that solution providers have to provide for.
“There’s no trend. It’s the same old thing, and if you solve that, great. We are solving the oldest and hardest problem in security. Maybe ransomware is the new, trendy expression of that problem, but it’s the same problem. It’s the lateral movement problem that we just completely solved. We stop any pen tester and any attacker that our customers encounter, and I’m very proud of that. So we are not trendy, but we are moving the needle the most.”
“Almost any large attack you ever heard of, any large breach you ever heard of succeeded because the network is so open,” Lakunishok said. “If you can really microsegment every machine in the phone network bubble, most of those will be gone. But it’s extremely hard to do. So that’s why this space didn’t explode yet. I think we are a big accelerator in that journey.”