While the U.S. Government was focused on election security last year, unbeknownst to senior American officials a secret cyber espionage campaign by a major nation-state adversary of unprecedented magnitude was already underway – lethal, stealthy and undetected.


In early December the U.S. cybersecurity firm FireEye Inc. announced that it had been the victim of a massive cyber intrusion. When FireEye’s investigators set about looking into the origin of the breach, they discovered the attackers had breached FireEye’s defenses through a vulnerability in a product made by one of its software providers named Solarwinds Corp. The attackers had managed to insert malware into a software update Solarwinds sent out to its thousands of customers, and any Solarwinds customer who downloaded this malware-infected update unwittingly opened the door to the hackers.


It quickly became apparent though that FireEye had not been the only victim, and that the hackers had gained access to hundreds of Government and private sector networks, including such agencies as the State Department, the Department of Homeland Security, the Department of Defense, and even the Energy Department’s National Nuclear Security Administration. And even today cyber experts believe the hackers may still be lurking inside of hundreds of networks.


While it’s exceedingly difficult for a single company to prevent a major nation-state cyber attack, if there’s one lesson to be learned from the Solarwinds fiasco its this: An organization can have the best cybersecurity protection in the world, but if one of their vendors is penetrated then that organization is at risk too.


The problem is many major companies and government agencies have no idea how secure their downstream supply chain is, and are frequently unaware of all the third parties who have access to their networks. While a company can mandate that its third party suppliers maintain an acceptable level of information security, for an organization with thousands of vendors it’s always going to be difficult to manually keep track of each supplier. That makes a solution that can automate the evaluation of a company’s vendors critical. Luckily for those organizations who are now fretting about supply chain security, there are three top Israeli cyber firms who can help:


Panorays Panorays specializes in automating third-party security lifecycle management. Its platform provides organizations with a rapid thumbs-up or thumbs-down view of supplier cyber risk by inherently combining automated dynamic security questionnaires with external attack surface evaluations and business context. Companies using Panorays can dramatically speed their third-party security evaluation process, streamline transparent collaboration between teams and suppliers, eliminate manual questionnaires, gain continuous visibility, and ensure compliance with regulations such as GDPR and NYDFS. And because Panorays is a SaaS-based platform, it integrates seamlessly into existing organizational workflows with no installation needed.


Findings  Findings is a scalable, AI-powered assessment platform that streamlines and facilitates efficient and comprehensive security compliance across sectors, jurisdictions, and regulatory frameworks. The company’s platform provides automated security and data compliance assessments, gap analysis, benchmarking, and automated consulting for individual and vendor risk assessments.


Commugen  Commugen offers information security regulation and governance, risk management, and compliance solutions, based on its AppChi no-code technology. Commugen’s AppChi technology is highly visual and offers flexibility in process implementation. Commugen’s cybersecurity supply chain management solution enables an organization to quickly improve its overall security posture with minimal effort by validating the security level of their suppliers. Commugen’s third party solution is a breeze to set-up, allows for automated monitoring of supplier status, and its information-rich but easy to read graphical interface allows cybersecurity professionals to quickly identify gaps in their vendors’ networks.


If you are interested in speaking with any of these amazing Israeli companies, please contact the Israeli commercial trade mission in your region.