Press · BrightTALK · Cybertech Tel Aviv 2019

The Cyber Resilience panel

A BrightTALK panel recorded on the floor of Cybertech Tel Aviv 2019. Three founders — from SNDBOX, Minerva Labs, and BufferZone — argue with a moderator about what CISOs should actually do differently when patching is impossible and detection always loses to evasion.

Outlet: BrightTALK
Event: Cybertech Tel Aviv (January 2019)
Format: Panel discussion (~48 min)
Topic: Cyber resilience · the CISO’s dilemma
Language: English

PRESS · BRIGHTTALK VIDEO · 16:9

Cyber Resilience panel · Cybertech Tel Aviv, January 2019 · Ariel Koren (SNDBOX), Eddie Bitzky (Minerva Labs), Israel Levy (BufferZone) · moderated by Aviv Cohen

The panel

Moderated by Aviv Cohen (then CMO of Cynet / “Cisus” in the auto-captions). Panelists: Eddie Bitzky (co-founder & CEO, Minerva Labs – endpoint resilience), Ariel Koren (CTO & co-founder, SNDBOX – malware research platform), and Israel Levy (CEO, BufferZone Security – containment).

What the panel argues

The framing question is the one every CISO loses sleep over: the security industry spends more every year, and breach counts and breach costs keep climbing. So is the industry solving the right problem?

Three threads emerge across the 48 minutes.

Patching is necessary but not sufficient. Ariel opens the breach-lessons segment by pointing at WannaCry: the underlying exploit had been public for a month before the outbreak, and the damage was almost entirely a patching-discipline failure. The counter, from Levy, is that real-world enterprises can’t patch on every release without breaking the business — so the realistic posture is layered defense around the things that can’t be patched in time, plus the acceptance that “the next surprise” is not actually a surprise.

Detection alone is a losing game against evasive malware. Bitzky’s claim — that the industry has quietly conceded prevention is impossible and retreated to detection-and-response — sets up the panel’s central technical argument. Ariel extends it from the sandbox-vendor side: the majority of modern malware is evasion-aware, with a single environment check that turns the whole sample inert inside a forensics VM. The implication is that detection has to happen before the file reaches the endpoint at all — at the email gateway, with sandboxes engineered to look enough like a real user machine to defeat the evasion check.

Variance beats uniformity. In the closing “play the attacker” round, Ariel’s adversarial advice to CISOs is the one most worth quoting: most companies deploy the same handful of vendors, so once an attacker has bypassed a given product they’ve effectively bypassed it everywhere it’s deployed. The takeaway by inversion: don’t pick your stack the way your neighbour did.

Where Ariel speaks

01:44 Intro — SNDBOX as a malware research platform combining kernel-mode agent with ML.
03:10 WannaCry as a patching-discipline failure: the NSA exploit was public a month earlier.
13:29 New attack vectors with low detection rates — email, phishing, Office-document exploits — and why next-gen AV often misses them.
22:54 Sandbox evasion: catching malware before it reaches the endpoint by making the analysis environment indistinguishable from a real user machine.
32:22 SMB vs. enterprise: protect the asset that defines your business (the Coca-Cola recipe; the bank’s customers); cloud will lower the cost of layered defense.
36:39 Attack vectors are the same regardless of company size — email and unpatched systems — so detect upstream of the endpoint.
44:53 Devil’s-advocate round: if everyone deploys the same products, one bypass scales to every organisation that uses them.