Interview with Yehonatan Kfir, CTO at Radiflow
An experienced security expert, Yehonatan Kfir has led Radiflow’s technology innovation roadmap since 2014. Earlier in his career he had served for 10 years in an IDF Intelligence Corp elite R&D Unit. In his last role in Unit 8200, Yehonatan was in charge of new product research at the Cyber Innovation division and led a project that won the Intelligence Corp Commander’s Creative Thinking Award. Yehonatan has a BSc, an MSc and an MBA, and is currently working on his PhD in Cyber Security
TDE: Tell us about your product/business and your specific role?
Yehonatan Kfir: Radiflow is a leading provider of cybersecurity technologies for industrial networks. Our customers are mostly industrial enterprises and critical infrastructure operators who are using our cybersecurity technologies to protect their SCADA and ICS systems on their industrial automation networks. Our main product offerings include an industrial threat monitoring and visibility system, industrial traffic compression probes and secure remote access gateways. As the chief technology officer of Radiflow, I am directly responsible for the company’s research activities and the development of our algorithms and security assessments.
TDE: What is the core issue your product/technology aims to address and what sets it apart from the other players in the market?
Yehonatan Kfir: Radiflow offers a holistic approach for the cybersecurity challenges faced by operators of industrial networks. We help our customers to securely transform their industrial networks to modern, digitized operations. Our approach starts with an assessment phase and includes ongoing monitoring and prevention. Our unique added value to customers is the ability to monitor and protect large and distributed operational technology networks and a complex range of systems at all levels of the network. This approach is also used by our managed security service provider (MSSP) partners that offer cybersecurity services to their industrial customers based on our technologies.
TDE: What’s the one industry, sector or role that your technology is most relevant to?
Yehonatan Kfir: Radiflow solutions are designed for critical industrial automation networks. These types of networks are running complex ICS and SCADA systems. The vertical markets benefiting from our cybersecurity technologies include energy suppliers, utilities companies, water facilities, chemical plants and more.
TDE: What are some of the common challenges your customers approach you with?
Yehonatan Kfir: Industrial networks and infrastructure generally were built many generations ago with almost no security in mind. As a result, these networks typically contain a large number of open vulnerabilities in terms of at-risk devices and exposed software. Upgrading or even updating these devices is a complex process. Any change in an industrial automation system presents risk to the overall industrial process and requires long testing periods before any change is implemented. This conflict between the ongoing need for cybersecurity upgrades and not introducing new risks to the industrial process creates a huge challenge for our customers. However, as industrial automation networks modernized and introduce new IoT technologies, this transition to a secured network is essential and an area I am proud to say we excel in helping our customers achieve with great success.
TDE: Using technology to effect transformation usually starts with a transformation of beliefs and mindsets. How do you consult enterprise clients and help them make that important shift in mindset to move ahead on a particular project or implementation?
Yehonatan Kfir: The transformation to a secure industrial network is done in phases. In the first phase, we conduct a comprehensive assessment of the current cybersecurity state of the network. This assessment helps a customer to clearly understand its current situation and plan the required improvements for the network transformations. In the second phase, we deploy our threat monitoring and visibility system on the industrial automation network of the customer. This systems, which we call iSID, continuously monitors the network and logs in real-time any changes happening from the baseline in the assessment phase. In addition, iSID creates alerts on any cyber-threats that are trying to exploit an of the cybersecurity vulnerabilities discovered during the assessment phase. In the final phase, the customer proceeds with implementing mitigation actions. This phase includes deploying firewalls or hardening devices. Our iSID solution prioritizes the order in which mitigations should be adopted based on the context of the customer’s network and the business logic of its industrial processes.
TDE: Give us an example of an enterprise meeting a digital transformation goal through your product?
Yehonatan Kfir: We recently started working with a power generation customer that manages multiple site and previously maintained low levels of cybersecurity. At the start of the engagement, these remote sites were connected to a control center using a complex network infrastructure that was not fully owned by the customer. Our challenge was to secure the remote sites with minimal efforts or impact on operational processes. During the planning phase, it was clear that transforming the complex network infrastructure between the remote sites would be a long, complicated and expensive process. As an alternative, we recommended that the customer secure each of the remote power generation sites. We performed this process in two steps:
First, we secured all the communications entering each remote site. This covered all traffic from control center, including traffic originating from third parties for maintenance purposes. For this task, we deployed our industrial firewall at the entrance of each site. With this, all the traffic entering each site is intercepted with only secure traffic allowed to pass through. The additional gateways that we deployed allow third parties to connect to each remote site through secure authentication and VPN capabilities.
In the second step, we deployed our iSID system to monitor each site. This ongoing monitoring allows the customer to verify that no insider is using vulnerable devices in the site for sabotaging the power generation network.
Ultimately, with our help this power generation company was able to leverage our industrial cybersecurity technology to transform its outdated power generation infrastructure into a fully secured operation.
TDE: What present or upcoming technologies you think have the maximum potential to accelerate enterprise digital transformation?
Yehonatan Kfir: One of the main reasons for slow transformations to secure industrial network is the time it takes to plan the transformation. Changing these networks is full of risks, although essential for cybersecurity purposes. Therefore, a considerable amount of time is spent on planning the actions that will not only reduce the cybersecurity vulnerabilities, but also minimize the risks to operational processes. In the industrial network domain, automated and scalable risk evaluation is needed for accelerating this cybersecurity transformation. Automated systems can evaluate the vulnerabilities on the industrial network and can prioritize the mitigation measures based on the urgency of each.
TDE: What’s your go to resource – websites, newsletters, any other – that you use to stay in touch with the explosive changes happening in the digital space?
Yehonatan Kfir: Technology forums related to SCADA security seem to have the most value. Also, I am highly involved in academic research in the area of using advanced technologies like artificial intelligence and machine learning for cybersecurity purposes.
TDE: Read a good book lately on digital transformation that you’d like to recommend to us?
Yehonatan Kfir: I am currently in the middle of reading Factfulness by Hans Rosling. This book it not exactly about digital transformation, but the author makes important claims in the book that can be related to digital transformation. The book describes how people perceive the world and how the facts can show different truths. Understanding the gap between perception and facts is very important when dealing with the transformation of complex systems. In most cases, when dealing with new customer engagements, the assessment phase reveals multiple gaps that our customers are often surprised to discover.
For more DX insights follow Yehonatan Kfir on LinkedIn