Interview with Liron Barak, CEO and Co-Founder of BitDam

We caught up with Liron Barak, CEO and Co-Founder of BitDam, finding out all about the company, The Phisher’s Playbook and how to protect from phishing emails.


Why was the business started?

Before I started BitDam, I served as an officer in Unit 8200 of the Israeli Intelligence Corps for 7 years. I was responsible for the development of cyber technologies and focused on the offensive side of cyber. I worked closely with many security solutions and saw that there was a huge gap in cybersecurity, and in the email security field in particular.

I decided to leverage my unique knowledge as a former offensive cyber expert to help organizations protect their inboxes.


How are you different? 

When we founded BitDam, my partner and I agreed that we would take a different approach than any of the security solutions we knew. Instead of focusing on the attack, its behavior, and the previous knowledge of other threats, BitDam focuses on the normal behavior of legitimate business applications such as MS Word, Excel, PowerPoint, Chrome, Safari and Adobe Reader. We count on the fact that hackers use legitimate applications to deliver their attack to end-users. Simplifying it, we use a kind of whitelisting approach on these applications, instead of a blacklisting approach on threats. This allows us to detect malicious activities of any type and makes BitDam ATP, our solution, 100% attack-agnostic.

As such, BitDam ATP detects new, unknown tricks that other security solutions cannot manage. We hold a few different registered patents based on BitDam ATP.


What is ‘The Phisher’s Playbook’?

Leveraging my colleagues’ and my offensive cyber backgrounds, and addressing the growing need to identify and protect from phishing attacks, BitDam has recently published ‘The Phisher’s Playbook’. The playbook covers the attacker’s perspective when planning and generating phishing attacks.

You can download BitDam’s Phisher’s Playbook by clicking here or the image below!




What was the driver for it?  

Phishing attacks are on the rise and get more sophisticated all of the time. They pass through many of the popular defenses and land in the victim’s inbox. From that point onwards, one weak link in the chain is enough to compromise an entire organization. All that is needed is that one end-user who will click the phishing link and enter their credentials and the bad guy is in.

I believe that the first step on the way to beating your enemies is to understand them and how they think, their goals and what motivates them. This is the reason we created this playbook, which gives the reader a glimpse into the hacker’s mind. The playbook covers how attackers select their prey, how they decide what credentials to go after and which brands to impersonate, where they host their phishing webpages, how they build trust with the victim and what they then do with their treasure once they get it. The playbook also talks about popular evasion techniques and uses examples from the real world.


Give us one tip on how to protect from phishing emails.   

I must say that even the most educated people on phishing find it hard to identify phishing attacks sometimes, because attackers use so many tricks…so my first tip would be to deploy a well performing security solution that would protect your email, as well as other collaboration platforms such as cloud drives and instant messaging. Education about phishing is important but it can’t replace technology.

Assuming that you would still try to educate users, my most important tip would be: If you receive an unexpected link in an email, check it before you click it. And if it asks for information or personal details, never enter those!


What have you learnt? 

In the past year or so, we realized that attackers respond very quickly to changes, especially when it comes to attack surfaces. The massive adoption of tools like Zoom and Teams that occurred at the outset of the pandemic, was immediately followed by threats targeting these widely used platforms.

Very quickly, we started seeing an increase in the number of attacks that were sent via these business collaboration tools leveraging their popularity to introduce new attack vectors.

I think that all of us have learnt that, we too, should be faster when it comes to securing new platforms, because as soon as we use a new collaboration tool, the bad actors take advantage of it and the new tool becomes a new attack vector.


What are your plans for growth? 

We are working with a variety of partners – from distributors, through resellers and VARs, and all the way to MSPs – in order to enhance our reach and scale the business. Last year we were focused on enterprise only, and as we grow, we have expanded to new vertical such as SMEs and MSPs. We are planning to keep going in this direction, enhancing our engagements with MSPs and MSSPs. In addition, we are planning to continue expanding into new geographies and regions.

In addition to that, we’re always thinking of how to improve our product and make it more comprehensive, covering different types of threats and about additional collaboration platforms to ensure our customers are secure.