Or Eshed is the CEO and co-founder of the cybersecurity startup LayerX, which recently announced its $7.5 million seed round. He sat down with Jessica Abo to talk about how his company developed a secure-browsing add-on and his advice for other cyber founders.
Jessica Abo: Or, can you first tell us what we need to know about browser security when it comes to our computers and our businesses?
The browser is about the place in which 80 to 90 percent of the business operates. Eighty to 90 percent of data moves through the browser, and also 80 to 90 percent of the text arrives through the browser.
And why do we need additional security for browsers? Aren’t Chrome and Safari safe enough on their own?
I’ll use the analogy of a car. The browser is like a car, and the car manufacturers are responsible to make sure that if the car crashes, it will be as secure as possible in order to provide safety to the passengers inside. But still, you would like to make sure that the driver is also driving with caution and being compliant with how to use the road, et cetera. So it works the same way. The browser is a nearly capable tool. It provides a lot of freedom to users and also to the attackers on the other side. So browser security complements the browser with the ability to filter out content, actions, and risky sessions with the web. The browser companies are responsible for making sure that the browser will not collapse, won’t break, and won’t allow malicious code to sneak inside. But whenever there is a data exchange between the user and the world, this is outside of the scope of Chrome and Safari. This is where we come into play.
How did your background play a role in creating LayerX?
My partner and I know each other from our military service. We were both information worker specialists and worked for years on browser security from both sides of the barricade. Basically, our expertise was how operations are being run over the browsers and over the web because the web is the marketplace for everything today in cybersecurity. I was working for years in the cybersecurity industry and everywhere I was working, no matter what the profession was, every breach and every incident went to how users consume the web. And we were fascinated by why there is no good enough technology for that problem because so much is happening when users go online.
How does your product work?
What we do is deploy an extension to the browsers. It has full visibility into everything that happens inside the browser. We integrate with security systems in the organization, and identity providers like Okta, Google and Microsoft that allow access to sensitive systems and applications. And we’re able to monitor sessions and interactions of the user with the web. So we see everything that happens between the user and the web, and we’re able to detect risky behavior of both the user and the web itself because sometimes users have good intentions. They think that they upload data to where it should be, but it’s actually not where it should be. And that way we’re an application above the browser. You get the availability and the reliability, the same old experience of the browser itself, and we are just like an extra layer of protection. This is why we are called LayerX because we want to be this extra layer of security, but without disrupting anything.
What advice can you give to other cyber founders? What is the make-or-break factor when it comes to cybersecurity?
You need a lot of confidence and the ability to ask questions in order to be a first believer in something new. And I think in cybersecurity, you understand how the attackers work because they have their own high cycle and they have their own business model and they have their own friends. And you need to understand how they think to get into the mindset of the attacker, but also to understand the limitations and the actual reality in organizations. A lot of cyber security companies, and you’ve got about thousands of companies, they ask your organization to change in order to fit their approach to security. There are so many solutions that ask customers to adapt themselves for the solution, and we saw an opportunity to adapt ourselves to organizations in order to bring as much value as possible. Think of how we can bring the security value we want to a reality in which every organization can continue it.