Israeli cyber-security start-up CyberArk appeared Thursday to be about to announce its long-anticipated initial public offering. According to industry sources, CyberArk embarked on an IPO roadshow this week, meeting with bankers and investors who are prepared to help the company go public “imminently.” The campaign follows reports Wednesday that the company had set terms for a $75 million IPO, in which it would offer 5.4 million shares at a price range of $13 to $15. Based on the midpoint of that range ($14), the company would be worth about $470 million.
Under rules set by stock authorities, the company was unable to discuss the matter. The company is led by CEO and President Udi Mokady, who established the network security and compliance company in 1999. Notice that an IPO would be offered was submitted to the NASDAQ stock exchange in January.
Petah Tikva-based CyberArk specializes in protecting “privileged accounts” on corporate servers, according to Chen Bitan, vice president for R&D at the company. “According to international research firm Deloitte, 100% of sophisticated attacks used privileged accounts to get into critical systems. We prevent attacks simply by choking off access to these accounts, denying hackers the opportunity to use them to break into systems,” he told The Times of Israel.
Privileged accounts are computer system user accounts that have extra privileges so that owners of those accounts can control important aspects of a server or network. Large computer systems, especially those that have been around for years, usually contain many such accounts that are no longer in use. System administrators often set up these accounts for special purpose “missions,” such as trying to override a glitch in software in order to get out an important report, without being bound by system restrictions. The accounts may have also belonged to former employees who were given administrative rights to make changes on a server.
That can be a ticket to trouble. Sometimes administrators forget to delete these accounts after putting out the fire – and there they remain, waiting to be exploited by someone who guesses the password, which is often a simple one, thrown together quickly and designed to be easy for the boss to remember. Often these accounts stick around well past their “due date,” and hackers can try cracking them with no one even noticing, because those accounts aren’t being watched closely.
CyberArk chokes off the possibility that privileged accounts will be abused by identifying and cutting off access to the accounts. The system sets up a policy on user accounts that forces users to change passwords on a regular basis, including dormant privileged accounts. In addition, the system sets up a “safe zone” for data to be managed when accessed from an account. The only data a user can manipulate is data inside the safe zone, said Bitan, and that data is not written to saved server files until it is checked and rechecked for malware. The software also looks for suspicious activity, alerting administrators on what is going on and allowing them to intervene at any time.
“Our system isolates the privileged session from the rest of the network and keeps it away from the system until it is thoroughly analyzed,” said Bitan. “Thus, all work sessions using accounts CyberArk monitors remain isolated, and the credentials for an account – its password, etc. — remain isolated as well, so even if a hacker is copying the data using a keylogger or other malware, the only data they can access is that of the session itself, and not anything more on the server.”
In the business, CyberArk is considered the world leader in detecting and defending hacker attacks via privileged accounts, with many Fortune 500 customers around the world. Investors in the company include Seed Capital Partners, Cabaret-ArbaOne, Jerusalem Venture Partners (JVP), JP Morgan/Chase Partners and Vertex Venture Capital. In December 2011, CyberArk received a $40 million investment round led by Goldman Sachs and JVP.
According to the SEC filing, J.P. Morgan Securities and Deutsche Bank Securities are leading the filing. When the IPO is approved, the filing said, CyberArk will trade under the symbol CYBR.