An Interview with Aviv Grafi, CEO & Founder, Votiro

November 7, 2019
Aviv Grafi, CEO and Founder of Votiro

This month, we feature an interview with Aviv Grafi, CEO and Founder of Votiro, an ICE71 SCALE startup. Read on to gain interesting insights from Aviv, including how Votiro came about and what attracted the startup to grow its footprint here in Singapore.

Q: How did Votiro come about?

I served in the Israeli Military’s famous 8200 signal intelligence unit, and there I was involved in network security development, learning techniques I’d someday apply to digital assets. After my military service, I started Votiro as a penetration testing company, but I hit on the idea that you could fool today’s existing document security systems 100% of the time. All you had to do was send a document with malware in it, but change just a few things in the document’s elements to fool the existing signature-based document scanning technologies.

This worked in my testing. So, I thought, what if I do the opposite, that is: what if I took a document and broke it down to its elements and then reassembled a perfect copy? That would leave out any exploits or malware in the original weaponized document, and we wouldn’t have to bother with scanning the document. We could do thousands of more documents processed per second than today’s technology, which is looking inside the document for malware pattern embedded in it, or placing documents on quarantine in what’s called a ‘Network Sandbox’, which drastically slows down document throughput.

Understanding that weaponized documents are a real problem to any and every organization that sends or receives documents is what led me to invent the concept of Content Disarm and Reconstruction, on which our Disarmer product line is based. We own 15 patents in this area, and more are to be issued. In a nutshell, companies want the content, not the container. We did that, and, the rest, as they say, is history!

Q: Tell us more about Votiro’s File Disarmer, one of your flagship products. Could you share interesting use cases where your cyber solutions have made an impact and met your clients’ needs across sectors?

The Disarmer family of products are very simple to understand, which is one reason I believe we’ve been so successful with it: We simply take an inbound document, we take it apart to its elements and reassemble a perfect replica, and in doing that we leave out anything bad that was in the document.

That has so many advantages over today’s document security systems, because they are all looking for patterns or variations of existing threats. This works okay if the malware is a known one, but what about a new malware attack, sometimes called a ‘zero day’ attack? Existing document security products would likely not see them.

For us, it’s simple: by making a perfect replica of a document, it doesn’t matter to us what kind of virus or malware it was. We simply leave it out of the copy. This has the advantage of both much better protection than today’ solution, and much faster document processing, which is a productivity advantage.

The products are differentiated by the ways in which files are sent to a company: we have an email security product, a file server product for uploads, a client facing portal security product, and even a removable media protection product, that can scan USB devices and files before they’re allowed to be stored. We say that in this way, we provide you 360 degree protection: wherever the file enters your company, we have a solution to sanitize it.

For example, we recently won over a client which is a very large online loan company in the U.S. This is a company that lives and breathes by being able to process loans submitted to them by third parties. They of course had a document processing problem with today’s existing next generation anti-malware and sandboxing solutions. But, all of them failed their security and productivity tests, and they found us and gave us a trial. They told us they were amazed at the both the speed of our processing and our dashboard reporting, which allowed them to see exactly what was getting intercepted and replicated. It was one of our biggest wins.

Q: Singapore has become a vibrant startup hub in recent years. How do you see Singapore as an important footprint in Votiro’s business growth plans?

Singapore is such an important economy for us. First of all, it’s one of Asia’s largest and fastest-growing economies, which in itself is a good reason. But, Singapore is also a global financial center, which makes it extra attractive to us, as financial organisations are the number one users of cyber security-for obvious reasons. Plus, Singapore is famous for its regulations, and we thrive in a regulated environment. I think that’s because regulations at their core are meant to provide protection, and if you need to protect something you use the best technology possible. And, for document protection, that’s us.

And, let me add that we love doing business with Singaporeans, who are so friendly and such scrupulous business people. We love being here with our growing Singapore team, and I myself love to come and spend time with clients here.

Q: What can help a budding cybersecurity entrepreneur build a successful cyber company?

Validate early, pick one vertical to focus on, develop for productivity first, and demonstrate value early. The cybersecurity market is a noisy and crowded market, very much like one of the outdoor food markets in Israel. If you want to get noticed, you need to be able to show your quality quickly and with as few explanations as possible. And, let me add my personal motto: Whether you think you can, or you think you can’t, you’re right! Persistence is the key.