Seculert is a cloud-based cyber security technology company based in Israel. The company’s technology is designed to detect breaches and Advanced Persistent Threats (APTs), attacking networks. Seculert’s business is based on malware research and the ability to uncover malware that has gone undetected by additional traditional measures.

In 2012, the company was named one of the hottest new security start-ups by The New York Times, and a finalist in the SC Magazine awards for Rookie Security Company of the Year.


Seculert was founded in 2010 by former RSA FraudAction Research Lab Manager Aviv Raff, former SanDisk Product Marketing Manager Dudi Matot and former Finjan VP of Operations Alex Milstein. In 2011, the company launched their first offering, Seculert Echo. Their Seculert Sense, traffic log analysis, was released in October 2012. At the RSA Conference in February 2013 Seculert unveiled the Beta version of Seculert Swamp, a malware analysis sandbox.

Seculert is privately funded and headquartered in Petah Tikva, Israel. In July 2012, the company announced $5.35M in venture funding from YL Ventures and Norwest Venture Partners. In July 2013, Seculert announced that they raised an additional $10 million in Series B funding from .

Notable alerts

In January 2012, Seculert discovered that Ramnit started targeting Facebook accounts with considerable success, stealing over 45,000 Facebook login credentials worldwide, mostly from people in the UK and France.

In March 2012, Seculert reported that Kelihos botnet, which was distributed as a Facebook worm, was still active and spreading.

In July 2012, Seculert, in conjunction with Kaspersky Labs uncovered an ongoing cyber espionage campaign targeting Iran and additional Middle Eastern countries dubbed Mahdi (malware).

In August 2012, Seculert, Kaspersky Lab and Symantec revealed the discovery of Shamoon, a sophisticated malware that attacked Qatar's natural gas firm, Rasgas and the Saudi Arabian Oil Company, ARAMCO.

In December 2012, Seculert uncovered Dexter, a new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and additional businesses. Most of the victim businesses were English-speaking, with 42 percent based in North America, and 19 percent in the U.K. Dexter infected systems running a variety of different versions of Windows, including XP, Home Server, Server 2003, and Windows 7.

In January 2013, Kaspersky Labs (KL) revealed a cyber espionage operation dubbed Red October. The next day, Seculert identified a special folder used by the attackers for an additional attack vector. In this vector, the attackers sent an email with an embedded link to a specially crafted PHP web page. This webpage exploited a vulnerability in Java, and in the background downloaded and executed the malware automatically.

In January 2014, the Seculert Research Lab identified a new targeted attack that used Xtreme RAT. This attack used spear phishing emails to target Israeli organisations and deploy the piece of advanced malware. To date, 15 machines have been compromised including ones belonging to the Civil Administration of Judea and Samaria.

The Dyre Wolf malware campaign made in early April as a banking trojan that bypassed 2 factor authentication in order to steal over $1 million from corporate bank accounts.


  • 2013 Rookie Security Company, Awards Finalist - SC Magazine
  • 2013 Red Herring, Europe Finalists

Automated Breach Detection Product

Several detection and protection technologies are combined in a cloud-based solution that works to identify new cyber threats.

Automated Traffic Log Analysis is a cloud-based analysis engine that leverages HTTP/S gateway traffic logs collected over time, analysing petabytes of data to identify malware activity. It automatically identifies unknown malware by detecting malicious patterns and anomalies. Seculert Traffic Log Analysis pinpoints evidence of targeted attacks.

Elastic Sandbox is an elastic, cloud-based automated malware analysis environment. The Seculert Elastic sandpit includes automatic analysis and classification of suspicious files over time. It analyses potentially malicious files on different platforms and can simulate different geographic regions. The Seculert Elastic Sandbox generates malware behavioural profiles by crunching over 40,000 malware samples on a daily basis and by leveraging data from its crowdsourced threat repository.