All Posts By

Ofer Amitai

Frontend Developer, Ra’nana, Israel

By | Careers | No Comments

Portnox is looking for an experienced frontend developer to join our team and lead our new product UI development.
Portnox provides next-generation network access control and management solutions that enable organizations to reduce risk and enforce security policy compliance with NAC On Premise and Cloud solutions.

We are a family and we work together to develop innovative and high end solutions while at the same time keep our work-life balance and our family atmosphere.

Your responsibilities will be:

  • To lead the development & design of our product new UI
  • Development and design of testing infrastructure

You have the following experience & knowledge:

  • At least 5 years’ experience in Frontend development
  • Experienced in RESTful services and API’s
  • Developed user interface in JavaScript, AngularJS and HTML5
  • Experienced with relational databases SQL Server – advantage
  • At least 3+ years working with: ASP.NET, MVC
  • You know CSS preprocessor (Less, SCSS, etc…)
  • Experienced with Backend network communications (WCF)

You have the following experience & knowledge

  • Looking for a place to that you will leave a mark, where you will impact directly on the product, the team and the customers
  • Independent, with a strong sense of ownership
  • Creative person that thrive from solving problems and deliver high-end solutions
  • A team player that likes to be a part of a family type team

We invite you to come work with us! Apply today.

Sales Development Representative, NYC Area

By | Careers | No Comments

Portnox seeks a hungry and energetic Sales Development Representative to provide pre-sales support for our growing sales teams in the U.S. and U.K. This role will report into the Director of Marketing, and will be responsible for generating new leads via cold calling, email, LinkedIn and more. Additionally, the SDR will be tasked with servicing inbound leads and related inquiries with a focus on engaging and initially qualifying all prospective customers.


  • Generate warm leads for Portnox account executives via cold calling, email and other channels
  • Respond, engage and qualify inbound leads and inquiries
  • Schedule demos and meetings for account executives
  • Work closely with Sales to develop account intelligence, use case opportunities and more
  • Hold intelligent and engaging conversations over the phone and via email
  • Act as the subject matter expert on Portnox product offerings


  • Demonstrated ability to collaborate with a distributed sales team
  • Capability of understanding customer pain points and requirements
  • Strong communication skills – written, verbal, presentation
  • Ability to manage numerous requests and time demands concurrently
  • Promotes a strong sense of urgency for reaching goals and key deliverables
  • Team player than can quickly understand the team dynamic
  • A desire to “win” both individually and as a team
  • BA/BS degree in business, marketing or another relevant field

If you’re interested in honing your sales skills and making your mark within a growing company, we want to hear from you!

The Truth About MAC Spoofing

By | Network Security, Threat Detection and Response | No Comments

The threat behind MAC spoofing

When implementing any insurance policy, you need to start with estimating the level of risk, the probability of that risk, and the potential damage should that risk become a reality.

One of the network risks that is often presented to demonstrate the ineffectiveness of 802.1x solutions is the ease of bypassing modern network access control (NAC) by using MAC spoofing. Usually, this involves spoofing the network printer or other vulnerable device.

Now, let’s put aside the fact that network printers today can support certificate or credential-based authentication, and that certain products have remedies against such attempts even when the authentication is based on MAC.

Let’s consider: is MAC spoofing a legitimate threat or an exaggerated, manageable flaw?

But before I try to analyze this risk, I want to point out the biggest advantage a NAC solution can give an organization to cope with modern cyber security threats: the ability to apply dynamic segmentation based on device type or identity.

Without going into too much detail, NAC is one of the only systems that can help you prevent lateral movement, indirectly allowing you to identify breaches and directly helping you to prevent the compromise of your crown jewels.

The threat landscape

Here are some of the most common adversaries when it comes to MAC spoofing:

  • The employee – a disgruntled current or former employee
  • The guest – a contractor, customer, patient, etc. who physically visits your organization for a period of time
  • The hacker – a malicious person trying to attack your network and steal information, causing harm to your organization

And here are the most common attack surfaces:

  • Wifi
  • Wired, ethernet switches

One caveat: most wifi environments contain managed devices. So, for devices that do not have an 802.1x supplicant, and thus does not support certificate-based authentication (or credentials based), it is easy to setup an isolated segment and significantly lower the risk of attack.

As such, we’ll put our focus on examining wired environments, and how they’re vulnerable to the above adversaries.

Adversaries in-depth

Let’s be clear – MAC spoofing requires some technical knowledge to execute, which the non-technical lay person typically does not possess. Those doing it know what they’re doing, and they know it’s wrong.

With that said, it’s important to point out that a lot of damage is caused by the unintended – i.e. people clicking on a link in an email, deleting the wrong record or file, or even dropping a laptop into a pool.

The employee

Employees should be trustworthy. If they’re not, cyber security is likely not your problem. But, when someone is fired, laid off, or even just mistreated at work, there always exists the potential for them to hold a grudge. It’s human nature.

Disgruntled employees can pose a big risk. If an employee still works for an organization and he/she is determined to do damage, that’s a problem that’s nearly impossible to prevent. The network connection alone is not going to stop he/she from stealing data or worse. This individual likely already has access through other corporate devices and the credentials to access whatever data he/she wants.

At the end of the day, however, this individual’s risk of MAC spoofing can be categorized as “very low” with “low” probability and “low” potential for damage. The reason being is that the potential damage done is not necessarily related to network connection. The first line of defense against a disgruntled current of former employees is physical barriers – i.e. locked doors and other physical security.

The guest

A guest visiting your office might want to connect to your network. Most likely, this guest will not go to great lengths to hack your network if they are initially blocked. By supplying a guest network, such as a guest wifi, you will effectively eliminate that risk all together. Thus, like the employee, this individual’s risk of MAC spoofing can be categorized as “very low” for both probability and damage.

The hacker

A hacker will need physical access to your network in order to do his/her job. Today, spearhead attacks can enable hackers to access your networks from afar. Doing so, however, typically requires some sort of motive.

This motivation is often dependent upon the type of business you operate. If you’re in military and defense, for example, you likely have a higher than average risk of being the target of such an attack. The same going for banking and financial services, healthcare and any other industry with highly sensitive and confidential data.

For most organizations, the threat of physical access hacking is typically low, while the potential for damage could be high. Should a retailer fear physical burglary just because a new device has connected to its network? I think not.

In conclusion

For most organizations, the risk of MAC spoofing is almost non-existent. This is usually fairly easy for an auditor to demonstrate, and would appear as part of a comprehensive security report. So in reality, the perception of the threat is that it’s a much larger problem than it actually is.

You can also prevent MAC spoofing by implementing stronger authentication methods that are fairly common today. One of the major roles of NAC is to provide secure authentication and authorization to the network. Thus, even if authentication is somehow breached, authorization serves as a second layer of defense that can limit access by putting potential individuals of risk in a specific “narrow” segment.

The segmentation of specific types of MAC-based devices is a best practice in NAC. Even if spoofing occurs, such a device won’t be able to access a particularly sensitive VLAN, such as those in Finance or HR, if proper segmentation has been established through your network security policies.

portnox pr logo

Portnox Introduces Okta SAML Integration for Cloud-Delivered Network Access Control Platform

By | press releases | No Comments

Integration of Okta with Portnox CLEAR delivers seamless & secure identity management solution for NAC platform customers

NEW YORK–Portnox, which supplies network access control, visibility and device risk management to organizations of all sizes, today announced its newest integration with Okta, Inc., the leading independent provider of identity for the enterprise.

“Our recent integration with Okta for improved IAM will make the self-onboarding process easier and more secure for new and existing Portnox CLEAR customers who already rely on Okta for single sign-on (SSO) and identity management,” said Tomer Shemer-Buchbut, Vice President of Product at Portnox. “Portnox CLEAR customers can now take advantage of our simplified, cloud-delivered NAC platform with a built-in integration with Okta – out of the box,” continued Shemer-Buchbut.

Portnox CLEAR is a cloud-delivered service for automated network visibility and access control management (NAC as-a-Service) providing control of IoT, as well as managed and unmanaged devices. The platform’s integration with Okta Universal Directory now allows Portnox CLEAR end-users to enroll their devices into CLEAR and connect to organizational networks using their corporate Okta accounts. Additionally, organizational administrators now have the ability to log into their CLEAR portal from their Okta user portal using SAML SSO.

“This integration signifies our commitment to improving and further simplifying the Portnox CLEAR user experience from start to finish,” said Portnox CEO, Ofer Amitai. “With Okta’s industry-leading Identity-as-a-Service platform, we’ve further strengthened the Portnox product offering and helped many of our customers extend their SSO requirements to their network security efforts,” added Amitai.

Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud enables organizations to securely connect the right people to the right technologies at the right time. With over 6,000 pre-built integrations to applications and infrastructure providers, Okta customers can easily and securely use the best technologies for their business. Over 7,000 organizations, including 20th Century Fox, JetBlue, Nordstrom, Slack, Teach for America and Twilio, trust Okta to help protect the identities of their workforces and customers.


Click here to watch a video demonstrating CLEAR’s easy set up

Portnox CLEAR – FREE Signup

Try Okta+CLEAR

Try Okta+CLEAR Self-onboarding

Sales Manager, San Francisco

By | Careers | No Comments

Portnox seeks a high-performance Sales Manager to join our sales team in the U.S. and to be our first representative on the West Coast!

You will be in charge of developing our customer base on the West Coast, with a focus on enhancing and tightening relationships with current customers and prospects. You will work with the sales, pre-sales and support teams to reach our growth goals and drive new business.


  • Create close connections with potential customers by cold calling, emailing & scheduling meetings in-person
  • Enhance current relationships with companies in the customer database by visiting them in person, maintaining phone contact & addressing issues as they arise
  • Maintain a strong understanding of Portnox products & the cybersecurity market as a whole
  • Present Portnox solutions at tradeshows & other large & small events to potential customers
  • Create new methods & strategies to reach monthly goals for new business & revenue
  • Provide customers & prospects face-to-face product demonstrations & teach the features & benefits offered by the company’s solutions
  • Become a valuable & helpful resource in all of your dealings, creating a friendly reputation for yourself & the company in the industry


  • Experience selling SaaS products in the cybersecurity or networking industries
  • Solution-selling background across multiple technologies & disciplines
  • Strong presentation skills & public speaking experience
  • Experience working with MSPs a plus
  • Business development & channel management experience a plus

If you’re interested in helping an emerging cybersecurity company reach new heights in a growing market, send us your CV!

portnox pr logo

Portnox Q3 2019 Revenue Surges 40% Year-Over-Year with Expanding SaaS Customer Base in U.S., U.K. & Beyond

By | press releases | No Comments

Cloud-delivered network security solution & subscription-based business continues to fuel revenue growth for cybersecurity firm

NEW YORK–Portnox, a leading provider of network access control, visibility and device risk management solutions, today announced that third quarter revenue for 2019 surpassed the same period for 2018 by 40%. Driving this year-over-year growth is the increasing adoption of Portnox CLEAR, the only cloud-delivered network access control (NAC) solution on the market today.

“We bet big on Portnox CLEAR and the SaaS business model,” said Portnox CEO, Ofer Amitai. “We knew that mid-market companies and large enterprises alike – particularly in the U.S. and U.K – would begin to demand cloud-delivered solutions for network access control. We’ve seen this prediction prove itself out over the last year or so, and we’re excited to help more and more organizations properly secure their network in the cloud and sleep well at night.”

Portnox CLEAR is the first cloud-delivered NAC-as-a-cloud-service solution that controls access using continuous risk-scoring of each endpoint; including mobile, BYOD and IoT, connecting from anywhere in the world. It is purpose-built to simplify the complexities associated with implementing NAC, while ensuring organizations have the necessary network visibility and access control mechanisms to protect against non-compliant and rogue devices that can introduce security risks.

In nearly every corner of the globe and across every sector and area of tech, cloud adoption is thriving – from SMBs all the way to large enterprises. In the U.S., 84% of enterprises have implemented a multi-cloud strategy, and spending on cloud services as grown 24% since 2018. In the U.K., cloud adoption among organizations has risen nearly 20% in less than five years. These figures shine a light on a massive transition off of on-premise software solutions to SaaS subscription models. As this new revenue stream grows, many vendors are shifting their focus to developing new cloud offerings, leaving fewer and fewer resources for legacy product innovation.

Earlier this year, Portnox was named Best Network Access Control Solution in Cyber Defense Magazine’s 2019 InfoSec Awards at the RSA Conference in San Francisco, CA. Portnox will return to the RSA Conference in February 2020. More recently, Portnox received the award for Most Valuable Vendor for MSPs (managed service providers) at MSPWorld 2019 in Las Vegas, NV. Since the start of 2019, Portnox has expanded its market focus beyond traditional business-to-business – now offering a comprehensive self-service, multi-tenant portal for MSPs to manage network security for their full portfolio of clients.