The recent DDoS attacks that were all over the news turned out to be caused by amateur hackers that used Internet of Things (IoT) devices to attack a company that provided key services to many popular websites. We talked about DDoS protection software as a possible solution but the real problem is that there are many unsecured IoT devices and we need a bigger focus on IoT security. Before we talk about 19 companies offering IoT security solutions, let’s take a closer look at what the problem is.
For those of you that are old school, this is going to bring back some memories. Back in the day, being a “hacker” wouldn’t put you on a terrorism watch list so it was something a lot of us tech nerds did to show off our technical prowess. What we’d do is setup our 14,400 baud U.S Robotics Sportster fax modem to “demon dial” an exchange of numbers.
Let’s say that a random local telephone number was 655-2331. What we would do is auto-dial every single number in the 665-XXXX exchange (so 999 numbers). If we received a connection signal, the demon dialer would record the number, but most the time we’d just hear a groggy voice saying hello… hello??? Once we had a connection, then we’d figure out what sort of system was on the other end, what protocols it supported, and then try to hack into it using various default admin passwords that we hoped hadn’t been reset. Fast forward to today and that’s pretty much how people are hacking IoT!
What you can do is find exposed IoT devices and then try the default factory passwords because most people don’t reset them. Once you have hundreds of thousands of devices under your control, you can then use them to perform a coordinated attack on any website. IoT security is potentially a huge market and as you would expect, everyone and their brother is trying to get a piece of it. Here’s what the IoT security spending forecast looks like:
We previously wrote about 9 hot cyber security startups and one of them, Forescout, has taken in $121 million to develop a solution for the “Insecurity of Things” which is used by companies to identify devices connecting to a firm’s network including IoT devices. In addition to Forescout, here are 18 more companies offering IoT security solutions to try and capture a piece of that spend.
Founded in 2004, San Francisco based Mocana has taken in $65.26 million to develop a “security of things” solution which is starting with the mobile market. Mobile phones are the largest category of connected devices at the moment, but will be exceeded by IoT sensors and devices in 2018. Over 200 major globally-recognized OEMs have integrated Mocana security into their offerings. None of the Company’s engineering is outsourced overseas for security reasons and the platform supports 35 operating systems and 70+ CPUs.
Founded in 2013, Israeli startup Argus Cyber Security has taken in $30 million in funding to develop security solutions for connected automobiles. Car connectivity is a rapidly growing market and the Argus technology platform, either embedded or aftermarket based, already supports advanced safety features and improved passenger experience which will enable the autonomous car. Nobody wants to be driving in an autonomous car when some malicious hacker decides to take control over it.
Founded in 2013, Israeli startup ThetaRay has taken in a total of $25 million in funding from investors like Alibaba and General Electric to develop a security solution that uses machine learning and big data to identify anomalies in all kinds of domains. Their initial focus appears to be financial services and the Industrial Internet (no surprise there with GE backing them). Here’s a nice looking diagram that you can mull over for a while:
Essentially these guys are using math to detect cyber threats and the cool thing about that is you can apply this sort of technology across all sorts of domains, not just IoT security.
Old school techies will understand the name “PWNIE” and those of you that don’t get it should have played more video games growing up. PWNIE Express has taken in $18 million to develop a value proposition that is quite easy to understand. A demo on the PWNIE Express website shows one of their employees taking his “briefcase of doom” into the heart of Boston to do some damage. With just a laptop and some cheap hardware, he managed to do all kinds of naughty things like clone building access passes, steal credit card information, and even access wireless cameras. Just to make sure to pound that home even more, PWNIE Express offers a report on the “Internet of Evil Things” that has some great bits of information like the following:
When we talk about IoT security, it’s not just beacons and smart home devices. It’s any sort of device anywhere that has the ability to communicate wirelessly and from the above chart, we can see this this is a very broad scope. PWNIE Express does a great job of telling you how scary the problem is then selling you a solution that detects rogue devices and then rights them.
Founded in 2014, Israeli startup Indegy has taken in $18 million in funding to develop security solutions for industrial control system (ICS) networks. General Electric coined the term “Industrial Internet” to describe IoT when applied to complex industrial processes like power generation, oil transportation, and utilities. This still falls under the scope of IoT security, but the types of attacks would be different in that they would be more related to national security. The Indegy platform provides visibility and control over ICS networks, an area that 92% of manufacturers are concerned about.
Founded in 2012, San Francisco based Rubicon has taken in $13.2 million in funding to develop what they refer to as a unique combination of the three C’s: Cryptography + Cloud + Control which means they provide two-way authentication between IoT devices and the cloud. Funders have impressive pedigrees with successful past productizations at Apple, Pixar, Adobe, Hewlett Packard, and Broadcom. Between the lot of them they have over 100 patents and have worked together as a team in 5 different companies. Everything points to these guys being able to deliver a superior product solution.
Founded in 2014, Atlanta based startup Bastille has taken in $11.5 million in funding so far to build a solution that addresses what they have coined as “The Internet of Radios”. They claim to have the first system to market that will actively scan the “airspace” of an organization and provide visibility into every radio-frequency-emitting device. Here’s a look at how that device works along with the patent filed to protect it:
In one example they describe “keysniffers” that can remotely read what is typed by wireless keyboards up to 250 feet away and there’s nothing you can do about that except throw the keyboards away. The Bastille solution uncovers unknown threats like this and companies like Cylance are already using the technology. If you recall, Cylance is that cyber security firm we discussed before that uses artificial intelligence to detect viruses as opposed to the traditional way of having to download virus signatures.
Founded in 2012, Massachusetts based CyberX has taken in $11 million in funding to develop a security solution for the “industrial internet“. The founders are veterans of the Israeli Defense Force (IDF) Elite Cyber Security Unit and their “plug and play” solution analyzes each network and builds a picture of all the devices and how they communicate. CyberX then uses their patented award-winning machine learning technology to detect unfamiliar activities.
Founded in 2012, Atlanta based IoT security startup Nexdefense has raised $8.15 million to develop a commercially available security solution called Sophia which empowers automation and control system operators in critical infrastructure and defense facilities. Since 2011, Sophia has been beta-tested by more than 70 organizations in these industries. Their patent-pending Industrial Network Anomaly Detection (INAD) system is the result of extensive collaboration with the United States Department of Energy.
Founded in 2012, New York based Bayshore Networks has taken in $7 million to develop an IoT security solution for the Industrial Internet. These guys have developed a cloud based IT/OT Gateway that inspects and filters industrial data. Here’s some more nomenclature you can throw around at the next company party. OT refers to “Operational Technology” which is where a computer changes the physical state of something (like shuts down an oil pipeline or changes a railway track). IT or “Information Technology” refers to all that big data we know and love. Now let the two converge and we call that IT/OT Convergence. That’s where its at man.
Founded in 2015, Israeli based startup Karamba Security just closed their Series A funding round of $5 million to develop an IoT Security solution called “Carwall” that targets the Electronic Control Units (ECUs) within automobiles and ensures that all cars are protected (not just autonomous cars). Vehicle software consists of tens of millions of lines of code and this domain is ripe for abuse. Since emerging out of stealth mode in April of this year, they have completed technology proof of concepts with several industry Tier-1 providers.
Founded in 2004, Connecticut based SecureRF has taken in $3.82 million to develop a technology that secures IoT. Like their name implies, they address all devices that communicate via radio frequencies (RF) and they emphasize that their lightweight solution is hundreds of times faster than today’s commercially available platforms. The value proposition here is providing a cryptography solution that works within the space and time constraints of the low resource computing environments that make up the world of IoT.
Founded in 2008, UK based Device Authority is the result of two companies that merged (Device Authority and Cryptosoft) and that now offer an IoT security solution that addresses IoT verticals like industry, automotive, and healthcare. Just several weeks ago they closed a $3 million funding round and count quite a few big name companies as their partners. Their D-FACTOR Authentication engine is protected by quite a few patents, the likes of which that can be seen here.
Founded in 2014, Silicon Valley based Zingbox has taken in $1.5 million in funding to develop an IoT security solution that targets healthcare and the industrial internet. Lots of cool info lives on their website where they talk about an innovative IoT security platform called the “Zingbox IoT Guardian” that uses machine learning to automate device discovery, network behavior profiling, and anomaly detection.
Founded in 2010, Virginia based PFP Cybersecurity has taken in $225,000 in seed funding to work on an IoT security solution that uses “power fingerprinting” to identify intrusions. The idea is that all devices use power when engaged so that if you monitor power usage you can easily identify unexpected behavior. Their solution is offered at a firmware level or as a cloud based solution.
Founded in 2016, California based Zitovault is developing a cloud-based IoT security platform that addresses a range of applications from smart homes to industrial IoT. The Company’s patent protected software focuses on scalability while maintaining a lightweight footprint on the client’s side. Pricing appears to be scaled as well so that small businesses can adopt the solution as easily as large enterprises. Zitovault took an undisclosed amount of seed funding round from a private investor and is expected to announce a meaningful Series A funding round shortly.
Founded in 2014, Japanese startup Trillium has taken in an undisclosed amount of funding to develop a complete solution for automotive IoT security. In early 2015 they delivered their IoT security platform called “HeavenZ” to an automotive Tier One and consumer OEM. Japan makes some damn good cars so selling an IoT security solution over there makes a whole lot of sense. Their entire solution is software based and hardware agnostic.
Founded in 1992, Iowa based Icon Labs isn’t actually a startup but we thought they were still worth a mention. Icon Labs is a privately held company that has been providing solutions for embedded OEMs since 1992 and has more than 100 customers worldwide. Their IoT security solution is something that you would actually build into devices as opposed to adding as an afterthought.
Looking to buy shares in companies before they IPO? A company called Motif Investing lets you buy pre-IPO shares in companies that are led by JP Morgan. You can open an account with Motif with no deposit required so that you are ready to buy pre-IPO shares when they are offered.