The Internet of Things is growing at breakneck pace and may end up representing a bigger economic shift in networking than the Internet itself did, making security threats associated with the IoT a major concern.
This worry is reflected by investments being made in startups that focus on stopping threats to the IoT, the industrial IoT (IIoT) and the operational technology (OT) surrounding them.
The 10 young companies profiled here are developing everything from IoT intrusion prevention tools to IIoT/OT cybersecurity suites to firmware-hardening services. As cyber-attackers shift their focus to the IoT, startups like these may well end up being your first line of defense.
Bayshore Networks
What they do: Intrusion protection for IoT
Year founded: 2012
Funding: $14 million
Headquarters: Durham, N.C.
CEO: Kevin Senator, who previously served as VP of Sales and GM of SaaS Sales for Cal Amp
Problem they solve: Industrial network operators don’t typically have the internal expertise to effectively handle the security threats that continuously hit their networks. Many operators rely on IoT visibility tools to monitor risks, but those tools don’t actually provide real-time active protection against threats to their OT environments.
How they solve it: Bayshore Network’s industrial cyber protection software provides real-time, per-asset intrusion prevention throughout an industrial network. Bayshore appliances are deployed inline as a transparent bridge, so there is no need to rebuild all the of the IPs for the plant.
Bayshore’s security suite is built on top of a policy engine that works at the byte level. It ingests packet streams via their native protocols, disassembles them into a set of parameters and metadata, and then applies policy controls. These can be simple signature-based checks or the policies can be context-sensitive.
Bayshore’s policy engine breaks down all the messages sent to a device, organizes the contents into logical containers and applies rules on a per-value basis. It can also apply external parameters via logical constructs. So, for example, an industrial customer might use Bayshore to apply virtual segmentation such as: Source IPs from subnet-A might be allowed to perform read and write operations, but IPs from subnet-B can only do reads.
Bayshore can also apply context-sensitive actions where the context is defined as an amalgam of known baseline ranges – such as how hot an oven should run – and external threat conditions – such as an uptick in blocked activity targeting the oven’s PLC from external users.
Competitors include: Cisco, Palo Alto Networks, Tenable, Symantec and startups including Claroty, Nozomi Networks, Indegy and CyberX
Customers include: AT&T, GE, Kimberly Clark Corporation, Yokogawa
Why they’re a hot startup to watch: For a seven-year-old company, Bayshore Networks has a modest amount of funding. However, it has something even more important than eye-popping VC rounds: named customers – big ones.
The senior leadership team has a track record of successful exits. CEO Senator and CPO Toby Weir-Jones were both in management positions at Counterpane when it was acquired by BT. Other exits include Bluecurve’s sale to Red Hat (Senator) and ValiCert’s IPO (Weir-Jones).
Claroty
What they do: Provide security for OT networks
Year founded: 2014
Funding: $93 million
Headquarters: New York, N.Y.
CEO: Amir Zilberstein. He formerly co-founded Waterfall Security Solutions and Gita Technologies
Problem they solve: As cyber-attacks explode in volume and become increasingly complex, the shortage of IT skills in OT environments is becoming a massive risk.
Not only are OT networks vulnerable to new, evolving attacks, but many industrial control systems (ICS) networks also lack even basic intrusion prevention, allowing potential attackers to case out networks undetected long before launching attacks.
How they solve it: Claroty’s IIoT cybersecurity platform discovers and eliminates vulnerabilities, misconfigurations and insecure connections in IIoT and OT environments. The Claroty platform offers granular visibility into IIoT and industrial control networks – understanding a device’s function in the network, its relationship to other devices and details about its layer 7 traffic – to improve uptime and enable a proactive security posture.
Its flagship Continuous Threat Detection platform provides real-time threat detection, including anomaly and signature-based detection. It establishes a real-time view of the network topology, including connections and traffic flow for both Ethernet and serial networks.
Continuous vulnerability-monitoring capabilities help operators uncover and remedy network configuration issues, while also discovering assets with known vulnerabilities. The platform can automatically generate current-state views of OT process communications, which enables it to automatically determine network segmentation strategies.
Claroty enables secure remote access with policy- and workflow-based access control and session monitoring. It can be integrated with common cybersecurity products, such as those from Cisco, Check Point and Splunk.
Finally, Claroty can be deployed in extremely remote, bandwidth- or compute-constrained environments. It relies on a sensor-based architecture to adapt to such use cases as protecting electric transmission lines, and oil and gas pipelines.
Competitors include: Cisco, Palo Alto Networks, Tenable, Symantec, Bayshore Networks, Nozomi Networks, Indegy and CyberX
Customers include: None publicly disclosed.
Why they’re a hot startup to watch: Claroty has raised an eye-popping $93 million in funding, including a $60 million Series B announced in June 2018. The round was led by Temasek and included Rockwell Automation, Aster Capital, Next47, Envision Ventures and Tekfen Ventures. Original investors Bessemer Venture Partners, Team8, Innovation Endeavors and ICV all participated in the round, as well.
The senior leadership team has relevant industry experience, holding management positions at Siemens, NextNine Cyber Security, Optiv and IBM. The founding team also served in various cyber-defense roles for Israeli Defense Forces.
Former NSA Director and Commander of the U.S. Cyber Command Michael S. Rogers is chairman of the company’s board of advisors.
The company has inked strategic deals to serve as the preferred IIoT security provider for Siemens, Schneider Electric and Rockwell Automation, and expects that soon more than half of its revenues will be generated by these partnerships.
CyberX
What they do: Provide IIoT and ICS cybersecurity software
Year founded: 2013
Funding: $48 million
Headquarters: Waltham, Mass.
CEO: Omer Schneider. Prior to co-founding CyberX, Schneider spent more than seven years as a commander in the Israel Defense Forces where he led a blue-team cybersecurity unit tasked with protecting critical national infrastructure.
Problem they solve: IIoT creates an attack surface of billions of online devices, and the increased connectivity between IT and OT networks brings previously isolated environments online as well. This introduces new risks, such as downtime from software failures and dangerous cyber-physical safety incidents.
How they solve it: CyberX’s agentless platform enables organizations to continuously auto-discover and fingerprint unmanaged IIoT and ICS devices and networks. The platform monitors production networks for destructive cyberattacks, and its ICS-aware threat analytics and machine-learning technology protect against zero-day threats.
CyberX uses passive monitoring and network traffic analysis to provide deep, real-time visibility into IIoT/ICS networks without impacting performance. Delivered as a preconfigured physical or virtual appliance, CyberX says its platform can typically deliver actionable insights less than an hour after being connected to the network.
The platform gathers information about organizations’ IIoT and ICS devices, including manufacturer, device type, firmware version, protocols, etc. It updates operators on vulnerabilities and risks, and produces an overall risk score with mitigation advice. It reports on unpatched CVEs, rogue devices, unauthorized connections to the Internet, unauthorized subnet connections to IT networks, vulnerable firewall rules, unauthorized WAPs and more.
CyberX provides automated threat-modeling to predict the most likely paths attackers would take to compromise an organization’s assets. Security analysts can then simulate mitigations, such as patching and segmentation, to eliminate these attack paths, before deploying them.
Competitors include: Check Point, Symantec, McAfee, Darktrace, Tenable, Indegy, Armis, Sentryo, and Claroty
Customers include: Teva Pharmaceuticals, Scotia Gas Networks, Adani Power, First Quality Enterprises and Deutsche-Telekom
Why they’re a hot startup to watch: CyberX hits the trifecta:1) they have big VC backing; 2) a strong leadership team with an extensive track record of exits (the senior leadership’s exit experience includes Rapid7’s and Check Point’s IPOs, the sale of Guardium to IMB, and HP’s $1.5B acquisition of ArcSight); and 3) an impressive list of named customers.
Edgeworx
What they do: Provide edge management and security software
Year founded: 2017
Funding: An undisclosed amount of seed funding from Samsung NEXT, Sequoia Seed and CloudScale Capital Partners
Headquarters: San Jose, Calif.
CEO: Kilton Hopkins, who was previously IoT Program Director for Northeastern University
Problem they solve: As edge devices explode, businesses struggle to integrate their many one-off, stove-piped IoT and industrial control solutions, many of which run on dedicated hardware. Facing massive volumes of data, increasingly complicated security threats, and the need for real-time processing to keep operations running smoothly, industrial companies need a way to migrate, manage and secure computing at the edge.
How they solve it: Edgeworx ioFog software is an edge-computing application platform that provides a standardized way to develop and remotely deploy secure microservices to IoT devices. Edgeworx developed ioFog as an open-source platform (now managed by the Eclipse Foundation) and continues to contribute to its development and innovate around it.
According to Farah Papaioannou, the company’s co-founder and president, ioFog enables “bring your own edge” computing, with ioFog turning any hardware into a connected device. ioFog handles the deployment and management of multiple edge devices or nodes across multiple networks. Since each device may require its own microservices, ioFog automatically manages device discovery, network configurations and data routing.
As it builds services around ioFog, Edgeworx is focusing on security as a big business driver. Edgeworx argues that traditional cloud-based public-key infrastructure does not work at the edge due to device, network and legacy constraints.
ioFog’s Pure Edge Security feature is blockchain-based and turns each node into a trusted device. It continuously monitors edge devices, validating a set of security rules with each node, searching for minor deviations or signs of rogue nodes. When a rogue node is found, it is automatically quarantined. If rogue nodes do not pass stringent security checks to re-enter the network, they can be remotely wiped of all software and data.
The Edgeworx business model focuses on customizing edge services, including running ioFog as a managed service. The startup is also building up a microservices marketplace around ioFog, enabling developers to monetize their own microservices and edge applications.
Competitors include: ioTium, NanoLock and Particle
Customers include: None publicly announced.
Why they’re a hot startup to watch: The complexity of securing and managing the explosion of connected devices creates a massive opportunity for open-source, standardized solutions. Just as the open-source mobile OS Android enabled Google to accelerate its mobile business, ioFog and Eclipse could make ioFog the default OS of the edge.
ioTium
What they do: Provide software-defined infrastructure for IIoT
Year founded: 2015
Funding: $22 million
Headquarters: Santa Clara, Calif.
CEO: Ron Victor, previously VP of marketing and business development for Wireless Industrial Technologies
Problem they solve: Connecting millions of legacy industrial assets to cloud-based applications can create a massive security risk. Organizations need to connect massive numbers of dated assets, but most lack the proper expertise and infrastructure to do so in a secure fashion.
How they solve it: ioTium’s IIoT network infrastructure software helps organizations securely connect millions of industrial assets to cloud-based applications. Delivered as a managed service, ioTium’s software collects data from legacy mission-critical brownfield machines and sends it to greenfield applications residing in public, private and hybrid clouds.
ioTium has a three-pronged approach to security – protecting the asset, securing the data and isolating every data stream within the backhaul infrastructure. ioTium first automatically discovers devices and establishes a secure perimeter around the industrial environment and then provides secure connectivity to cloud apps.