Skip to main content

IoT device security startup Sternum nabs $27M

cyber security, digital crime concept, data protection from hacker
Image Credit: anyaberkut / Getty Images

Internet of things (IoT) security and observability startup Sternum today announced that it raised $27 million in series B financing led by Spark Capital, with participation from Square Peg Capital, the Hinrich Foundation, Btov, and others. The round, which brings the company’s total raised to $37 million, will be put toward R&D as well as go-to-market efforts and geographic expansion, Sternum says.

There’s an estimated over 21 billion IoT devices in the world, a number that’s expected to climb as edge computing becomes a dominant paradigm in the enterprise. The growth makes IoT an attractive target for attackers, with SonicWall reporting that IoT malware attacks jumped 215.7% to 32.7 million in 2018 (up from 10.3 million in 2017). One source anticipates that spending on IoT security measures in response will reach $631 million in 2021.

Launched in 2018 by Natali Tshuva, Lian Granot, and Boaz Shedletsky, Sternum’s platform aims to help companies patch vulnerabilities and collect logs from IoT devices by leveraging binary analysis and instrumentation. Tshuva started her undergraduate degree in computer science when she was 14, and served in the Israel Defense Forces’ 8200 cybersecurity unit as a security software engineer before founding Sternum.

“While IoT devices are responsible for mission-critical tasks and are so wisely engineered to perform them, they’re … very limited in resources. Thus, they are ‘neglected’ in the sense that they aren’t … protected at the edge,” Tshuva told VentureBeat via email. “With the [Sternum] team’s combined knowledge of cybersecurity, the IoT and embedded market, reverse engineering, data intelligence, and leadership, I knew [could] create a unified infrastructure for every smart device around us and bring autonomous and advanced capabilities into those small, simple devices impacting our lives.”

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

Device detection

Sternum’s technology and software sensors embed inside devices, enabling them to become “self-securing” — even if they haven’t been updated — while collecting info at runtime execution. The Tel Aviv, Israel-based company processes the data in its cloud platform, collating behaviors and operations data during both development and in-field deployment.

Sternum’s embedded integrity verification confirms that apps haven’t been maliciously altered in some way, ostensibly preventing attacks before they’re exploited. Meanwhile, its real-time threat detection allows companies to respond to attacks, ideally as they’re occurring. According to Tshuva, Sternum has been successfully embedded into code that was written in 2013, powering capabilities including active mitigation and prevention, software and security alerts, and quality and performance root-cause analysis.

“It is refreshing to see asset- and fleet-centric security solutions starting to pop up,” Katell Thielemann, an analyst at Gartner, told VentureBeat via email. “For too long, cybersecurity has been IT-, data-, and information-centric. When it comes to cyber-physical systems born out of IoT programs, however, security strategies need to think beyond IT. That’s because these assets live in the physical world, but are controlled from the cyber world. So they live in a cyber-physical continuum of risk, threats, vulnerabilities and consequences.”

Sixteen-employee Sternum claims that its technology is already embedded in over 100,000 devices across “a number” of Fortune 500 businesses, including those in medical, manufacturing, and communications industries. In the next year, the company plans to expand the size of its workforce to 65.

“There has been a 400% increase in IoT device attacks in 2020, and we’re seeing more and more attacks involving IoT devices since the pandemic started,” Tshuva said. “Many attacks on enterprises began with an IoT device, which was used as an entry point to the enterprise network, because IoT devices are currently the weakest link in the chain of the enterprise assets. This led to higher and tremendous demand for a sustainable security solution that could fit those devices.”

Sternum competes with Vdoo, Axonius, Firedome, Thistle, and Armis Security among others in the over $9.88 billion IoT device security market. Highlighting the segment’s growth potential, Microsoft in June acquired firmware security startup ReFirm Labs to boost its capabilities for protecting IoT and intelligent edge devices.

“Companies require a solution to end this vulnerability race and reduce updating and patching costs while maintaining the highest security level,” Tshuva said. “Device manufacturers are now requiring more and more data and insights about their products to continue their growth, future innovation, and data-driven decision making. Additionally, they required more tools for quality monitoring, development of the products, support, incident response, and asset management of their IoT devices. Sternum delivers all of this.”

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.