10 hot IoT security startups to watch

The Internet of Things is growing at breakneck pace and may end up representing a bigger economic shift in networking than the Internet itself did, making security threats associated with the IoT a major concern.

This worry is reflected by investments being made in startups that focus on stopping threats to the IoT, the industrial IoT (IIoT) and the operational technology (OT) surrounding them.

The 10 young companies profiled here are developing everything from IoT intrusion prevention tools to IIoT/OT cybersecurity suites to firmware-hardening services. As cyber-attackers shift their focus to the IoT, startups like these may well end up being your first line of defense.

Bayshore Networks

What they do: Intrusion protection for IoT

Year founded: 2012

Funding: $14 million

Headquarters: Durham, N.C.

CEO: Kevin Senator, who previously served as VP of Sales and GM of SaaS Sales for Cal Amp

Problem they solve: Industrial network operators don’t typically have the internal expertise to effectively handle the security threats that continuously hit their networks. Many operators rely on IoT visibility tools to monitor risks, but those tools don’t actually provide real-time active protection against threats to their OT environments.

How they solve it: Bayshore Network’s industrial cyber protection software provides real-time, per-asset intrusion prevention throughout an industrial network. Bayshore appliances are deployed inline as a transparent bridge, so there is no need to rebuild all the of the IPs for the plant.

Bayshore’s security suite is built on top of a policy engine that works at the byte level. It ingests packet streams via their native protocols, disassembles them into a set of parameters and metadata, and then applies policy controls. These can be simple signature-based checks or the policies can be context-sensitive. 

Bayshore’s policy engine breaks down all the messages sent to a device, organizes the contents into logical containers and applies rules on a per-value basis. It can also apply external parameters via logical constructs. So, for example, an industrial customer might use Bayshore to apply virtual segmentation such as: Source IPs from subnet-A might be allowed to perform read and write operations, but IPs from subnet-B can only do reads.  

Bayshore can also apply context-sensitive actions where the context is defined as an amalgam of known baseline ranges – such as how hot an oven should run – and external threat conditions – such as an uptick in blocked activity targeting the oven’s PLC from external users.

Competitors include: Cisco, Palo Alto Networks, Tenable, Symantec and startups including Claroty, Nozomi Networks, Indegy and CyberX

Customers include: AT&T, GE, Kimberly Clark Corporation, Yokogawa

Why they’re a hot startup to watch: For a seven-year-old company, Bayshore Networks has a modest amount of funding. However, it has something even more important than eye-popping VC rounds: named customers – big ones.

The senior leadership team has a track record of successful exits. CEO Senator and CPO Toby Weir-Jones were both in management positions at Counterpane when it was acquired by BT. Other exits include Bluecurve’s sale to Red Hat (Senator) and ValiCert’s IPO (Weir-Jones).

Claroty

What they do: Provide security for OT networks

Year founded: 2014

Funding: $93 million

Headquarters: New York, N.Y.

CEO: Amir Zilberstein. He formerly co-founded Waterfall Security Solutions and Gita Technologies

Problem they solve: As cyber-attacks explode in volume and become increasingly complex, the shortage of IT skills in OT environments is becoming a massive risk.

Not only are OT networks vulnerable to new, evolving attacks, but many industrial control systems (ICS) networks also lack even basic intrusion prevention, allowing potential attackers to case out networks undetected long before launching attacks.

How they solve it: Claroty’s IIoT cybersecurity platform discovers and eliminates vulnerabilities, misconfigurations and insecure connections in IIoT and OT environments. The Claroty platform offers granular visibility into IIoT and industrial control networks – understanding a device’s function in the network, its relationship to other devices and details about its layer 7 traffic – to improve uptime and enable a proactive security posture.

Its flagship Continuous Threat Detection platform provides real-time threat detection, including anomaly and signature-based detection. It establishes a real-time view of the network topology, including connections and traffic flow for both Ethernet and serial networks.

Continuous vulnerability-monitoring capabilities help operators uncover and remedy network configuration issues, while also discovering assets with known vulnerabilities. The platform can automatically generate current-state views of OT process communications, which enables it to automatically determine network segmentation strategies.

Claroty enables secure remote access with policy- and workflow-based access control and session monitoring. It can be integrated with common cybersecurity products, such as those from Cisco, Check Point and Splunk.

Finally, Claroty can be deployed in extremely remote, bandwidth- or compute-constrained environments. It relies on a sensor-based architecture to adapt to such use cases as protecting electric transmission lines, and oil and gas pipelines.

Competitors include: Cisco, Palo Alto Networks, Tenable, Symantec, Bayshore Networks, Nozomi Networks, Indegy and CyberX Customers include: None publicly disclosed.

Why they’re a hot startup to watch: Claroty has raised an eye-popping $93 million in funding, including a $60 million Series B announced in June 2018. The round was led by Temasek and included Rockwell Automation, Aster Capital, Next47, Envision Ventures and Tekfen Ventures. Original investors Bessemer Venture Partners, Team8, Innovation Endeavors and ICV all participated in the round, as well.

The senior leadership team has relevant industry experience, holding management positions at Siemens, NextNine Cyber Security, Optiv and IBM. The founding team also served in various cyber-defense roles for Israeli Defense Forces.

Former NSA Director and Commander of the U.S. Cyber Command Michael S. Rogers is chairman of the company’s board of advisors.

The company has inked strategic deals to serve as the preferred IIoT security provider for Siemens, Schneider Electric and Rockwell Automation, and expects that soon more than half of its revenues will be generated by these partnerships.

CyberX

What they do: Provide IIoT and ICS cybersecurity software

Year founded: 2013

Funding: $48 million

Headquarters: Waltham, Mass.

CEO: Omer Schneider. Prior to co-founding CyberX, Schneider spent more than seven years as a commander in the Israel Defense Forces where he led a blue-team cybersecurity unit tasked with protecting critical national infrastructure.

Problem they solve: IIoT creates an attack surface of billions of online devices, and the increased connectivity between IT and OT networks brings previously isolated environments online as well. This introduces new risks, such as downtime from software failures and dangerous cyber-physical safety incidents.

How they solve it: CyberX’s agentless platform enables organizations to continuously auto-discover and fingerprint unmanaged IIoT and ICS devices and networks. The platform monitors production networks for destructive cyberattacks, and its ICS-aware threat analytics and machine-learning technology protect against zero-day threats.

CyberX uses passive monitoring and network traffic analysis to provide deep, real-time visibility into IIoT/ICS networks without impacting performance. Delivered as a preconfigured physical or virtual appliance, CyberX says its platform can typically deliver actionable insights less than an hour after being connected to the network.

The platform gathers information about organizations’ IIoT and ICS devices, including manufacturer, device type, firmware version, protocols, etc. It updates operators on vulnerabilities and risks, and produces an overall risk score with mitigation advice. It reports on unpatched CVEs, rogue devices, unauthorized connections to the Internet, unauthorized subnet connections to IT networks, vulnerable firewall rules, unauthorized WAPs and more.

CyberX provides automated threat-modeling to predict the most likely paths attackers would take to compromise an organization’s assets. Security analysts can then simulate mitigations, such as patching and segmentation, to eliminate these attack paths, before deploying them.

Competitors include: Check Point, Symantec, McAfee, Darktrace, Tenable, Indegy, Armis, Sentryo, and Claroty

Customers include: Teva Pharmaceuticals, Scotia Gas Networks, Adani Power, First Quality Enterprises and Deutsche-Telekom

Why they’re a hot startup to watch: CyberX hits the trifecta:1) they have big VC backing; 2) a strong leadership team with an extensive track record of exits (the senior leadership’s exit experience includes Rapid7’s and Check Point’s IPOs, the sale of Guardium to IMB, and HP’s $1.5B acquisition of ArcSight); and 3) an impressive list of named customers.

Edgeworx

What they do: Provide edge management and security software

Year founded: 2017

Funding: An undisclosed amount of seed funding from Samsung NEXT, Sequoia Seed and CloudScale Capital Partners

Headquarters: San Jose, Calif.

CEO: Kilton Hopkins, who was previously IoT Program Director for Northeastern University

Problem they solve: As edge devices explode, businesses struggle to integrate their many one-off, stove-piped IoT and industrial control solutions, many of which run on dedicated hardware. Facing massive volumes of data, increasingly complicated security threats, and the need for real-time processing to keep operations running smoothly, industrial companies need a way to migrate, manage and secure computing at the edge.

How they solve it: Edgeworx ioFog software is an edge-computing application platform that provides a standardized way to develop and remotely deploy secure microservices to IoT devices. Edgeworx developed ioFog as an open-source platform (now managed by the Eclipse Foundation) and continues to contribute to its development and innovate around it.

According to Farah Papaioannou, the company’s co-founder and president, ioFog enables “bring your own edge” computing, with ioFog turning any hardware into a connected device. ioFog handles the deployment and management of multiple edge devices or nodes across multiple networks. Since each device may require its own microservices, ioFog automatically manages device discovery, network configurations and data routing.

As it builds services around ioFog, Edgeworx is focusing on security as a big business driver. Edgeworx argues that traditional cloud-based public-key infrastructure does not work at the edge due to device, network and legacy constraints.

ioFog’s Pure Edge Security feature is blockchain-based and turns each node into a trusted device. It continuously monitors edge devices, validating a set of security rules with each node, searching for minor deviations or signs of rogue nodes. When a rogue node is found, it is automatically quarantined. If rogue nodes do not pass stringent security checks to re-enter the network, they can be remotely wiped of all software and data.

The Edgeworx business model focuses on customizing edge services, including running ioFog as a managed service. The startup is also building up a microservices marketplace around ioFog, enabling developers to monetize their own microservices and edge applications.

Competitors include: ioTium, NanoLock and Particle Customers include: None publicly announced.

Why they’re a hot startup to watch: The complexity of securing and managing the explosion of connected devices creates a massive opportunity for open-source, standardized solutions. Just as the open-source mobile OS Android enabled Google to accelerate its mobile business, ioFog and Eclipse could make ioFog the default OS of the edge.

ioTium

What they do: Provide software-defined infrastructure for IIoT

Year founded: 2015

Funding: $22 million

Headquarters: Santa Clara, Calif.

CEO: Ron Victor, previously VP of marketing and business development for Wireless Industrial Technologies

Problem they solve: Connecting millions of legacy industrial assets to cloud-based applications can create a massive security risk. Organizations need to connect massive numbers of dated assets, but most lack the proper expertise and infrastructure to do so in a secure fashion.

How they solve it: ioTium’s IIoT network infrastructure software helps organizations securely connect millions of industrial assets to cloud-based applications. Delivered as a managed service, ioTium’s software collects data from legacy mission-critical brownfield machines and sends it to greenfield applications residing in public, private and hybrid clouds.

ioTium has a three-pronged approach to security – protecting the asset, securing the data and isolating every data stream within the backhaul infrastructure. ioTium first automatically discovers devices and establishes a secure perimeter around the industrial environment and then provides secure connectivity to cloud apps.

ioTium’s IoT network isolates IT and OT networks and data, preventing IT traffic from touching OT traffic and thus eliminating the possibility of backdoor threats. Further, ioTium isolates data streams from different subsystems, preventing a compromise on one subsystem from affecting any other subsystem.

Competitors include: Check Point, Symantec, Indegy, Armis, Sentryo and NanoLock

Customers include: CBRE, Kilroy Realty, Rexnord, Siemens, SPIRE Realty and Emerson

Why they’re a hot startup to watch: Delivering IIoT security as a managed service is a smart move, considering the lack of IT and cybersecurity resources in this fast-growing market. ioTium argues that the industrial side of the IoT explosion is still an untapped market. The company has $22 million in funding to target that market, a long list of named customers within it, and the startup’s CEO previously led two successful exits (he co-founded Vyyo and led it to an IPO, and he led Hellosoft’s VOIP business when it was acquired by Imagination Technologies).

NanoLock Security

What they do: Provide a cloud-based IoT management and security platform

Year founded: 2016

Funding: $9 million

Headquarters: Nitzanei Oz, Israel

CEO: Eran Fine, who founded and served as CEO for OREE, which was acquired by Juganu Systems

Problem they solve: As the IoT expands, it is becoming deeply integrated into critical infrastructure and industrial processes, which tend to lack even basic security. Edge devices and their networks require a mechanism for secure updates and bug fixes, and without a way to closely manage them outside of the CPU or operating system, the devices become unreliable and cannot be trusted.  How they solve it: NanoLock protects IoT environments through a cloud-to-flash protection approach that configures IoT devices for secure updates and device management. NanoLock creates a secure channel between the cloud and the flash memory in the edge device regardless of the status of the network, the status of the processor or the software version installed in the flash.

NanoLock creates a virtual gatekeeper in the secured flash that blocks write operations to protected memory blocks, making it impossible for attackers to alter the firmware with malicious code, even in cases where the attacker gains full control of the host OS.

Competitors include: Arm, Intel, ioTium, Edgeworx, Armis, Particle and Sentryo Customers include: Thales

Why they’re a hot startup to watch: NanoLock’s senior leadership team has a mix of industry (Microsoft, Qualcomm, GM) and security (IDF and the Israeli Secret Service) experience. Its CEO co-founded and served as President for Oree, later sold to Juganu Systems. Roughly half of the startup’s VC backing comes from the Awz HLS Investment Fund, an Israeli venture capital fund focused on homeland security technology, and the startup has locked down an impressive on-the-record customer in Thales.

While retrofitting IoT devices with flash is labor-intensive, NanoLock’s approach provides IoT owners with a safe and easy-to-understand method for securing, managing and updating constrained devices. 

Particle

What they do: Provide an IoT management and security platform

Year founded: 2012

Funding: $35.8 million

Headquarters: San Francisco, Calif.

CEO: Zach Supalla, a former management consultant with McKinsey & Company, advising Fortune 500 companies on strategy, operations and product development.

Problem they solve: Delivering IoT projects on time is difficult due to the complexity of IoT systems, network availability, and the lack of standards, especially when it comes to security. Even the most tech-savvy businesses are having a hard time mitigating risks as they chase new opportunities.

How they solve it: The Particle IoT platform adds connectivity, security and device management features to constrained devices. To internet-enable a device, Particle provides a hardware development kit that allows you to choose the right network option (Wi-Fi, cellular, Bluetooth, and/or mesh) for your use case.

Rather than building your own networking stack, you can use Particle’s hardware and proprietary embedded OS, called Device OS, to connect to the cloud. Communication protocols, encryption, monitoring and device management features are built in. If the device requires a cellular connection, Particle provides SIM cards with data plans included.

Device OS also connects to Particle’s Device Cloud, which is used to manage enterprise-scale fleets of devices. Device Cloud logs events, enables you to segment groups of devices, and gives you the ability to control and monitor devices individually or in groups.

Competitors include: Ayla, Electric Imp, Sierra Wireless and Telit Customers include: Keurig, NASA, SpaceX, Jacuzzi, MIT and Stanford University

Why they’re a hot startup to watch: After starting the project on Kickstarter, CEO Zach Supalla pushed Particle to the next level, locking down nearly $36M in VC funding. The startup claims to have roster of more than 8,500 customers, including half of the Fortune 500. Particle’s named customers lend credence to this claim.

ReFirm Labs

What they do: Provide IoT security

Year founded: 2017

Funding: $2.75 million

Headquarters: Fulton, Md.

CEO: Derick Naef, previously VP/GM of the mobility solutions business at Acronis

Problem they solve: Insecure firmware is a major risk for any enterprise with IoT deployments.

Mitigating supply-chain risks in IoT firmware is more than a business risk, as well as a national security threat.

How they solve it: ReFirm Labs’ flagship security product, called Centrifuge, vets, validates and monitors firmware security. Rather than forcing you to download source code, deploy agents or rely on specialized SKDs, Centrifuge is accessed through an API that integrates into the security and monitoring tools you’re already using.

To vet firmware, Centrifuge decompiles a single copy of the firmware in the cloud to look for known vulnerabilities, hardcoded accounts/passwords, embedded cryptographic material and potential zero-day threats.

The Centrifuge Platform includes an enterprise dashboard that provides detailed and actionable reporting. Once firmware images are uploaded, Centrifuge Guardian continuously monitors them for new threats. Alerts are prioritized by severity.

Competitors include: Veracode, Fortify, Synopsys, Eclypsium, Red Balloon, RunSafe Security and Finite State

Customers include: AT&T, Charter Communications, Arris, Altibox, Canadian Nuclear Laboratories and Deloitte

Why they’re a hot startup to watch: The only way to mitigate the massive risk to IoT is through simple security solutions that are plug-and-play or close to it. ReFirm Labs’ approach of offering IoT security as an adjunct to tools you’re already using is a smart one.

The leadership team has a solid track record, as well. CEO Naef was a co-founder/CTO of GroupLogic, which was sold to Acronis. Chairman Terry Dunlap and CTO Peter Eacmen were both analysts at the NSA and later co-founders of Tactical Network Solutions.

ReFirm Labs has a solid roster of named customers.

RunSafe Security

What they do: Provide security for embedded systems and devices that underpin critical infrastructure

Year founded: 2015

Funding: $2.4 million in seed funding

Headquarters: McLean, Va.

CEO: Joe Saunders, who advises and has invested in security and risk-management companies, including Kaprica Security and TARGUSinfo.

Problem they solve: The IoT makes it easier for attackers to find vulnerabilities, and those vulnerabilities (in oil refineries, flood control systems, nuclear power plants, medical devices, etc.) open up previously isolated environments to cyber-attacks.

How they solve it: RunSaf’s Alkemist software blocks zero-day attacks and closes IoT vulnerabilities by hardening software binaries so malware cannot execute. Alkemist uses remotely deployable runtime application self-protection (RASP) methods – including Basic Block Randomization, Control Flow Integrity and Stack Frame Randomization – to reduce attack vectors.  

These methods reduce cyber-risks by preventing exploits from spreading across networks. Alkemist leaves each system functionally identical, but logically unique and requires no source code or compiler access. It can be applied to either new builds or systems already in the field.

Alkemist, previously called Software Guardian, started out as a research project for the Advanced Research Projects Agency of the Department of Defense.

Competitors include: Argus, Karamba, Polyverse, Red Balloon, ReFirm Labs and Virsec

Customers include: Etas Bosch, Vertiv and the U.S. Department of Defense

Why they’re a hot startup to watch: RunSafe is shipping its commercial product and attracting named customers. Its concept of cyber-hardening IoT systems to reduce vulnerabilities can protect risky systems already in the field. Moreover, Alkimet, which began as an ARPA project, is still being used by the DoD.

SCADAfence

What they do: Provide IoT security

Year founded: 2014

Funding: $10 million

Headquarters: Tel Aviv, Israel

CEO: Elad Ben Meir, who previously served as VP of strategic accounts and business for CyberInt

Problem they solve: Industrial trends are pushing a variety of devices online that worsen the degree of risks operators face because they’re no longer in isolated environments and expose them to different kinds of risks, as well.

In the past, operators trusted basic protections such as network segmentation, isolation and air-gapping. But due to the increasing connectivity between OT, IT, cellular and other networks, these protections are less effective. Moreover, relying on IT-oriented security tools does not protect against OT-specific attack vectors.

How they solve it: The SCADAfence platform is an industrial-network monitoring system that provides cybersecurity and visibility for OT networks, such as ICS and SCADA networks.

Designed to protect complex, large-scale OT networks as operators pursue digital transformation, the SCADAfence platform first conducts an OT networks asset discovery sweep and creates an inventory.

It then establishes a baseline for the intended behavior of each device and continues to monitor it, reporting any anomalies. By employing algorithms, machine learning and AI, it detects anomalies and security events that can affect availability and the safety and reliability of the OT network and its assets. The platform also provides risk management and threat detection, notifying critical personnel when something is wrong.

Competitors include: Claroty, CyberX, Nozomi, Security Matters and Check Point Customers include: Mitsui

Why they’re a hot startup to watch: SCADAfence has raised enough VC funding to develop an IIoT security platform that’s attracted an impressive on-the-record customer in Mitsui, which intends to use it to help accelerate its smart-city initiatives, relying on SCADAfence to secure its critical facilities and building management systems (BMS).

The senior leadership team has experience with both cyber- and national security. CEO Elad Ben-Meir previously served as VP of Strategic Accounts and Business Development for Cyberint. CTO Ofer Shaked previously served as a project lead for Integrity Project, which was acquired by Mellanox, and VP of Business Development Yoni Shohet was both a project manager and security team lead for the IDF. Shaked and other senior leaders also came up through the IDF.