Chip vulnerabilities and supply chain issues have taken a fresh look at critical hardware security issues, and a Portland-area startup just raised $ 8.75 million in new funding from Madrona Venture Group to help large targets protect against new threats.
Eclypsium’s The new funding comes after a $ 2.3 million first round of funding from Andreessen Horowitz, Intel Capital and Ubiquity Ventures, all of whom once again participated in the Series A round led by Madrona. Tim Porter from Madrona will join the board of directors for Eclypsium, which is headquartered just across the southwest border from Portland in Beaverton, Ore.
Co-founders Yuriy Bulygin and Alex Bazhaniuk, CEO and CTO respectively, develop security services that can help cloud infrastructure providers, large financial services companies with large investments in their own data centers and government organizations detect, analyze and prevent security threats at the firmware level. Firmware is the basic software that runs on specialized chips within a larger system and acts as a crucial link between application software and things like a laptop’s graphics chips or computers. high-end hard drives from a server.
Companies have spent billions of dollars on software security over the past 20 years, but it’s starting to become clear that malicious attackers are looking for vulnerabilities in hardware that they can exploit. While almost everyone in cloud and enterprise tech that I’ve told about the story of Bloomberg’s Supermicro hardware spy chip rolled their eyes, it’s also widely believed that the firmware is vulnerable. bad actors working inside manufacturing facilities or remotely.
Eclypsium’s services are designed to analyze firmware-level traffic on new or existing hardware within a company‘s network and look for anomalies that could indicate that something has changed from the verified firmware. Considering the central role that firmware plays in the functioning of the hardware, compromised firmware could open up huge security holes: it is a “huge attack surface that is hardly ever patched”, he said. Bulygin said in an interview with GeekWire.
During Amazon Web Services’ re: Invent 2018 last week, AWS Chief Information Security Officer Stephen Schmidt explained that for many years, AWS has actually replaced firmware on inbound devices with its own verified firmware, in what was originally intended as a way to reduce bugs. . However, most businesses cannot afford to operate at this scale, which is where services like Eclypsium could help spot issues with the stock firmware.
âWe are clearly seeing a change in mindset that it’s not just about software security anymore,â Bulygin said.
The company has around 25 employees at the time of this latest cycle and plans to grow to 40 by the end of next year, Bulygin said. Currently, the company has clients in the infrastructure as a service market, financial services industry, and government, but it has declined to share specific names.