Eclypsium gets $25 million to secure device supply chain • TechCrunch

With the enterprise hardware supply chain becoming increasingly global and fragmented, it is becoming more and more challenging for organizations to secure their hardware and software from suppliers. according to To the European Union Agency for Cyber ​​Security, the European Union agency that contributes to the bloc’s cyber policy, 66% of cyber attacks have focused on resource code as of 2021.

Combating such attacks is not easy – but Yuri Polygin does it. He is the founder of Eclypsium, a cloud platform that provides protection against hardware, firmware and software exploits in corporate and public sector environments.

In a reflection of investor confidence — or perhaps simply demand for supply chain security solutions — Eclypsium today closed a $25 million Series B round led by Ten Eleven Ventures with participation from Global Brain’s KDDI Open Innovation Fund and J Ventures, bringing the company’s war fund . to 50 million dollars. Polygin says the capital will be directed to expand the capabilities of Eclypsium products, support existing sales efforts and expand the number of employees from about 80 people to more than 100 by the end of the year.

“There are a few macro-level trends that are driving demand for the Eclypsium solution, thus making this a good time to raise funding to enable exponential growth,” Polygin told TechCrunch in an email interview. “The global supply chain is getting more and more complex, which means that off-the-shelf devices may contain hardware and firmware components sourced from vendors around the world—all of which add to the risk and complexity of securing a device. Moreover, the White House’s continued focus on…creating resilience In US supply chains, it has led to a new focus on the risks inherent in the global economy, and has also led to increased demand from government agencies for Eclypsium solutions.”

Prior to the launch of Eclypsium, Polygin spent nearly a decade at Intel, where he led security threat analysis and conducted research on software and hardware vulnerabilities and exploits. Polygin went on to become the Senior Director of Advanced Threat Research at McAfee before founding CHIPSEC, an open source platform security assessment framework.

In founding Eclypsium, Polygin sought to build a service that, in his words, would help companies avoid “falling into the trap” of relying on equipment manufacturers and more traditional endpoint security management tools. While some startups, such as limited stateproviding firmware-based supply chain security for connected devices, Polygin argues that this level of protection is an afterthought where most cybersecurity vendors are concerned.


Eclypsium Cloud Management Dashboard Image credits: eclipse

Confirmation should be taken with a grain of salt – it is clear that Polygin has a product for sale. But all other things being equal, it is true that supply chain attacks are on the rise globally. According to 2022 exploratory study By Venafi, an automated identity management company, 82% of CIOs believe their organizations are vulnerable to cyber attacks targeting supply chains. The report suggests a shift to cloud-native development, along with the increased speed it has brought DevOps has made the challenges associated with securing supply chains significantly more complex.

“The sheer number and sophistication of modern devices requires highly specialized understanding and expertise in equipment built by different manufacturers – with all firmware and software shipped with these devices – and requires a unique set of capabilities to detect compromised devices and protect against further intrusion,” Polygin said. “Because firmware plays an important role in enabling and defending our technology supply chains, many traditional security vendors have appropriately added ‘firmware-specific features’ to their products. However, firmware security is not an add-on.”

Eclypsium supports devices, including PCs and Macs, servers, “enterprise-level” networking equipment and IoT devices. With the platform, organizations can see and control fleets of devices as well as their networking infrastructure without having to install client software. Firmware coordination capabilities allow security teams to go one step further, leveraging Eclypsium to detect, analyze, and deploy firmware updates published by device manufacturers to detect “unexpected” – and potentially malicious – software modules embedded in devices.

“Organizations are increasingly turning to principles of distrust to defend their fleets of devices and operations. As such, the default position is to avoid trusting systems and users until explicitly verified… [yet] Each device represents a complex system of computers with its own code and operating systems—each built by multiple vendors,” Poligin said. Software that is embedded in hardware and supplied by manufacturers to operating systems and applications. Software and firmware code embedded in devices is the basic and most privileged software that runs on every device.”

Polygin was shy when asked about the size of Eclypsium’s customer base, and declined to reveal any specific revenue numbers. But Polygin she did He volunteered that a third of the company’s clients are Fortune 2000 companies and that Eclypsium has a number of US federal government contracts.

The pandemic has shifted many organizations to a remote work environment first, working from anywhere, and bringing your own machine environment, accelerating the need to adopt defense models and principles that do not rely on perimeter defenses. The most notable shift is the move to zero-trust principles, both at the application and device level. This growing realization of the need to provide multi-layered hardware defense, including the operating system, firmware, firmware, and hardware layers, has led to increased interest in supply chain … hardware solutions, such as those from Eclypsium.

With funding rounds such as Eclypsium’s offering, the cybersecurity bubble may have begun to deflate – but it hasn’t burst. data From Momentum Cyber, a financial advisory firm, showed that cybersecurity startups raised a record $29.5 billion in venture capital in 2021, more than double the $12 billion raised in 2020, in When a record was minted in the form of unicorns. And the according to For Crunchbase, venture dollars invested in cyber startups reached nearly $6 billion in the first quarter of 2022.

Leave a Comment