Connected control systems form the core component of machinery across critical sectors, helping to manage everything from electrical substations and HVAC installations to fleets of factory floor robots. But alarmingly, they’re largely unprotected. According to a 2018 survey published by Kaspersky Labs, only 23 percent of respondents said their infrastructure was compliant with minimal mandatory industry or government guidance and regulations — a metric that’s all the more discouraging when you consider that 2017 saw a 29 percent uptick in industrial control system (ICS) vulnerabilities.
UpWest Labs graduate CyberX, which was cofounded in 2012 by Omer Schneider and Nir Giller (both veterans of the Israeli Defense Forces’ elite cyber unit), hopes to put a stop to crippling attacks before they start with a platform that continuously monitors virtually any ICS. It today announced that it’s secured $18 million in a strategic funding round led by Qualcomm Ventures and Inven Capital, with participation from existing investors Norwest Venture Partners, Glilot Capital Partners, Flint Capital, and OurCrowd.
It follows on the heels of an $18 million series B in February 2018, and brings the company’s total raised to $48 million.
Schneider, who serves as CEO, said the fresh funding will be used to expand its global footprint and drive product development. “The backing we’ve received from new and existing investors is clear validation of both the massive market opportunity and CyberX‘s proven ability to execute,” he said. “We’re thrilled to have seasoned investors like Qualcomm Ventures and Inven Capital join our team as we continue growing the company at triple-digit rates.”
CyberX uses patented tech it calls industrial finite state modeling (IFSM) to identify deviations from normal network behavior, in part by adopting a deterministic, sequential view of ICS states and transitions. In this way, it’s able to home in on protocol violations that might indicate active exploitation of a vulnerability, and recognize signs of both generic and targeted malware.
It goes further. CyberX employs heuristics to suss out atypical machine-to-machine communications, and to flag operational problems like the intermittent connectivity that usually precedes equipment failure.
CyberX’s product supports a range of control systems and protocols from vendors such as Rockwell Automation, Schneider Electric, Siemens, and GE. And it’s agentless — it doesn’t lean on rules or prior knowledge of environments, can be deployed as either a virtual or physical appliance, and doesn’t directly impact the networks over which it’s deployed. (CyberX connects to a SPAN port or network TAP.) Moreover, it integrates with most existing IT security stacks, like those supplied by Splunk, IBM Security, Palo Alto Networks, Cisco, RSA NetWitness, and ServiceNow.
CyberX claims it takes less than an hour on average to deliver insights. Giller says it’s this speed and flexibility that puts it ahead of competitors like Claroty, Indegy, NexDefense, Nozomi, Sentryo, and Veracity.
“Our societies and global economy rely on a dependable supply of energy, water, food, pharmaceuticals, chemicals, metals, and transportation,” Giller said. “We have a unique opportunity to leverage our differentiated technology and world-class expertise to secure the critical infrastructure supply chain upon which our modern world depends.”
CyberX isn’t disclosing any of its clients by name, but says they include two of the top five U.S. energy providers, a top five global pharmaceutical company, a top five U.S. chemical company, and national electric and gas utilities across Europe and Asia-Pacific.