By 2020, Gartner predicts that there will be more than 20 billion connected devices globally — a number that has some executives worried. In a recent survey conducted by Spiceworks, 90% of IT professionals expressed concern that the influx would create security and privacy issues in the workplace. And in a separate study commissioned by eSecurity Planet, 31% of internet of things (IoT) developers said they considered the software or firmware for connected devices the greatest “trouble spot” for cybersecurity.
The solution just might lie in products from Vdoo, a Tel Aviv, Israel-based IoT security startup that today announced the closure of a new funding round. The company tells VentureBeat that it raised $32 million in series B financing led by WRV and GGV Capital, with participation from NTT DoCoMo, bringing its total venture capital raised to $45 million.
Co-CEO and cofounder Netanel Davidi said the cash infusion will be used to accelerate the development of Vdoo’s automated analysis capabilities, which benefit from a proprietary data set of 70 million embedded systems’ binaries and more than 16,000 versions of embedded systems. It’ll also help to expand the company’s partner and distribution network, he said, which currently includes NTT, Macnica, DNP, Fujisoft, and others.
“At a time when embedded devices already deployed in the field do not only collect data but actually control our physical environment, affecting both business continuity and our personal lives, it’s hard to imagine a future where all of these devices can be exploited,” Davidi said. “The truth is, today these devices are highly vulnerable and there is a reasonable chance they will be under a massive attack in the near future.”
Vdoo — which former Palo Alto Networks VP of product management Davidi cofounded in 2017 with Uri Alter, a fellow Palo Alto Networks executive who previously led strategy at Altal Security, and Asaf Karas, a 15-year veteran of the Israeli Defense Force’s elite cyber unit — offers a suite of tools aimed at securing connected devices from emerging threats.
Vdoo’s Vision product automatically analyzes IoT device firmware to calculate threats and create security outlines (within 30 minutes or less), and to provide step-by-step guidance for backdoors, malpractices, potential suspected zero-day exploits, and more. (Afterward, it reanalyzes the firmware to ensure security requirements — including those outlined by NIST, ENISA, DCMS, IoTSF — are met.) Meanwhile, Vdoo’s CertIoT offers third-party device certification using a digital and physical security stamp, and its no-overhead Embedded Runtime Agent service protects against threats like on-device runtime exploitation and malware execution by automatically responding to potential breaches.
That’s the tip of the iceberg. Vdoo’s Quicksand deploys honeypots (one “bot” for common attack attempts and a “zero” version for sophisticated attacks) designed to lure hackers away from critical infrastructure. All the while, Whistler issues alerts and updates in real time as new threats to (and vulnerabilities) within the network are detected, followed by mitigation instructions.
Vdoo says that during the past 18 months, it’s helped “dozens” of vendors deal with an aggregated total of 150 zero-day vulnerabilities and more than 100,000 security issues. It says that many of the devices it analyzed — which included consumer devices like smartwatches, printers, and smart TVs, as well as enterprise fixtures such as NAS servers, VoIP gateways, and conference extensions, in addition to fire alarms and medical devices — lacked basic security such as traffic encryption and boot process integrity, and were vulnerable to common attacks like command Injection and memory corruption exploitation.
Vdoo isn’t the only startup applying AI to IoT security, of course. Another sector leader is Armis Security, which raised $65 million earlier this month for its agentless software-as-a-service solution. Mocana recently secured $15 million in funding to develop its end-to-end on-device cybersecurity toolset further, and Axonius, which develops software that helps businesses track and secure their connected devices, attracted $13 million in venture capital earlier this year.
But Davidi is confident the robustness of Vdoo’s product suite will differentiate it from the crowd. “Becoming a core component in securing [edge devices] is the vision for Vdoo as we continue to build an automated security platform that meets the demands of an increasingly connected world,” he said. “Big businesses, standardization bodies, regulators, and cyber insurers all understand that it’s time for a change and that security for the connected environment is essential. The funding will enable us to accelerate market education by working closely with these bodies to make a significant change in approach to embedded-devices security.”
Vdoo has offices in the U.S. and Europe in addition to Tel Aviv, and it counts 83North, Dell Capital, and MS&AD Ventures among its other investors.