Monday, September 25 2023

Binarly Inc., a cybersecurity company building technology to address repeatable security failures in the firmware supply chain, today announced $3.6 million in seed funding from WestWave Capital and Acrobator Ventures. Prominent cybersecurity leaders Michael Sutton, Thomas ‘Halvar Flake’ Dullien, Jamie Butler, Ryan Permeh, Bryson Bort, Pedram Amini, Chris Ueland and David Mandel from Emerging Ventures also joined as investors.

Binarly is co-founded by security pioneers Alex Matrosov and Claudiu Teodorescu, who previously worked on hardware and software security at NVIDIA, Intel Corp., ESET, BlackBerry, Cylance and FireEye. Matrosov, a highly regarded researcher who is regularly credited with major vulnerability discoveries, is co-author of Rootkits and Bootkits, a seminal book that explains how to understand and counter sophisticated, advanced threats buried deep in a machine’s boot process or UEFI firmware.

Binarly has built a SaaS platform for analyzing, understanding and responding to silent, currently undetectable security threats at the firmware layer. Using a combination of machine learning and deep code inspection at the binary level, Binarly enables security teams to have real visibility into hardware and firmware failures and a simple way to recover from sophisticated attacks below the operating system.

Binarly also developed its own technology for vulnerability management and protecting the firmware supply chain from repeatable failures. The company’s approach uses semantic properties of the binary code to improve detection accuracy by limiting the number of false positives.

So far this year, Binarly has coordinated the disclosure of 107 critical firmware security vulnerabilities affecting the entire enterprise device ecosystem. The company worked with security response teams at Insyde, AMI, Lenovo, Dell, HP, HPE, Siemens, Fujitsu, Atos, Intel, AMD and many other vendors to mitigate high-impact security issues across the computing landscape. Many of these vulnerabilities demonstrate the complexities of the firmware supply chain that negatively disrupt the timeline for patch delivery and identification of impacted parties.

“The current approach in the industry is to detect risks related to the firmware by leveraging the current version number of the firmware update against a public database of vulnerabilities and threats. This leads to firmware supply chain failures because known vulnerabilities that are not associated with a certain version number of a firmware release will not be detected thus keeping the ‘doors’ open for an attacker,” Matrosov said.

“Assessing the impact of a known firmware based vulnerability in a customer environment, at scale, is a problem without a viable solution. We have developed the FwHunt technology that adds semantic context around a known vulnerability to ensure detection while reducing false positives,” Teodorescu said.

Binarly plans to use the investment to speed up research and development initiatives, expand its world-class engineering team, and scale enterprise and device manufacturer adoption of its technologies.

Quotes from investors:

“We are excited to invest in founders Alex and Claudiu at Binarly. We have immense respect for their deep technical expertise and understanding of the firmware security market. We recognize that there are significant exposure issues in addressing firmware security vulnerabilities and we have strong conviction that Binarly will mitigate those concerns – both immediate and in the long term.” – Warren “Bunny” Weiss, Managing Partner, WestWave Capital.

“CISOs from critical infrastructure companies, hyperscalers, and cybersecurity experts rate firmware security as a top-three priority. In a world where IoT, edge devices and the mere size of firmware on devices significantly increases, it’s a matter of ‘when’ not ‘if’ new dominant security solutions are adopted. Why Binarly? They’ve got the best-in-class team discovering vulnerabilities no one else has found and managed to surround themselves with incredible experts.” – Mike Reiner, General Partner, Acrobator Ventures.

“It’s no secret that firmware security presents a growing challenge that needs to be solved. For far too long, hardware manufacturers have relied on security through obscurity and we’re now paying the price as attackers identify and exploit flaws that impact thousands of devices across the globe. Blindly trusting hardware manufacturers is a recipe for disaster. The Binarly team has the expertise and vision to finally execute on delivering a scalable solution to get this problem under control.” – Michael Sutton, Managing Partner, Stonemill Ventures.

Alex Matrosov, founder and CEO of Binarly
Previous

Allied Universal Acquires Three Companies

Next

Cyber Deals: HUB Security, Cyberint, MetaCompliance

Check Also

Widget

Don’t Miss

Cyber Executive Moves: Expel, AXA XL

Ellie Buscemi

Expel appoints a new chief product officer, AXA XL announces a new chief executive and DataVisor appoints a new chief revenue officer. Expel, a security operations provider in Herndon, Virginia, appointed Yonni Shelmerdine as the new chief product officer on Aug. 28. Shelmerdine comes to Expel from SentinelOne where he was the vice president of Product Management, endpoint […]

Grip Security Raising $41 Million Series B Led by Third Point Ventures

SecureDisruptions

SaaS security company plans to accelerate growth and extend market leadership SaaS identity risk management platform Grip Security announced a $41 million Series B funding round led by Third Point Ventures, with participation from YL Ventures, Intel Capital and The Syndicate Group. The investment would bring Grip Security’s total funding to $66 million and marks a major milestone for the […]

Partner One Acquires Key Fidelis Cybersecurity Assets

SecureDisruptions

Partner One, one of the fastest growing software conglomerates in the world, has announced its acquisition of Fidelis Cybersecurity software, intellectual property, equipment, inventory and customer and reseller contracts. Fidelis software is a leader in the cybersecurity industry, with innovative eXtended Detection and Response (XDR) and Cloud Native Application Protection Platform (CNAPP). Fidelis solutions protect […]

Healthcare IoT: Risks, Policy, and the Path Forward 

John Powers

When Amazon launched as an online bookstore twenty-eight years ago, few would have imagined that patients could one day go to its website to treat their acid reflux. But times change. Amazon just expanded their virtual healthcare marketplace, Amazon Clinic. Across the U.S., customers can now consult with clinicians through virtual calls and get treatment […]

NIST Updates Cybersecurity Framework in New Draft, Seeks Public Comment

John Powers

The National Institute of Standards and Technology updated their cybersecurity framework for the third time in a new draft. The new framework offers guidance to organizations about reducing cybersecurity risks. It contains a set of outcomes so that any organization can evaluate, prioritize, grasp, and communicate its cybersecurity measures in an effective way. The draft […]

N.Y. Gov. Debuts Premier State Cybersecurity Strategy

John Powers

Governor Kathy Hochul (D-NY) recently introduced New York’s first cybersecurity strategy. The 15-page document lays out a blueprint to expand services to aid under-resourced entities and clarifies agency responsibilities. It provides $500 million to strengthen New York’s healthcare information technology and $7.4 million to expand the New York State Police’s Cyber Analysis Unit, Computer Crimes […]