Binarly Inc., a cybersecurity company building technology to address repeatable security failures in the firmware supply chain, today announced $3.6 million in seed funding from WestWave Capital and Acrobator Ventures. Prominent cybersecurity leaders Michael Sutton, Thomas ‘Halvar Flake’ Dullien, Jamie Butler, Ryan Permeh, Bryson Bort, Pedram Amini, Chris Ueland and David Mandel from Emerging Ventures also joined as investors.
Binarly is co-founded by security pioneers Alex Matrosov and Claudiu Teodorescu, who previously worked on hardware and software security at NVIDIA, Intel Corp., ESET, BlackBerry, Cylance and FireEye. Matrosov, a highly regarded researcher who is regularly credited with major vulnerability discoveries, is co-author of Rootkits and Bootkits, a seminal book that explains how to understand and counter sophisticated, advanced threats buried deep in a machine’s boot process or UEFI firmware.
Binarly has built a SaaS platform for analyzing, understanding and responding to silent, currently undetectable security threats at the firmware layer. Using a combination of machine learning and deep code inspection at the binary level, Binarly enables security teams to have real visibility into hardware and firmware failures and a simple way to recover from sophisticated attacks below the operating system.
Binarly also developed its own technology for vulnerability management and protecting the firmware supply chain from repeatable failures. The company’s approach uses semantic properties of the binary code to improve detection accuracy by limiting the number of false positives.
So far this year, Binarly has coordinated the disclosure of 107 critical firmware security vulnerabilities affecting the entire enterprise device ecosystem. The company worked with security response teams at Insyde, AMI, Lenovo, Dell, HP, HPE, Siemens, Fujitsu, Atos, Intel, AMD and many other vendors to mitigate high-impact security issues across the computing landscape. Many of these vulnerabilities demonstrate the complexities of the firmware supply chain that negatively disrupt the timeline for patch delivery and identification of impacted parties.
“The current approach in the industry is to detect risks related to the firmware by leveraging the current version number of the firmware update against a public database of vulnerabilities and threats. This leads to firmware supply chain failures because known vulnerabilities that are not associated with a certain version number of a firmware release will not be detected thus keeping the ‘doors’ open for an attacker,” Matrosov said.
“Assessing the impact of a known firmware based vulnerability in a customer environment, at scale, is a problem without a viable solution. We have developed the FwHunt technology that adds semantic context around a known vulnerability to ensure detection while reducing false positives,” Teodorescu said.
Binarly plans to use the investment to speed up research and development initiatives, expand its world-class engineering team, and scale enterprise and device manufacturer adoption of its technologies.
Quotes from investors:
“We are excited to invest in founders Alex and Claudiu at Binarly. We have immense respect for their deep technical expertise and understanding of the firmware security market. We recognize that there are significant exposure issues in addressing firmware security vulnerabilities and we have strong conviction that Binarly will mitigate those concerns – both immediate and in the long term.” – Warren “Bunny” Weiss, Managing Partner, WestWave Capital.
“CISOs from critical infrastructure companies, hyperscalers, and cybersecurity experts rate firmware security as a top-three priority. In a world where IoT, edge devices and the mere size of firmware on devices significantly increases, it’s a matter of ‘when’ not ‘if’ new dominant security solutions are adopted. Why Binarly? They’ve got the best-in-class team discovering vulnerabilities no one else has found and managed to surround themselves with incredible experts.” – Mike Reiner, General Partner, Acrobator Ventures.
“It’s no secret that firmware security presents a growing challenge that needs to be solved. For far too long, hardware manufacturers have relied on security through obscurity and we’re now paying the price as attackers identify and exploit flaws that impact thousands of devices across the globe. Blindly trusting hardware manufacturers is a recipe for disaster. The Binarly team has the expertise and vision to finally execute on delivering a scalable solution to get this problem under control.” – Michael Sutton, Managing Partner, Stonemill Ventures.