Thursday, June 13 2024

Binarly Inc., a cybersecurity company building technology to address repeatable security failures in the firmware supply chain, today announced $3.6 million in seed funding from WestWave Capital and Acrobator Ventures. Prominent cybersecurity leaders Michael Sutton, Thomas ‘Halvar Flake’ Dullien, Jamie Butler, Ryan Permeh, Bryson Bort, Pedram Amini, Chris Ueland and David Mandel from Emerging Ventures also joined as investors.

Binarly is co-founded by security pioneers Alex Matrosov and Claudiu Teodorescu, who previously worked on hardware and software security at NVIDIA, Intel Corp., ESET, BlackBerry, Cylance and FireEye. Matrosov, a highly regarded researcher who is regularly credited with major vulnerability discoveries, is co-author of Rootkits and Bootkits, a seminal book that explains how to understand and counter sophisticated, advanced threats buried deep in a machine’s boot process or UEFI firmware.

Binarly has built a SaaS platform for analyzing, understanding and responding to silent, currently undetectable security threats at the firmware layer. Using a combination of machine learning and deep code inspection at the binary level, Binarly enables security teams to have real visibility into hardware and firmware failures and a simple way to recover from sophisticated attacks below the operating system.

Binarly also developed its own technology for vulnerability management and protecting the firmware supply chain from repeatable failures. The company’s approach uses semantic properties of the binary code to improve detection accuracy by limiting the number of false positives.

So far this year, Binarly has coordinated the disclosure of 107 critical firmware security vulnerabilities affecting the entire enterprise device ecosystem. The company worked with security response teams at Insyde, AMI, Lenovo, Dell, HP, HPE, Siemens, Fujitsu, Atos, Intel, AMD and many other vendors to mitigate high-impact security issues across the computing landscape. Many of these vulnerabilities demonstrate the complexities of the firmware supply chain that negatively disrupt the timeline for patch delivery and identification of impacted parties.

“The current approach in the industry is to detect risks related to the firmware by leveraging the current version number of the firmware update against a public database of vulnerabilities and threats. This leads to firmware supply chain failures because known vulnerabilities that are not associated with a certain version number of a firmware release will not be detected thus keeping the ‘doors’ open for an attacker,” Matrosov said.

“Assessing the impact of a known firmware based vulnerability in a customer environment, at scale, is a problem without a viable solution. We have developed the FwHunt technology that adds semantic context around a known vulnerability to ensure detection while reducing false positives,” Teodorescu said.

Binarly plans to use the investment to speed up research and development initiatives, expand its world-class engineering team, and scale enterprise and device manufacturer adoption of its technologies.

Quotes from investors:

“We are excited to invest in founders Alex and Claudiu at Binarly. We have immense respect for their deep technical expertise and understanding of the firmware security market. We recognize that there are significant exposure issues in addressing firmware security vulnerabilities and we have strong conviction that Binarly will mitigate those concerns – both immediate and in the long term.” – Warren “Bunny” Weiss, Managing Partner, WestWave Capital.

“CISOs from critical infrastructure companies, hyperscalers, and cybersecurity experts rate firmware security as a top-three priority. In a world where IoT, edge devices and the mere size of firmware on devices significantly increases, it’s a matter of ‘when’ not ‘if’ new dominant security solutions are adopted. Why Binarly? They’ve got the best-in-class team discovering vulnerabilities no one else has found and managed to surround themselves with incredible experts.” – Mike Reiner, General Partner, Acrobator Ventures.

“It’s no secret that firmware security presents a growing challenge that needs to be solved. For far too long, hardware manufacturers have relied on security through obscurity and we’re now paying the price as attackers identify and exploit flaws that impact thousands of devices across the globe. Blindly trusting hardware manufacturers is a recipe for disaster. The Binarly team has the expertise and vision to finally execute on delivering a scalable solution to get this problem under control.” – Michael Sutton, Managing Partner, Stonemill Ventures.

Alex Matrosov, founder and CEO of Binarly
Previous

Allied Universal Acquires Three Companies

Next

Cyber Deals: HUB Security, Cyberint, MetaCompliance

Check Also

Widget

Don’t Miss

One Cloud

Trend Micro Cloud One: A Comprehensive Review

Ellie Buscemi

What is Cloud One by Trend Micro? The Cloud One platform by Trend Micro is a cloud posture security management (CPSM) product that focuses on providing security in the cloud to businesses. Trend One is designed for businesses whose infrastructure relies on a mix of cloud applications and older device-based programs. Examining the security capabilities […]

Best Security Information and Event Management (SIEM) Solutions

Lara Oporto

A Security Information and Event Management system (SIEM) is typically most needed in larger organizations or those with complex IT infrastructures where there’s a high volume of security events and logs generated from various sources. Companies often invest in SIEM when they require comprehensive visibility into their network activities and want to centralize security monitoring […]

Best Browser Security Products

Ellie Buscemi

What is Browser Security and how does it work? Browser Security is a subcategory of cybersecurity that focuses on minimizing a user’s vulnerability to cyber threats while they use the worldwide web. These cyber threats include phishing web pages, session hijacking and malware, which can be injected onto a device by means of tamped-with web […]

Headshot of BastionZero CEO Sharon Goldberg

Cloudflare Acquires BastionZero to Enhance SASE Offering

Nico Davidoff

Acquisition Aims to Boost Cloudflare One’s Capabilities Amidst Growing SASE Market Competition Cloudflare has acquired BastionZero, a zero trust infrastructure platform, in a move aimed at enhancing its Cloudflare One secure access service edge (SASE) offering. The acquisition underscores Cloudflare’s commitment to expanding its presence in the growing SASE market. Cloudflare reported first-quarter revenue of […]

Best Secure Access Service Edge Platforms

Lara Oporto

What is SASE and how does it work? Secure Access Service Edge (SASE) is an architectural model that combines network connectivity with security functions, all delivered through a unified cloud platform or centralized policy control. In contrast to the traditional approach, where network security relies on a multitude of distinct functionalities like firewalls, Virtual Private […]

Best Data Security Posture Management (DSPM) Products

Ellie Buscemi

What is Data Security Posture Management and how does it work? Data Security Posture Management (DSPM) tools focus on protecting data by continuously tracking where it is located and who has access to it. DSPM refers to a set of methods that cybersecurity professionals use to better understand their sensitive data like what it is, […]