Anyone who has been following the headlines about the ongoing cyberattacks on the firmware found in every computer and electronic device around the world will understand how important a highly-secure IT defense is to protecting against attacks by cyber criminals looking to steal information and cause damage. That was the case in the controversial “Big Hack” in October of last year, where the Chinese military was accused of using a tiny chip implanted on server motherboards to infiltrate some of America’s top companies. For years, firmware implants and backdoors have been the tools of choice for the most sophisticated cyber attackers and that’s a trend that shows no sign of slowing down. According to Charlie Kawasaki, vice chair of the Oregon Cybersecurity Advisory Council and CTO of PacStar, firmware is fertile ground for exploitation given its less defended posture and high degree of complexity.
Recently, I talked with Yuriy Bulygin, founder and CEO of Eclypsium, to learn more about how his company is working to address this growing concern, by pioneering a new type of IT security to protect firmware and hardware from active threats, from device-level implants and other backdoor attacks. Eclypsium has developed technology that helps organizations defend their systems against firmware, hardware, and supply chain attacks.
“At Eclypsium, we believe that the firmware layer is a major unaddressed source of risk for the enterprise and that cybersecurity risk keeps growing every day,” said Bulygin. “It’s an exciting opportunity for us because we are tackling some of the most challenging and open gaps in information security today.”
Founded in 2017 by Bulygin and Alex Bazhaniuk, CTO, both ex-Intel security researchers, Eclypsium is focused on defending the firmware area where vulnerabilities are the most persistent and security controls are the weakest, according to Bulygin. As soon as attackers have compromised the firmware developed by different manufacturers for servers, laptops, networking equipment, and other devices, they can cause all sorts of problems, including disabling the devices completely or extracting proprietary and confidential data. Bulygin said that Eclypsium has made major strides in solving this problem and the company’s technology will be honored this week at RSA Conference 2019, one of the leading cybersecurity conferences, where Eclypsium is a finalist in the RSA Innovation Sandbox 2019. In addition, Eclypsium will be demoing their solution at the RSA Early Stage Expo and the Intel RSA booth.
During the past two years, Eclypsium has secured significant new funding, is expanding its team, and is quickly getting the attention of manufacturers and enterprise companies focused on protecting their firmware and hardware from cyberattacks. In December 2018, Eclypsium closed a $8.75 million Series A funding round. The round was led by Madrona Venture Group with continued participation from existing investors, Andreessen Horowitz, Intel Capital and Ubiquity Ventures.
Eclypsium will use the cash infusion to expand its teams in Portland and other locations. Currently, the company has 25 employees and plans to increase its employee base by 15 to 20 percent by the end of 2019. Bulygin expects to add several more people across all functions including customer support, operations, research, and engineering roles in Portland and other locations. The company plans to use the funding to build more functionality into the product, expanding features and enhancing usability.
“We’ve been very pleased with our progress since we founded the company. Our research team is one of the best in the world and really understands the space, the attackers, and magnitude of the issue,” said Bulygin. “During initial customer deployments, we evaluated thousands of devices, and found that more than 77% of the devices analyzed had outdated firmware, and nearly 100% were vulnerable to known attacks. Eclypsium is solving a huge problem in what experts believe to be a greater than $20 billion market. There’s a significant and rapidly growing need for our IT security solution which makes our market opportunity extremely exciting.”
**Click here to read a version of this article published in the Portland Business Journal.