VDOO raises $32 million to secure embedded devices and the IoT

VDOO Connected Trust, a pioneer in security automation for embedded devices, announced it raised $32 million in Series B funding led by venture capital firms WRVI Capital and GGV Capital, with participation from NTT DOCOMO, which joined the round based on earlier successful cooperation, MS&AD Ventures, an affiliate of a global cyber insurance firm, and strategic individual investor Mr. Avigdor Willenz, Founder of Galileo Technologies and Annapurna Lab. 83North, Dell Technology Capital and David Strohm, who led the company’s initial financing, also participated in the B round.

The funding will enable VDOO to increase market adoption of its IoT security platform while also expanding its technical capabilities, as the company sets its sight on becoming the industry’s first end-to-end security solution for embedded devices of any type. This round brings the company’s total funding to $45M.

“At a time when embedded devices already deployed in the field not only collect data but actually control our physical environment, affecting both business operations and our personal lives, it’s hard to imagine a future where all of these devices can be exploited,” said Netanel Davidi, Co-CEO and Co-Founder of VDOO.

“The reality is that devices are highly vulnerable and there is a reasonable chance they will be under a massive attack in the near future. Our vision is to make them more secure as we continue to build an automated security platform that meets the demands of an increasingly connected world.

“Corporations, standardization bodies, regulators and cyber insurers all understand that it’s time for a change and that security for the connected environment is essential. The funding will enable us to accelerate market education by working closely with these bodies to make a significant change in approach to embedded devices security.”

The funds will be used to accelerate product innovation in the form of a comprehensive set of automated analysis capabilities, including zero-day vulnerabilities detection, that enable device vendors to implement unprecedented security levels at scale, both for new and legacy devices.

In addition, the round will fuel the expansion of a rapidly growing partner and distribution network, which already includes NTT, Macnica, DNP and Fujisoft in Japan. VDOO’s partners help IoT makers easily secure their devices, address their customers’ security expectations, and comply with emerging IoT regulatory actions and industry standards.

“Among all startups for embedded systems, VDOO is the first to introduce a unique, holistic approach focusing on the device vendors which are the focal enabler in truly securing devices,” said Lip-Bu Tan, Founding Partner of WRVI Capital, a leading international venture firm focusing on OEMs (Original Equipment Manufacturers) of embedded systems, hardware, and software.

“We are delighted to back VDOO’s technology, and the exceptional team that has created advanced tools to allow vendors to secure devices as much as possible without in-house security know-how – for the first time in many decades, I see a clear demand for security, as being raised constantly in many meetings with leading OEMs worldwide, as well as software giants.”

“VDOO brings a unique end-to-end security platform, answering the global connectivity trend and the emerging threats targeting embedded devices, to provide security as an essential enabler of extensive connected devices adoption. With its differentiated capabilities, VDOO has succeeded in acquiring global customers, including many top-tier brands. Moreover, VDOO’s ability to uncover and mitigate weaknesses created by external suppliers fits perfectly into our Supply Chain Security investment strategy,” said Glenn Solomon, Managing Partner at GGV Capital.

“This funding, together with the company’s great technology, skilled entrepreneurs and one of the best teams we have seen, will allow VDOO to maintain its leadership position in IoT security and expand geographies while continuing to develop its state-of-the-art technology.”

VDOO’s automation platform enables IoT manufacturers to raise the security bar in a scalable manner by implementing only device-specific security requirements which include step by step guidance to help the vendor mitigate the security threats in a cost-effective manner.

The security requirements are integrated into common task management and development environments. On top of that, VDOO technology improves the device’s security even more by automatically generating tailor-made on-device micro-agents for active real-time protection against known and unknown threats, including exploits that utilize advanced methods.

VDOO’s research impact

VDOO’s unique security automation technology leverages machine learning capabilities to create a security profile for any embedded device by defining its unique threat landscape, conducting designated penetration testing and performing a complete security gap analysis – all in an automated manner. The advanced capabilities are based on deep analysis on a data set of 70M embedded systems’ binaries and more than 16K versions of embedded systems.

During the last 18 months, VDOO has helped dozens of vendors address an aggregated total of 150 zero-day vulnerabilities and more than 100K security issues. These vulnerabilities could allow cyber criminals to takeover or completely destroy more than 1.5B devices, even when not connected to the internet.

The wide research shows that the embedded devices security problem is not vertical specific as this dataset is comprised of firmware of devices from multiple verticals – safety and security, smart buildings, medical, industrial, automotive, enterprise appliances, telecom and smart home.

Many of the vulnerable devices that VDOO identified are connected directly to the internet and are widely spread across device types such as video surveillance equipment and security cameras, with NVRs and DVRs topping the list, followed by network elements such as gateways, routers, switches, STBs, and modems.

Security issues were also found in IT and OT appliances such as NAS servers, industrial control switches, printers, VoIP gateways and conference extensions, as well as in fire alarms, PLCs, access control and medical devices. Such devices were found to be exposed to complicated attacks utilizing software vulnerability exploitation as well as to basic attacks.

In the consumer sector, security issues were found in smart watches, light bulbs, printers, tracking devices, smart TVs, personal alarms, and many other popular smart home devices. Such devices were found to lack the basic security building blocks such as traffic encryption, default password change and boot process integrity.

Most of the devices analyzed by VDOO were vulnerable to Command Injection and Command Execution attacks, followed by memory corruption exploitation and common logic flaws. In addition, most of the devices consisted of embedded credentials that were easy to decrypt in a few hours.

The vulnerable devices can be exploited in a way that could enable large-scale cyber-attacks that could disable an enterprise’s operations and critical functions. This, in turn, may lead to loss of trust in IoT devices, interfere with connected technologies adoption and prevent the digital revolution from taking place. VDOO’s mission is to allow security for the entire IoT ecosystem’s success.