Security Experts:

Sepio Systems Raises $6.5 Million to Defend Against Rogue Hardware

Cybersecurity startup firm Sepio Systems, with headquarters in Gaithersburg, Maryland and R&D in Tel Aviv, Israel, has closed a $6.5 million Series A funding round. The funding was led by Hanaco Ventures and Merlin Ventures, with the participation of existing investors Energias de Portugal (EDP), Mindset Ventures and Pico Partners. Total funding raised by Sepio now stands at $11 million.

Sepio was formed to defend against the increasing threat and occurrence of compromise via rogue hardware. Delivered as a cloud service, it detects and mitigates hardware-based attacks, rogue peripherals, invisible network devices, and manipulated firmware. It provides visibility into hardware assets and their behavior in real time, while a policy enforcement module allows administrators to define usage rules and detect misbehavior. It consequently supports the hardware supply chain while also detecting malicious actor-inserted rogue devices.

Sepio Systems LogoA common hardware attack is delivered against ATMs, where rogue hardware is inserted. However, network infrastructures are not immune. In July 2017 it was reported that two illegally attached Raspberry Pis on a healthcare network were redirecting staff to a lookalike external phishing site.

More recently, it was reported in June 2019 that NASA's Jet Propulsion Laboratory (JPL) had been compromised via the attachment of an unauthorized Raspberry Pi computer to the JPL network. NASA's own report stated, "Given the architecture of JPL’s network, the attackers were able to expand their access upon entry and move laterally across the network. Classified as an advanced persistent threat, the attack went undetected for nearly a year."

Coupled with an unpatched critical software vulnerability, the attack resulted in the exfiltration of 23 files containing around 500 megabytes of data. "The increasing number of hardware based cyber-attacks is a major concern to all enterprises," commented Yossi Appelboum, co-founder and CEO of Sepio. "While all other security solutions are focused on software threats, they are incapable of stopping threats coming from hardware."

Sepio was founded in April 2016 by Bentsi Ben-Atar, Iftah Bratspiess, Yossi Appleboum and Greg Poch. The first three all served in Israel's IDF intelligence units, while the chairman of the board is Tamir Pardo, a former director of Mossad -- making Sepio another product of the Israeli cybersecurity startup conveyor belt.

"Besides creating the Rogue Device Mitigation category," said Alon Lifshitz, founding partner at Hanaco Ventures, "it's rare as an investor to back founders that have worked as a team for over twenty years now building their third startup together."

The second primary investor in the funding round sees its primary task as bringing the Rogue Device Mitigation (RDM) solution to the U.S. federal space. Part of the expansion fueled by the funding will be a new office in Mclean, Virginia to support US federal customers. To date, Sepio's RDM has been deployed in more than 25 banks, insurance and telecommunications companies in the U.S., Singapore, Brazil, South Africa and Israel.

Related: Supply-Chain Attack Used to Install Backdoors on ASUS Computers 

Related: DUST Identity Emerges From Stealth to Protect Device Supply Chain 

Related: IBM Supply Chain Breached as Storwize USBs Ship With Malware

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.