Cybersecurity startup firm Sepio Systems, with headquarters in Gaithersburg, Maryland and R&D in Tel Aviv, Israel, has closed a $6.5 million Series A funding round. The funding was led by Hanaco Ventures and Merlin Ventures, with the participation of existing investors Energias de Portugal (EDP), Mindset Ventures and Pico Partners. Total funding raised by Sepio now stands at $11 million.
Sepio was formed to defend against the increasing threat and occurrence of compromise via rogue hardware. Delivered as a cloud service, it detects and mitigates hardware-based attacks, rogue peripherals, invisible network devices, and manipulated firmware. It provides visibility into hardware assets and their behavior in real time, while a policy enforcement module allows administrators to define usage rules and detect misbehavior. It consequently supports the hardware supply chain while also detecting malicious actor-inserted rogue devices.
A common hardware attack is delivered against ATMs, where rogue hardware is inserted. However, network infrastructures are not immune. In July 2017 it was reported that two illegally attached Raspberry Pis on a healthcare network were redirecting staff to a lookalike external phishing site.
More recently, it was reported in June 2019 that NASA’s Jet Propulsion Laboratory (JPL) had been compromised via the attachment of an unauthorized Raspberry Pi computer to the JPL network. NASA’s own report stated, “Given the architecture of JPL’s network, the attackers were able to expand their access upon entry and move laterally across the network. Classified as an advanced persistent threat, the attack went undetected for nearly a year.”
Coupled with an unpatched critical software vulnerability, the attack resulted in the exfiltration of 23 files containing around 500 megabytes of data. “The increasing number of hardware based cyber-attacks is a major concern to all enterprises,” commented Yossi Appelboum, co-founder and CEO of Sepio. “While all other security solutions are focused on software threats, they are incapable of stopping threats coming from hardware.”
Sepio was founded in April 2016 by Bentsi Ben-Atar, Iftah Bratspiess, Yossi Appleboum and Greg Poch. The first three all served in Israel’s IDF intelligence units, while the chairman of the board is Tamir Pardo, a former director of Mossad — making Sepio another product of the Israeli cybersecurity startup conveyor belt.
“Besides creating the Rogue Device Mitigation category,” said Alon Lifshitz, founding partner at Hanaco Ventures, “it’s rare as an investor to back founders that have worked as a team for over twenty years now building their third startup together.”
The second primary investor in the funding round sees its primary task as bringing the Rogue Device Mitigation (RDM) solution to the U.S. federal space. Part of the expansion fueled by the funding will be a new office in Mclean, Virginia to support US federal customers. To date, Sepio’s RDM has been deployed in more than 25 banks, insurance and telecommunications companies in the U.S., Singapore, Brazil, South Africa and Israel.
Related: Supply-Chain Attack Used to Install Backdoors on ASUS Computers
Related: DUST Identity Emerges From Stealth to Protect Device Supply Chain
Related: IBM Supply Chain Breached as Storwize USBs Ship With Malware

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
- UK Introduces Mass Surveillance With Online Safety Bill
- Blockchain Security Firm True I/O Raises $9 Million
- Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report
- QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography
- SecurityScorecard Guarantees Accuracy of Its Security Ratings
- Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
- Burnout in Cybersecurity – Can It Be Prevented?
- Verosint Launches Account Fraud Detection and Prevention Platform
Latest News
- Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Report: Chinese State-Sponsored Hacking Group Highly Active
- Votiro Raises $11.5 Million to Prevent File-Borne Threats
- Lumen Technologies Hit by Two Cyberattacks
- Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
