Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybersecurity Funding

Sepio Systems Raises $6.5 Million to Defend Against Rogue Hardware

Cybersecurity startup firm Sepio Systems, with headquarters in Gaithersburg, Maryland and R&D in Tel Aviv, Israel, has closed a $6.5 million Series A funding round. The funding was led by Hanaco Ventures and Merlin Ventures, with the participation of existing investors Energias de Portugal (EDP), Mindset Ventures and Pico Partners. Total funding raised by Sepio now stands at $11 million.

Cybersecurity startup firm Sepio Systems, with headquarters in Gaithersburg, Maryland and R&D in Tel Aviv, Israel, has closed a $6.5 million Series A funding round. The funding was led by Hanaco Ventures and Merlin Ventures, with the participation of existing investors Energias de Portugal (EDP), Mindset Ventures and Pico Partners. Total funding raised by Sepio now stands at $11 million.

Sepio was formed to defend against the increasing threat and occurrence of compromise via rogue hardware. Delivered as a cloud service, it detects and mitigates hardware-based attacks, rogue peripherals, invisible network devices, and manipulated firmware. It provides visibility into hardware assets and their behavior in real time, while a policy enforcement module allows administrators to define usage rules and detect misbehavior. It consequently supports the hardware supply chain while also detecting malicious actor-inserted rogue devices.

Sepio Systems LogoA common hardware attack is delivered against ATMs, where rogue hardware is inserted. However, network infrastructures are not immune. In July 2017 it was reported that two illegally attached Raspberry Pis on a healthcare network were redirecting staff to a lookalike external phishing site.

More recently, it was reported in June 2019 that NASA’s Jet Propulsion Laboratory (JPL) had been compromised via the attachment of an unauthorized Raspberry Pi computer to the JPL network. NASA’s own report stated, “Given the architecture of JPL’s network, the attackers were able to expand their access upon entry and move laterally across the network. Classified as an advanced persistent threat, the attack went undetected for nearly a year.”

Coupled with an unpatched critical software vulnerability, the attack resulted in the exfiltration of 23 files containing around 500 megabytes of data. “The increasing number of hardware based cyber-attacks is a major concern to all enterprises,” commented Yossi Appelboum, co-founder and CEO of Sepio. “While all other security solutions are focused on software threats, they are incapable of stopping threats coming from hardware.”

Sepio was founded in April 2016 by Bentsi Ben-Atar, Iftah Bratspiess, Yossi Appleboum and Greg Poch. The first three all served in Israel’s IDF intelligence units, while the chairman of the board is Tamir Pardo, a former director of Mossad — making Sepio another product of the Israeli cybersecurity startup conveyor belt.

“Besides creating the Rogue Device Mitigation category,” said Alon Lifshitz, founding partner at Hanaco Ventures, “it’s rare as an investor to back founders that have worked as a team for over twenty years now building their third startup together.”

The second primary investor in the funding round sees its primary task as bringing the Rogue Device Mitigation (RDM) solution to the U.S. federal space. Part of the expansion fueled by the funding will be a new office in Mclean, Virginia to support US federal customers. To date, Sepio’s RDM has been deployed in more than 25 banks, insurance and telecommunications companies in the U.S., Singapore, Brazil, South Africa and Israel.

Related: Supply-Chain Attack Used to Install Backdoors on ASUS Computers 

Related: DUST Identity Emerges From Stealth to Protect Device Supply Chain 

Related: IBM Supply Chain Breached as Storwize USBs Ship With Malware

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Funding/M&A

More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek

Funding/M&A

Forty cybersecurity-related M&A deals were announced in January 2023.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.