With so many security products and companies, we should be at the point where the “cybersecurity” problem is solved. But cybersecurity (or information security for those of us who still have “cyber” heartburn) is a wicked problem – unique in the way that it cannot be defined well and is constantly pivoting and evolving. Equally challenging is that there’s no one solution or even a way to test the effectiveness of a solution. It’s a problem created by people and exploited with all the ingenuity against people.
What makes it even more complicated is the global interdependent economy that brought together technologies supplied by thousands of providers around the world. We all became part of a very complex global supply chain, consuming technologies and services from others and building technologies and services for others. Technology supply chains consist of vendors of hardware and software we use in our infrastructure to support business operations and integrate with the products we build. At any point in this complex chain of supplier-consumer interactions, a vulnerability can be introduced which might later be exploited by adversarial groups to compromise organizations using this technology. It can be a hardware device we buy, like a laptop, a server, a network appliance, or a router; it can be software or firmware on any of these devices or in any of its components, or a software or cloud application we use in our business. Almost every cybersecurity problem is someone else’s supply chain security problem.
When Alex Bazhaniuk and I left Intel, we thought that if we were going to dive into the uncertainty of building a startup, we might as well work on a problem that is fundamental and has the potential to move the needle in defending against adversaries. Few problems in cybersecurity are as fundamental as securing hardware and its supply chain to build trust in systems we rely on. Hardware is no more. It’s operated by vast amounts of software developed by hundreds of manufacturers and suppliers. Ever since I started developing the open-source CHIPSEC framework more than a decade ago, I wanted to educate our community about these risks in the supply chain at the hardware and embedded firmware and software level. Exploiting vulnerabilities in this supply chain has become a commonplace occurrence and one that is difficult to detect and prevent.
Fast Forward…
Five years ago, when we embarked on solving a seemingly intractable problem, little did we know that our team at Eclypsium would build a product that would be used by dozens of enterprise and government customers, more than a ten-fold increase since our Series A, in the midst of a global pandemic and a market downturn.
Today, I am excited to share that we have raised $25M in new funding led by Alex Doll at Ten Eleven Ventures, with participation from all our existing investors including prior lead investors, Andreessen Horowitz and Madrona Ventures Group. Alex has been a steadfast believer in Eclypsium’s mission and also built and led investments in some of the greatest cybersecurity companies. His and Ten Eleven’s experience will help guide us as we move into our next phase of growth, and the time to upshift is now.
What’s Next?
Increasing complexity and risk of vulnerabilities in hardware, firmware, and software supply chains, as well as a growing number of breaches due to these vulnerabilities, is driving demand for our product, making this the right time to take on new funding.
We’ll use this new capital to expand our product capabilities, to help enterprises and public sector customers secure and ensure the integrity of hardware, firmware, and the software supply chain when they need this the most. And we will continue to foster our leadership in supply chain security research.
The sheer number and complexity of modern devices requires a highly-specialized understanding of the equipment built by various manufacturers and of all firmware and software shipped with these devices. As organizations increasingly turn to zero trust principles to defend their device fleets and operations, they must be able to see and verify all these layers of their technology supply chain. At Eclypsium, this is all we do, and we’re the best at it. On behalf of the Eclypsium team, we are grateful to our early customers, partners, investors, and advisers, who believe in our mission and want to help us shape this technology. And of course, I’m truly grateful to our incredible team at Eclypsium.
As the saying goes – we are just getting started. Let’s go!
