Oregon cybersecurity gets a boost, Beaverton-based Eclypsium raises $8.75 million

Oregon’s ecosystem of leading cybersecurity companies throughout the state just got a little stronger today. Today, Beaverton-based Eclypsium, which is pioneering a new type of IT security to protect firmware and hardware, announced that the company has raised $8.75 million from investors. That’s definitely good news on the firmware attack front.

According to Charlie Kawasaki, vice chair of the Oregon Cybersecurity Advisory Council, “A growing concern in the world of cybersecurity is the frequency of attacks on firmware. As manufacturers and users become better at regularly patching holes in operating systems and software, criminal organizations are constantly looking for new vectors of attack. This is just another example of the persistent threat criminals pose to cybersecurity. Criminals will always seek new attack vectors and successfully exploit those until security enhancements reduce their success and profitability.”

Firmware is at the heart of every computer and electronic device, from laptops to servers to network devices. The main motherboard, network cards, management controllers, storage devices and dozens of other components all rely on firmware developed by different manufacturers that can be compromised by sophisticated attackers looking to steal information and cause damage.

Fortunately, Eclypsium has developed a new approach to enterprise security that protects firmware and hardware. The company’s software finds the areas where organizations can be vulnerable and actively defends against attacks in the firmware.

Eclypsium raised $8.75 million in Series A funding to help the company develop this technology. Madrona Venture Group led the investment round, backed by prior Eclypsium investors Andreessen Horowitz, Ubiquity Ventures, and Intel Capital. According to The Oregonian, the company’s research suggests firmware is a neglected element of computer security, with many devices running outdated software vulnerable to attack.

Eclypsium was founded by Yuriy Bulygin, CEO, and Alex Bazhaniuk, CTO, both ex-Intel security researchers. They believe that hardware and firmware-level attacks that live below the level of the operating system are a glaring blind spot. For the entire history of modern information security, the battle has largely been waged from the operating system up. Antivirus software and malware continue to battle for control of the host OS.

“This is a major step for the company, but also an important step for the security industry. We are tackling some of the most challenging and unaddressed problems in information security today,” said Yuriy Bulygin, Eclypsium CEO and founder. “By focusing on the firmware layer, we are defending the area where attackers are the most sophisticated, vulnerabilities are the most prevalent and persistent, and security controls are the weakest.”

“During our Beta program, evaluating thousands of devices, we found that more than 77% of the devices we analyzed had outdated firmware, and nearly 100% were vulnerable to known attacks,” continued Bulygin.” The firmware layer is a major unaddressed source of risk for the enterprise. We have a huge opportunity in front of us.” For more information on the company’s funding and plans: https://eclypsium.com/2018/12/04/series-a-funding-and-eclypsiums-next-chapter/

Eclypsium protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networking infrastructure. According to Bulygin, Eclypsium enterprise firmware protection platform is built on decades of firmware threat research and real-world experience pioneering the open source project known as CHIPSEC. Eclypsium’s solution proactively finds and manages firmware risk and protects from firmware-based threats at all of the key points in the hardware lifecycle, from deployment to operational use.

Eclypsium is another example of strong technology and cybersecurity expertise in Oregon, with the goal to protect organizations from security threats.

On behalf of the Cyber Oregon Team: Welcome to the fight!