25 leading IoT security companies
16. Pwnie Express
The Pulse IoT security platform from Pwnie Express helps enterprise companies identify which IoT devices exist in their central network and in remote sites and identify vulnerable network nodes. The company’s technology works with both wired and wireless networked devices.
Provided as a software-as-a-service offering, the company’s Pwn Plus provides a centralized dashboard to ensure that a customer’s devices conform to relevant security policies.
Pwnie Express provides hardware such as the Pwn Pro and Pwn Plug R3 to facilitate with penetration testing.
The startup also offers penetration testing services and helps enterprise companies respond to exploits.
Pwnie Express serves a variety of sectors, including financial services, manufacturing, retail, technology and healthcare.
The company has always specialized in identifying rogue, misconfigured and unauthorized networked devices.
It also offers research on IoT security. For instance, a report released this year, titled “The Internet of Evil Things: 2017,” surveyed more than 800 security professionals and found that about 90% IT security professionals believed connected device threats would be a major security problem in 2017.
The company recently launched a partner program known as “Stampede” intended to help managed security service providers, value-added resellers and OEMs offer IoT security. The company was founded in 2010 as a startup in a Vermont basement, eventually attracting some $18 million in venture backing.
Qadium is a cybersecurity startup that has won backing from American entrepreneur and venture capitalist Peter Thiel. The firm has scored $66 million in funding to help refine its IoT-focused search engine, which the company says can find nearly every device linked to the internet in less than an hour. At present, the firm focuses its search engine on devices using IPv4. While the next version of Internet Protocol, known as IPv6, is currently rolling out, IPv4 continues to be more prevalent. Focusing on IPv4 enables Qadium to be nimble in its search of IoT devices linked to the traditional internet, scanning much of the web on an hourly basis to determine the status of connected devices. Dell, the U.S. Cyber Command and the U.S. Navy use the company’s technology.
Rapid7 is one of the best-known penetration testing companies and is the maker of Metasploit, a well-known penetration testing framework. The company has a dedicated IoT security practice and also offers technologies for discovering network vulnerabilities and rogue devices and for BYOD security. “One of the things that makes us stand out is that we are not here to sell you something. We want to partner with you,” said Deral Heiland, a veteran penetration tester who is a Rapid7 research lead specializing in IoT. “The ultimate thing is we want to have a stake in the game and partner with you to make you security champions and make you the best you possibly can be. You can’t solve all of the problems but we can make it easier for you to do security better.”
Additional notable cybersecurity experts on the Rapid7 team include Jay Radcliffe, who specializes in medical device cybersecurity, and Craig Smith, who focuses on transportation security. Radcliffe was one of the first security researchers to highlight security vulnerabilities in connected medical devices. Heiland has 30 years of IT experience and has specialized in security for roughly two decades.
Most of Rapid7’s IoT security revenue comes from manufacturers of IoT-based products. “That encompasses everything from camera systems to robots to medical devices to various other automation technologies that could be used in an enterprise or consumer environment,” Heiland said.
The company’s IoT division also assists in penetration testing in enterprise environments.
19. Raytheon Cyber
The company offers a variety of cybersecurity technologies including cybersecurity analytics, defense hardening, managed security services, threat research and assessment.
Raytheon made a big commitment to the cybersecurity business when it acquired 80% of the privately held Websense for $1.6 billion. After the acquisition, Raytheon created the firm Forcepoint, which brought together Raytheon’s military cybersecurity background and Websense’s focus on traditional data security. Forcepoint would go on to acquire Stonesoft, a maker of advanced firewalls. Forcepoint currently has more than 22,000 customers. Clients of Raytheon’s cybersecurity unit include enterprise companies, local governments and nation-states. Raytheon scored a contract with the U.S. Department of Homeland Security worth up to $1 billion over the next five years.
Also in the IoT arena, a subsidiary of Raytheon developed the Boomerang device, a gunshot detection system used in the Middle East and domestically for detecting active snipers.
Founded in 2004, SecureRF offers “post-quantum,” public key cryptography solutions for the low-resource processors powering the IoT. Describing itself as a provider of “quantum-resistant security tools for the Internet of Things,” SecureRF leverages post-quantum cryptography to help secure low-resource 32-, 16- and 8-bit processors that are common in IoT projects. Securing many IoT devices can be a challenge in that many devices lack the necessary computational and memory resources to support contemporary security software for traditional enterprise applications. SecureRF offers authentication and data protection solutions designed for IoT devices with a compact operating footprint. The company’s partners include ARM, STMicroelectronics and the U.S. Air Force.
Sophos offers a range of products designed to help improve IoT security. More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Sophos’ award-winning encryption and endpoint, web, email, mobile and network security technology are backed by SophosLabs, a global network of threat intelligence centers. The company has won accolades for its security expertise from Forrester and Gartner. Its OEM division offers security integration services for industrial applications, connected medical devices and other IoT applications. Earlier this year, the company debuted Mobile 7.1, the latest version of its enterprise mobility management platform. Mobile 7.1 supports an array of connected devices including IoT products. “The development team at Sophos wanted to lead the industry by offering the first steps towards an integrated protection strategy for all devices – mobile and IoT,” said Dan Schiappa, general manager and senior vice president of Sophos Endpoint and Network Security Groups, in a statement. The software offers management functionality for IoT devices, including the ability to apply policies and monitor status, battery levels and device firmware.
The cybersecurity heavyweight offers a comprehensive range of technologies for IoT security. In 2016, the company created a reference architecture for the Internet of Things. Symantec boasts that its technology helps protect more than 1 billion IoT devices. IoT-related offerings include Symantec’s Critical System Protection, which provides a unique behavioral lockdown against zero-day and advanced threats for industrial operational technology, retail and other connected devices running a broad range of operating systems including flavors of Linux, QNX, Windows and their embedded variants. The company recently won the Frost & Sullivan Customer Value Leadership Award for Industrial IoT.
Public key infrastructure specialist Thales helps enterprise companies authenticate IoT devices with digital certificates and encryption. The company’s nShield hardware security module (HSM) aids customers in managing the identity and security of IoT products. The HSM platform offers certificate-based authentication for the device and supports code signing to validate firmware updates and security patches. In addition, the company’s Vormetric data security platform offers certified encryption and key management for IoT implementation. The platform provides confidentiality and access control through data-at-rest encryption.
Earlier this year, the company’s Vormetric data security platform won an award at the annual Info Security Products Guide’s 2017 Global Excellence Awards.
The company’s customers include Polycom, Samsung Artik, Fujitsu, McKesson, Hitachi and Cloudera.
Thales is a member of the Industrial Internet Consortium and the EdgeX Foundry.
24. V5 Systems
Unlike most of the companies on this list, this Fremont, California-based company leverages IoT technology to improve security. The company is the first to offer portable self-powered security solutions including video surveillance and an acoustic tracking sensor for gunshot detection. Designed for use outdoors, V5 Systems’ technology boasts wireless functionality that eliminates the need for digging trenches to run wire for power and communications. In addition, the combination of wireless functionality and solar power and battery management enables the devices to be relocated quickly as physical security needs shift.
These solutions can store video footage locally on the device or send it to a back-end storage server. Chemical detection sensors that can enable it to detect gas leaks at industrial facilities is slated for 2018.
The platform can also accommodate a variety of other types of third-party hardware and software sensors. For example, it can be integrated with sensors to provide temperature and GPS data and supports both Wi-Fi and 4G wireless communications.
In terms of securing the data, V5 Systems has integrated role-based access control features into the platform and 2K RSA keys (2,048 bits) encryption with overall encryption using Advanced Encryption Standard (AES) 256 (256-bit keys). In addition, the UI access is protected by SSL encryption. From 2016 to 2017, V5 Systems has won 10 awards in both security and IoT industries, including the Security Industry Association’s New Product Showcase. Last year, the startup also came out on top of Dell’s “Connect What Matters” IoT competition, beating 970 competitors.
Most devices should behave predictably. If they behave erratically, there is likely something wrong. ZingBox takes this basic concept and applies machine learning and artificial intelligence to it to determine what normal behavior for IoT devices is, monitor that behavior over time and trigger alerts if there is, say, an anomalous traffic pattern that would indicate a security problem.
“One aspect that is interesting about ZingBox is that it is an agentless technology,” said Scott Darling, president of EMC’s corporate development and venture capital. “Let’s say you are monitoring medical equipment. You can’t install agents on it because it violates the licensing rules from the government about how you affect the internal software,” Darling said. “In addition, vulnerability scanners applied to IoT devices can sometimes cause those devices to fail. ZingBox overcomes these limitations by using AI and machine learning to help detect viruses on medical equipment by detecting suspicious traffic behaviors. The technology can help identify the ‘personality’ or profile of a given IoT device and track that its behavior does not change as a result of a cyberattack.”
Founded in 2014, the company is focused on IoT devices and has developed a significant business for connected medical devices. ZingBox can help companies monitor connected devices that weren’t designed with security in mind.
ZingBox was named to Gartner’s 2017 Cool Vendors in IoT Security list.