25 leading IoT security companies
A decade ago, the main cybersecurity concern for primary enterprises and industrial firms related to their laptops, desktops and servers. Now, the risk landscape has become exponentially more diverse. While we are arguably still in an early phase of IoT adoption, the Internet of Things is beginning to become ubiquitous in the modern business world. Many organizations, for instance, have wireless smart TVs in their boardrooms and wireless surveillance cameras and smart lighting overhead. Other organizations have had to contend with various IoT-related security worries, ranging from unauthorized drones spying on industrial facilities to rogue connected devices on their premises. IoT technology is also found in everything from hospitals, water purification facilities to smart city initiatives.
The multifaceted threat landscape has given rise to a cottage industry of startups and midsized IoT security companies offering to help industrial and enterprise companies stay safe in a quickly evolving environment. The situation has also won the attention of networking and security heavyweights such as Cisco, Symantec and McAfee, which offer to help businesses stay safe as the field of network security grapples with an IoT-driven Wild West phase.
Here, we present 25 trailblazing IoT security companies, presented alphabetically. All the companies on this list either have a dedicated IoT security business or they leverage innovative connected technology to help thwart security risks, whether they are stopping an unauthorized person from accessing the network or a drone from entering an organization’s property.
Criteria for ranking included firms’ degree of focus on enterprise and industrial IoT security and the innovation and market traction of their product offerings. When available, we factored into the ranking reviews of the companies’ technology and workplace culture. The companies
Founded in 2015, startup Armis recently received considerable attention after its discovery of BlueBorne, a Bluetooth-based attack vector. Although the firm offers an IoT security platform, it has also done a significant amount of research on IoT device security and maintains a database including more than 4 million connected devices.
The company offers an agentless security platform tailored for IoT devices. In the words of CEO and co-founder Yevgeny Dibrov, Armis aims to help enterprise companies end the “IoT blind spot” that exists when organizations have poor awareness of the devices on their network. “If you look at an average organization today, they can’t see around 40% of their connected devices in their environments,” Dibrov said. “If you went back five to seven years ago, the main wireless devices in an office were laptops. Today, the diversity of wireless devices is huge: security cameras, smart TVs, wireless printers and more.”
Armis technology can also help spot active threats and rogue connected devices in an enterprise setting, which is one of the simplest attack vectors for cybercriminals. The technology is installed in more than 100 organizations across the United States.
Dibrov and Chief Technology Officer Nadir Izrael, also co-founder, previously worked at Unit 8200, the cyber-Intelligence service of the Israeli Intelligence Corps, which is analogous to the National Security Agency in the United States. Earlier this year, Gartner recognized the company on its Cool Vendors in Security for Midsize Enterprises list.
Bastille leverages patented software to help with enterprise IoT security. Having noticed that three-quarters of IoT technology use radios, it is the first company to specialize in mitigating the risk of what it terms “Internet of Radios,” or unsecured connected devices emitting frequencies from 60 MHz to 6 GHz within an organization. Many enterprise and industrial companies already have devices that use RF communications but are often not aware of the extent of the security risk those technologies pose. The need for the company’s technology can be seen, for instance, in an April tornado siren hack in Dallas.
The company has created a cloud-based platform focused on sensing, identifying and locating threats from RF-enabled devices. The platform supports more than 100 distinct communication protocols.
Bastille’s technology can be used to help mitigate attacks and spot rogue devices (including rogue cell towers) but can also be useful in doing forensic analysis following a cyberattack.
The company’s core engineering office is in Atlanta. Bob Baxley, who ran the software-defined radio lab at Georgia Tech, leads the company’s engineering efforts.
Bastille is working both with the U.S. Department of Defense and the Department of Homeland Security.
3. CENTRI Technology
CENTRI Technology’s Internet of Things Advanced Security (IoTAS) platform is a software-only platform designed to both secure and compress data in motion and at rest. The technology is based on research from the University of Mississippi. The company’s chief scientist, Luis Paris, invented and patented cache-mapping compression, a data compression algorithm that enables fast and secure data transfer. The technology was the basis of Paris’ doctoral studies. CENTRI was created around a technology transfer with the university. Typically used in computer processors, cache memory speeds access to memory. Paris, however, explained in his doctoral thesis that cache memory can be used for real-time data compression and data security for connected devices. “We think about data as the be-all and end-all,” said Vaughan Emery, CENTRI’s CEO and president. “We have a platform that provides security from chip to cloud, whether that is private cloud, public cloud or hybrid.”
The platform provides device identity, secure session, key management and data cryptography at rest and in transport. “There is no central [hardware security module] required with our platform,” Emery said, which makes it easier for companies to scale IoT applications securely. The company’s technology also makes it possible for users to search encrypted data. “Best practices drive that all data should be encrypted. The problem is that encrypted data has a tendency to break application stacks or BI or analytics systems that customers are using,” Emery explained. “With our platform, customers can search that encrypted data and they can extract data that remains encrypted. As it passes to the application, our process will decrypt it based on all of the proper access controls.”