Firmware supply chain company Binarly raises $3.6m seed funding

Alex Matrosov, Co-founder at Binarly

Binarly Inc., a cybersecurity firm building tech to address security issues, announced $3.6m in seed funding from WestWave Capital and Acrobator Ventures. Cybersecurity leaders Michael Sutton, Thomas ‘Halvar Flake’ Dullien, Jamie Butler, Ryan Permeh, Bryson Bort, Pedram Amini, Chris Ueland and David Mandel from Emerging Ventures also joined as investors.

What is Binarly’s product offering?

Binarly is co-founded by security pioneers Alex Matrosov and Claudiu Teodorescu, who worked on hardware and software security at NVIDIA, Intel Corp., ESET, BlackBerry, Cylance and FireEye. Matrosov, a highly regarded researcher who is regularly credited with major vulnerability discoveries, is co-author of Rootkits and Bootkits, a seminal book that explains how to counter sophisticated, advanced threats buried deep in a machine’s boot process.

Binarly has built a SaaS platform for understanding and responding to silent, undetectable security threats at the firmware layer. Using machine learning and deep code inspection at the binary level, Binarly enables security teams to have visibility into hardware and firmware failures and a simple way to recover from sophisticated attacks below the operating system.

Binarly also developed its own tech for vulnerability management and protecting the firmware supply chain from repeatable failures. The company’s approach uses semantic properties of the binary code to improve detection accuracy by limiting the number of false positives.

What is Binarly’s market reach?

So far this year, Binarly has coordinated the disclosure of 107 critical firmware security vulnerabilities affecting the entire enterprise device ecosystem. The firm worked with security response teams at Insyde, AMI, Lenovo, Dell, HP, HPE, Siemens, Fujitsu, Atos, Intel, AMD and many other vendors to mitigate high-impact security issues across the computing landscape.

Many of these vulnerabilities demonstrate the complexities of the firmware supply chain that negatively disrupt the timeline for patch delivery and identification of impacted parties.

“The approach today is to detect risks related to the firmware by using the version number of the firmware update against a database of threats. This leads to firmware supply chain failures because known threats that aren’t associated with a version number of a firmware release won’t be detected thus keeping the ‘doors’ open for attacks,” Matrosov said.

“Assessing the impact of a firmware based vulnerability in a client environment is a problem without solution. We have developed the FwHunt tech that adds semantic context around a known vulnerability to ensure detection while reducing false positives,” Teodorescu said.

Binarly plans to use the investment to speed up R&D initiatives, expand its world-class engineering team, and scale enterprise and device manufacturer adoption of its technologies.

What were the investors’ thoughts on Binarly?

“CISOs from critical infrastructure firms, hyperscalers, and cybersecurity experts rate firmware security a top-three priority,” said Mike Reiner, General Partner, Acrobator Ventures.

“In a world where IoT, edge devices and the mere size of firmware on devices significantly increases, it’s a matter of ‘when’ not ‘if’ new dominant security solutions are adopted. Why Binarly? They’ve got the best-in-class team discovering vulnerabilities no one else has found and managed to surround themselves with incredible experts,” Mike Reiner further said.

“We are excited to invest in founders Alex and Claudiu at Binarly. We have immense respect for their deep technical expertise and understanding of the firmware security market. We recognize that there are significant exposure issues in addressing firmware security threats and we have strong conviction that Binarly will mitigate those concerns – both immediate and in the long term,” commented Warren “Bunny” Weiss, Managing Partner, WestWave Capital.

“It’s no secret that firmware security presents a growing challenge that needs to be solved. For far too long, hardware manufacturers have relied on security through obscurity and we’re now paying the price as attackers identify and exploit flaws that impact thousands of devices across the globe,” commented Michael Sutton, Managing Partner at Stonemill Ventures.

“Blindly trusting hardware manufacturers is a recipe for disaster. Binarly has the expertise and vision to execute on delivering a scalable solution to get this problem under control.”