At Madrona, we look for exceptional founders attacking big markets. Today, we are thrilled to announce our Series A investment in Eclypsium, the industry’s first enterprise firmware and hardware security platform. We couldn’t be more excited to lead another investment in a phenomenal Oregon-based team and join forces with returning investors Andreessen Horowitz and Intel Capital. Our investment in security has been enterprise focused – with Tigera, ExtraHop and the recently acquired Icebrg – and we are always on the lookout for unique approaches to this ongoing issue in modern computing.
Firmware is in every device in the modern enterprise – from end-user devices like mobile phones and laptops, to the servers, switches, and networking infrastructure that power data centers and networks globally. Exploits at the firmware or hardware level can have the worst possible consequences: attackers can “own” the machine and wiping/re-imaging may not get rid of the threat. Historically, the sophistication required to implement this type of attack made them relatively rare. In recent years, however, organized cybercrime and nation-states have provided the necessary funding and talent to make hardware exploits a reality. More recently, firmware attacks have become pervasive and persistent for certain industries; and they have the ability to permeate and compromise entire data centers, remaining undetected on thousands of devices. A wave of new attacks like the recent supply chain compromises or the LoJax UEFI exploit have clearly shown that organizations can no longer afford to rely on “security by obscurity” when it comes to their hardware. While the alleged Super Micro brouhaha is a bit of a different beast (and we were already well into discussions with Eclypsium when the story broke), it still illustrates the high-stakes nature of hardware and firmware-related exploits.
We were fortunate to be introduced to Eclypsium’s co-founder and CEO Yuriy Bulygin in the summer of 2017 by Will Peteroy from Icebrg (Madrona portfolio company acquired by Gigamon) and Drew Smith from the Oregon Venture Fund. We were instantly impressed by Yuriy’s deep firmware security expertise, passion for solving some of the hardest security problems and ability to build a world-class team of experts. We knew that the market for endpoint and data center security is massive with over $15B in spending combined, with hundreds of vendors offing a variety of solutions. All of the existing solutions, however, address risks at the software level from the operating system up to the applications. We hadn’t seen any companies focused on the attack surface from firmware down to hardware, arguably an equally large and significant attack vector. While the need for more effective security solutions is obvious, finding original security ideas addressing large new markets is very rare. Eclypsium represents both.
In getting to know the Eclypsium founders, Yuriy Bulygin and Alex Bazhaniuk, we quickly realized they were not only creating a potentially huge new market, they were conceivably the best team in the world to do it. Before founding Eclypsium, they had spent years at Intel’s Advanced Threat Research and McAfee on the front lines of discovering new threats and analyzing the world’s most sophisticated hardware and firmware attackers. There they created the open source project, CHIPSEC, a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform component, which has garnered participation from many of the leading hardware manufacturers and cloud providers. They bring together a truly unique collection of talent and experience in firmware threat research and real-world mitigation. Eclypsium’s mission is to find, stop and remove such attacks, which threaten the heart of every enterprise and organization today. They protect organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networking infrastructure.
We believe the Eclypsium team has the opportunity to create one of the next very large security companies and be the number one player in the evolving firmware security landscape. We look forward to working closely with Yuriy, Alex and team to build another leading technology company here in the Pacific Northwest.
You can learn more about Eclypsium and firmware security here:
- Watch a 3-minute video to learn how attackers use firmware level attacks to subvert traditional security, and how Eclypsium’s platform helps detect, defend and mitigate
- Access Eclypsium’s firmware threat intelligence and research
- Learn about the hardware attack surface and how to defend it