Eclypsium: Protecting the Remote Work Environment

Addressing major security loopholes in the hardware and firmware of network devices

Written by

Alumni Ventures

Published on

Read

3 min

We are living in a remote world. Zoom is the modern way to maintain “water cooler” office talk, and attending school online is the new normal.

We have become increasingly reliant on tablets and mobile devices to stay connected to friends, family members, and colleagues. While this way of working and learning has its benefits, one disadvantage is that our increased reliance on these devices makes them an increasingly attractive target for cyber attacks. Maintaining our device’s security-protectio

Eclypsium, an Alumni Ventures Group portfolio company, addresses the major security loopholes existing in the hardware and firmware of computers, servers, and data centers by viewing the health of a company’s hardware inventory.

The Need for Firmware Protection

Firmware is in every device in the modern enterprise — from mobile phones and laptops to the servers, switches, and networking infrastructure that power data centers and networks globally. Every enterprise device contains dozens of components, each with millions of lines of proprietary firmware code.

Hacker infiltration at the firmware or hardware level can have the worst possible consequences, effectively allowing attackers to take control or “own” the machine. Historically, the sophistication required to implement this type of attack made them relatively rare. In recent years, however, organized cybercrime entities have provided the necessary funding and talent to make hardware exploits a reality. More recently, firmware attacks have become pervasive and persistent for certain industries, and they now have the ability to permeate and compromise entire data centers.

Despite this, existing cybersecurity solutions only address risks at the software level, leaving hardware/firmware wide open for exploitation. This problem is further compounded as organizations often forget to update firmware on their devices, making firmware protection services more imperative.

Eclypsium’s cloud-based security platform provides visibility into the health of a company’s hardware inventory, ultimately helping security teams manage and protect all networking devices. The company’s platform locates firmware updates and patches devices while also detecting security threats — ranging from basic device health to protection from bigger threats.

As an example, In July 2020, Eclypsium identified BootHole, a major security complication involving Windows 8 and 10 and Linux devices. The risks of BootHole threatened to give an attacker total control over an impacted device. Eclypsium’s discovery allowed Microsoft, Red Hat, Citrix, and VMWare to release prompt remedies for the threat.

What We Liked About the Deal

Significant Customer Traction: Eclypsium’s customers include many major corporations across a variety of industries. Current customers are using the platform to secure their networking devices.

Large Market: Eclypsium’s security platform addresses the global 2 billion computers and over 100 million servers and network appliances vulnerable to attack at the firmware level. Additionally, the increase in remote work and the widespread lack of firmware protection increases the potential market value. 

Strong Investor Syndicate: Investors include Intel Capital, Andreessen Horowitz, and Madrona Venture Group.

Deep Technical Team: The company is run by an extremely technical team who spent years researching various security threats at Intel’s Security Division. The Founder/CEO found these security loopholes while serving as the Chief Threat Researcher at Intel and decided to launch Eclypsium to address the problem.

How We Are Involved

Eclypsium recently raised a $13M funding round. Alumni Venture Group’s investment in Eclypsium was led by Triphammer Ventures, a fund for Cornell alumni and friends of the community.