#BackedbyBCV: Security For Embedded Devices, Anywhere And Everywhere — Why We Invested In Red Balloon Security

3 min read April 3, 2018
Spotlight Infra

Written by Bain Capital Ventures Managing Director Enrique Salem.

We live in a hyper-connected world that dramatically improves mobility and our access to information. Our homes are smarter, and we’re increasingly taking advantage of innovations that are connecting factories and power plants, making healthcare more efficient, and transforming our retail and banking experiences. And the data proves it. Endpoints of IoT will grow at a 32 percent compound annual growth rate (CAGR) from 2013 through 2020, reaching an installed base of 21 billion units.

But as IoT proliferates across all aspects of our lives, so too are our vulnerabilities. Cybersecurity attackers are more sophisticated than ever before; meanwhile nation states are now active participants in cyberwar. They’re shifting to new unprotected vectors, and pressure is mounting for companies to offer customers a ‘secure’ solution.

That’s why we’re excited to lead a $21.9 million Series A investment in Red Balloon Security, a leading security provider and research firm for embedded devices.

Endpoint security at the firmware layer

Founded in 2011 by Dr. Ang Cui (pictured below), Red Balloon Security has developed a unique product called Symbiote Defense that’s broadly applicable across multiple embedded security market segments. What makes Symbiote different from other endpoint security solutions is that it hardens devices against malicious intrusion by embedding itself directly into firmware so that it can stop the most critical attacks instead of sitting at the gateway. And it’s worth emphasizing any device, regardless of CPU type and operating system and without the need for hardware or source code modifications.

While high-profile cyberattacks and attempted compromises in the connected automobile and medical device industries have driven some early security spend in those specific verticals, other industries haven’t gotten as much attention.

Most networked devices — automotive, point-of-sale, unified communications, medical devices, IoT, SCADA, home and office equipment — lack strong host-based defense. This amounts to them being highly-vulnerable and actively compromised, whether for corporate espionage, financial fraud or state-sponsored cyber warfare. With these firmware exploits on the rise and as cybersecurity threat actors become increasingly advanced, traditional endpoint security methods simply aren’t enough.

Transcending industries and seizing a multi-billion dollar market

Luckily, there’s now Red Balloon Security. Given Symbiote is CPU-type and OS agnostic, the company can go after multiple embedded security market segments simultaneously with limited go-to-market resources. Moreover, they’re in a great position to capitalize on a large market opportunity — estimated at $3.4 billion — across segments in both the public and private sector.

What’s more is that Red Balloon Security is led by an extraordinarily technical team, made up of leading academics, researchers and developers who have pioneered seminal research for the U.S. Department of Defense and worked with various intelligence agencies to identify and disclose critical vulnerabilities. They have not only developed effective and highly-defensible technology, but they continue to be in high demand for projects commissioned by the U.S. government even as they continue to deploy their technology to commercial users across all major industries.

I couldn’t be more excited about this team’s potential and the opportunity to partner with some of the brightest minds in cybersecurity today. As our obsession with connectivity only continues to flourish, it’s comforting to know that Red Balloon Security is making it possible to keep embedded devices, anywhere and everywhere, safe and secure.

Related Insights

Jamstack and Modern Web Dev

All areas of infrastructure software change rapidly, but perhaps none of them quite as quickly as the web development stack. The rate of innovation in other categories of infra can be limited by a few things, including relative technical depth (e.g. databases) or reluctance in depending on new players (e.g cybersecurity). Web dev tools, on […]

Sam Crowder 4 min read
Spotlight Infra

Why We Invested In Smallstep: Taking The Headache Out Of Certificate Management

by Enrique Salem Software is increasingly becoming an interconnected web of microservices, containers, and endpoints. The connections between each of these components can be compromised, creating potential security risk. The rise of cloud computing, distributed systems, and remote work has only accelerated these trends. To ensure that software is built securely and reduce the surface […]

Enrique Salem 3 min read
Spotlight Infra

BCV Leads $105M Series C In Docker: Enabling Modern Software Teams To Ship Quickly And Securely

By Enrique Salem, Partner at Bain Capital Ventures Today, BCV is excited to announce our Series C investment in Docker, the leader in container packaging, distribution, and security. These activities are so core to a software developer’s process that we expect Docker to become one of the generational companies in the space. Docker exploded onto the scene in March […]

Enrique Salem 3 min read
Spotlight Infra