Written by Bain Capital Ventures Managing Director Enrique Salem.
We live in a hyper-connected world that dramatically improves mobility and our access to information. Our homes are smarter, and we’re increasingly taking advantage of innovations that are connecting factories and power plants, making healthcare more efficient, and transforming our retail and banking experiences. And the data proves it. Endpoints of IoT will grow at a 32 percent compound annual growth rate (CAGR) from 2013 through 2020, reaching an installed base of 21 billion units.
But as IoT proliferates across all aspects of our lives, so too are our vulnerabilities. Cybersecurity attackers are more sophisticated than ever before; meanwhile nation states are now active participants in cyberwar. They’re shifting to new unprotected vectors, and pressure is mounting for companies to offer customers a ‘secure’ solution.
That’s why we’re excited to lead a $21.9 million Series A investment in Red Balloon Security, a leading security provider and research firm for embedded devices.
Endpoint security at the firmware layer
Founded in 2011 by Dr. Ang Cui (pictured below), Red Balloon Security has developed a unique product called Symbiote Defense that’s broadly applicable across multiple embedded security market segments. What makes Symbiote different from other endpoint security solutions is that it hardens devices against malicious intrusion by embedding itself directly into firmware so that it can stop the most critical attacks instead of sitting at the gateway. And it’s worth emphasizing any device, regardless of CPU type and operating system and without the need for hardware or source code modifications.
While high-profile cyberattacks and attempted compromises in the connected automobile and medical device industries have driven some early security spend in those specific verticals, other industries haven’t gotten as much attention.
Most networked devices — automotive, point-of-sale, unified communications, medical devices, IoT, SCADA, home and office equipment — lack strong host-based defense. This amounts to them being highly-vulnerable and actively compromised, whether for corporate espionage, financial fraud or state-sponsored cyber warfare. With these firmware exploits on the rise and as cybersecurity threat actors become increasingly advanced, traditional endpoint security methods simply aren’t enough.
Transcending industries and seizing a multi-billion dollar market
Luckily, there’s now Red Balloon Security. Given Symbiote is CPU-type and OS agnostic, the company can go after multiple embedded security market segments simultaneously with limited go-to-market resources. Moreover, they’re in a great position to capitalize on a large market opportunity — estimated at $3.4 billion — across segments in both the public and private sector.
What’s more is that Red Balloon Security is led by an extraordinarily technical team, made up of leading academics, researchers and developers who have pioneered seminal research for the U.S. Department of Defense and worked with various intelligence agencies to identify and disclose critical vulnerabilities. They have not only developed effective and highly-defensible technology, but they continue to be in high demand for projects commissioned by the U.S. government even as they continue to deploy their technology to commercial users across all major industries.
I couldn’t be more excited about this team’s potential and the opportunity to partner with some of the brightest minds in cybersecurity today. As our obsession with connectivity only continues to flourish, it’s comforting to know that Red Balloon Security is making it possible to keep embedded devices, anywhere and everywhere, safe and secure.