1. 威客安全首页
  2. 安全融资

Sepio:获融$4M 恶意设备防护

【200325 Securityweek】Rockville, Maryland-based startup Sepio Systems, a rogue device mitigation firm, has raised a further $4 million that supplements the Series A round of $6.5 million announced in November 2019.

【谷歌翻译 未经校对】总部位于马里兰州罗克维尔的初创公司Sepio Systems是一家流氓设备缓解公司,已进一步筹集了400万美元,以补充2019年11月宣布的650万美元的A轮融资。

The new investment comes from Munich Re Ventures and Hanaco Ventures, bringing the total raised to $15 million. It is, however, more than just a financial investment since Sepio is simultaneously partnering with the Munich Re insurance arm to provide customers with no-cost guarantees for the service it provides.

新的投资来自Munich Re Re Ventures和Hanaco Ventures,使总筹资额达到了1500万美元。但是,由于Sepio同时与Munich Re保险部门合作,为其客户提供免费的服务担保,因此,这不仅仅是一笔金融投资。

Sepio has three primary offices: headquarters in Rockville; R&D in Tel Aviv, Israel; and a machine learning center in Lisbon, Portugal. The firm was founded in 2016 by Bentsi Ben-Atar (CMO), Iftah Bratspiess (co-CEO), and Yossi Appleboum (co-CEO). This is the third company the group has founded together since the late 1990s. Before then, all three had all worked within the Israeli intelligence services. The current chairman of the board, Tamir Pardo, was formerly the director of Mossad, while another advisor is a former CISO with the CIA.

Sepio拥有三个主要办事处:总部在罗克维尔;以色列特拉维夫研发中心;在葡萄牙里斯本的机器学习中心。该公司由Bentsi Ben-Atar(CMO),Iftah Bratspiess(联合首席执行官)和Yossi Appleboum(联合首席执行官)于2016年成立。这是集团自1990年代后期以来共同建立的第三家公司。在此之前,这三个人都曾在以色列情报部门工作过。现任董事会主席Tamir Pardo曾担任Mossad的董事,而另一位顾问则是CIA的前CISO。

The service provided by Sepio is to detect and mitigate any rogue device that has been attached to the corporate infrastructure. This is a growing threat that only a few years ago was limited to adversarial nation-state activity, but is now increasingly being adopted by major criminal gangs.


While logical security — that is, protecting the flow of data around a system — is well-served by the cybersecurity industry, there is very little that concentrates on the hardware devices. Sepio Systems detects devices connected to the network that should not be there, whether they be keyboards, USB sticks, webcams or even scanners.

尽管逻辑安全性(即保护系统周围的数据流)在网络安全行业中得到了很好的服务,但几乎没有什么可以集中在硬件设备上。Sepio Systems会检测到不应该存在的连接到网络的设备,无论是键盘,USB记忆棒,网络摄像头还是扫描仪。

“Generally speaking,” Appleboum, told SecurityWeek, “people don’t consider devices like mice or keyboards as potential rogue devices posing a security threat — but it does happen. Sepio recently discovered a rogue mouse that was used to communicate with a C&C in order to deliver a ransomware attack; and another one that was used to exfiltrate proprietary information from a highly secure facility.”


He continued, “We’ve also found rogue keyboards — one was found within the close supply chain of a stock exchange in Europe, where an implant within the keyboard was able to collect sensitive data. These attacks are mostly delivered by swapping an existing device with a false one that looks identical.”


The advantage to the attacker in this scenario is that there is no injection of detectable malware into the network (although it could be done if that is the purpose of the attack). If the attack is intended for espionage only, the rogue device simply exfiltrates what it receives. In the example of the supply chain rogue keyboard, it could potentially obtain credentials for access directly into the stock exchange. The same principle would apply for attacks against military or critical infrastructure facilities. “A rogue device is similar to having a malicious insider inside the target organization,” said Appleboum.


The system works by collecting meta data, which becomes a fingerprint, from all the customer’s devices and storing the fingerprint in the Sepio cloud. If a criminal group were to swap the official device for a compromised one, then the fingerprint changes to something unrecognized, and the device is flagged. So, for example, if a customer uses Dell equipment, all the official keyboards will have an identical fingerprint. If one is swapped for a malicious keyboard with a hidden implant, it may look identical to the official keyboards, but will generate a different fingerprint.


The advantage of this approach is that it does not generate false positives. If one employee doesn’t like the Dell keyboard and brings in and connects a personal Microsoft keyboard, provided that the keyboard has not been tampered with, it will still generate the correct fingerprint for what it is, and be accepted. The Sepio cloud currently holds around 5 million different fingerprints for genuine devices. Proprietary machine learning developed in the Lisbon office is used to determine good from bad fingerprints.


Remediation against detected rogue devices will depend on the customer’s policy. In some cases, especially in production environments, continuity of operation may be essential. Here, the problem will simply be reported, and the customer can take whatever action it deems possible or advisable. If continuity of operation is not essential, Sepio can immediately and automatically shut down the rogue.


The process can also be used in home working situations. The devices will still be monitored by the Sepio cloud. Even if different members of the family use different mice or keyboards on a home computer, only if the device generates a fingerprint unknown to the machine learning in the cloud will an alert be triggered. 


Working from home is a growing practice. During the COVID-19 pandemic it has become standard practice. There is ample advice on coping with the new expanded threat from home working — but there is another side that is not so obvious. While staff are being sent home, buildings and infrastructures are largely left unattended. “The whole infrastructure becomes vulnerable to rogue devices while the building is left empty,” commented Appleboum. “Both adversarial states and criminal gangs will use this opportunity to install rogue elements inside those organizations. We are almost certain that such campaigns are in process right now.”

在家工作是一种越来越普遍的做法。在COVID-19大流行期间,它已成为标准做法。有很多建议可以应对家庭工作带来的新威胁,但是还有另一面并不那么明显。在将员工送回家中时,建筑物和基础设施基本上无人看管。Appleboum评论说:“当建筑物空着时,整个基础设施都容易受到流氓设备的攻击。” “敌对国家和犯罪团伙都将利用这一机会在这些组织内部安装流氓分子。我们几乎可以肯定,此类运动目前正在进行中。”

Sepio Systems closed its primary Series A round of $6.5 million in November 2019. That funding had been led by Hanaco Ventures and Merlin Ventures, with the participation of existing investors Energias de Portugal (EDP), Mindset Ventures and Pico Partners.

Sepio Systems于2019年11月完成了第一轮650万美元的融资。该轮融资由Hanaco Ventures和Merlin Ventures牵头,现有投资者Energias de Portugal(EDP),Mindset Ventures和Pico Partners参与。

网安团队找钱 / 投资人找网安项目

+微信 junshao

—— 全球网安投融事件 TimeLine ——


【代码安全】StackHawk:获融$2.5M 代码漏洞修复
【业务安全】Axis:获融$17M 权限管理
【业务安全】ZeroNorth:获融$10M 流程编排
【业务安全】Right-Hand:获融$1M 员工行为监控
【安全管理】Arctic Wolf:获融$148.2M SOC即服务
【云安全】Perimeter 81:获融$4.5M 零信任
【身份认证】Youverify:获融$1.5M 致力非洲
【物联网】Ordr:获融$6M 物联网安全
【车联网】银基安全:获融¥亿元 汽车数字钥匙 
【云安全】易安联:获融近¥亿元 云加密网关


【数字货币】链安科技:三月内两获融 数字货币安全
【数字货币】CoolBitX:获融$16.7M 数字货币安全
【安全媒体】斗象科技:获融近亿元 安全媒体与网安方案
【安全合规】OneTrust:获融$210M 隐私合规
【代码安全】Polyverse:获融$8M 开源代码加扰
【数据安全】Enveil:获融$10M 同态加密
【数字货币】Harbor:被BitGo并购 数字货币安全
【安全服务】Praetorian:获融$10M 麦肯锡伙伴
【威胁情报】Sixgill:获融$15M 暗网威胁情报
【端点安全】Deep Instinct:获融$43M AI预防网络攻击
【身份认证】AimBrain:被BioCatch并购 多模式生物识别
【身份认证】PlainID:获SAP投资 访问控制
【整体并购】Cloudvisory:被火眼并购 强化云安全
【身份认证】VGS:获VISA投资 访问权限
【整体并购】S2:被Cloudflare收购 强化浏览器安全
【风控】数美:获融$73M AI驱动风控
【数据安全】数篷科技:获融$13M 零信任


【网络攻防】博智安全:获融¥1.5亿 网络靶场
【公共安全】RunSafe:获融$6.3M 关基网安
【合规风控】Osano:获融$5.4M 隐私保护
【整体并购】RiskRecon:被万事达卡并购 强化网安
【整体并购】Shape Sec.:被F5以$1B收购 布局反欺诈
【工业网安】Seeq:获融$24M 工业网分析
【整体并购】CyberSponse:被飞塔并购 布局SOAR
【合规风控】CyberGRX:获融$40M 第三方风控
【威胁防护】默安科技:获融近¥两亿 欺骗防御
【代码检测】Secure Code Warrior:获融$47.6M
【整体并购】5nine:被Acronis收购 布局云安全
【数据安全】Zebu:获融CA$5.2M 企业数安
【数据安全】GitGuardian:获融$12M 数据防泄漏
【数据安全】日志易:获融¥8000万 日志分析
【二级市场】三六零:定增¥100亿 发力关保
【安全检测】Cyberhaven:获融$13M 行为安全分析
【安全检测】GitGuardian:获融$12M 代码漏洞检测
【安全管理】Panorays:获融$15M 第三方安管
【反欺诈】Buguroo:获融$11M 基于AI的反欺诈


【反欺诈】Buguroo:获融$11M 反欺诈
【智能安防】极视角:获B轮融资 视频智能监控
【智能安防】渊亭科技:获融¥近亿 认知智能
【物联网】睿赛德:获融¥近亿 物联网操作系统
【安全检测】Perimeter 81:获融$1M 零信任安全
【安全培训】Privacy Core® e-learning:被OneTrust收购 GDPR培训
【合规风控】TRM:获融$4.2M 虚拟币合规风控

【反欺诈】Cheq:获融$16M 广告反欺诈

【威胁情报】InSights:获融$30M 数据库


【数据安全】Nightfall:获融$20.3M 云数据防丢失
【网安教育】Immersive:获融$40M 网安培训
【安全检测】丁牛:获融¥数千万 攻防
【反欺诈】Riskified:获融$165M 电商反欺诈
【网络攻防】Picus:获融$5M 攻防平台
【二级市场】安恒信息:科创板IPO 获融¥7.6亿
【物联网】Foundries.io:获融$3.5M IoT安全OS


【整体并购】九州云腾:阿里云全资收购 身份认证

【业务安全】Duality:获融$16M 隐私与数字IP保护


【身份认证】IDnow:获融€36M AI驱动身份认证

【数据安全】VGS:获高盛$35M 0数据




【风险控制】维择科技:获融$数千万 AI驱动风控



【工业网安】长扬科技:获融近¥亿元 工业网安

【智能安防】MyGate:获融$50M 智能安保系统

【身份认证】Hypr:获融$18.3M 免密登录


【二级市场】南洋股份:拟斥资¥1000万 设立成都天融信

【整体并购】Carbon Black:被VMware收购 强化网安能力

【工业网安】SparkCognition:获融$100M AI驱动安全



【二级市场】山石网科:9月30日 科创板IPO

【反欺诈】Verafin:获融$515M 金融犯罪防控

【安全检测】Cycode:获融$4.6M 代码检测

【安全保险】Arceo.ai:获融$37M 助力网安保险

【物联网】Crypto:获融$8M 物联网安全

【数据安全】Acronis:获融$147M 数据恢复
【物联网】青莲云:获琥珀¥30M 物联网安全
【二级市场】Ping:IPO纽交所上市 计划融资$187M
【安全测评】HackerOne:获融36.4M 众测平台
【业务安全】PerimeterX:获融$91.5M 网站与应用防护
【开源安全】Snyk:获融$70M 开源安全平台
【整体并购】Zingbox:被平底锅$75M并购 布局工控安全


【终端安全】网思科平:获琥珀投资 加码EDR

【身份认证】Yubico:获融$25M 身份认证与加密硬件

【终端安全】CrowdStrike:设立$20M基金 布局平台应用

【安全管理】Remediant:获融$15M 特权访问管理

【反欺诈】Cofense:获BlackRock投资 加码防钓鱼平台

【整体并购】PageSeal:被PerimeterX并购 强化终端威胁防护

【整体并购】Veriflow:被VMware并购 强化网络维护

【数据安全】Kasten:获融$14M 数据备份与恢复

【身份认证】AU10TIX:获融$60M 云身份认证

【云安全 】CloudCheckr:获融$15M 多云管理平台

【数据安全 】Clumio:获融$51M 云灾备

【数据安全】Securiti.ai:获融$31M 合规与隐私安全
【终端安全】Cybereason:获融$200M 大数据驱动终端防护


【业务安全】New Knowledge:获融$3M 在线商誉保护
【边界安全】Trinity Cyber:获融$23M 提前拦截外网威胁
【业务安全】富数科技:宣布获融 基于隐私保护的多方计算平台
【边界安全】Vectra:获融$100M 威胁监测与处置AI
【整体并购】BlueTalon:被微软并购 数据权限管理
【数据安全】BigID:获融$50M 数据合规管理
【业务安全】安全派:获融¥20M 关键业务安全
【网安AI】瑞数信息:获融¥1亿 动态安全与自动化防护
【智能安防】WatchGuard:被Moto系统并购 强化视频安防
【终端安全】enSilo:获融$23M 实时与预先终端防护
【业务安全】英方:完成B+轮融资 数据保护与业务安全
【业务安全】Digital Shadows:获融$10M 专注DRP
【整体并购】SkyFormation:被Exabeam并购 加码云安全


【数据安全】Druva:获融$130M 数据安全SaaS
【动态防御】卫达安全:获融¥数千万 智能动态防御
【工业网安】融安网络:获融¥数千万 工控安全
【安全运维】Expel:获融$40M 专注MSS
【车联网】Edge Case:获融$7M 自动驾驶安全
【网安AI】墨云科技:获融¥千万 AI模拟网络攻击
【安全培训】KnowBe4:获融$300M 安全意识培训
【二级市场】CrowdStrike: IPO首日涨幅65% 估值超过$10B
【车联网】GuardKnox:获融$21M 车联网安全
【整体并购】Insight Partners:领投SentinelOne 并购Recorded Future


【IoT】智普信:获融¥过亿 物联网安全

【威胁情报】BlueVoyant:获融$82.5M 安全托管及威胁情报
【整体并购】Appsulate:被Zscaler并购 布局浏览器安全
【整体并购】Verodin:被FireEye以$250M并购 布局安全测评
【安全运维】Siemplify:获融$30M 加码安全运维
【智能安防】蓝光安科:获融¥10M 社区智能安防
【安全管理】Exabeam:获融$75M AI驱动SIEM革新
【威胁情报】ID Agent:被Kaseya并购 布局暗网监控与威胁情报


【业务安全】Expanse:获融$70M 连接设备追踪    
【身份认证】Cambridge区块链:获融$3.5M 身份认证与合规管理
【安全管理】Sqreen:获融$14M 应用程序安全管理
【身份认证】Onfido:获融$50M AI驱动身份认证
【整体并购】NetFort:被Rapid7并购 强化流量分析


【整体并购】Azuqua:被Okta以$52.5M并购 加强可视化与自动化

原文始发于微信公众号(网络安全投资):Sepio:获融$4M 恶意设备防护









QR code