Two years ago, the then-26-year-old Natali Tsuva co-founded a company on a mission to protect Internet of Things devices from malicious cybersecurity attacks.
In 2020, Natali's company, Sternum, was the first cybersecurity company in the world to release a fix for a new wave of vulnerabilities that hit hundreds of millions of IoT devices. Dubbed Ripple20, the vulnerabilities enabled attackers to hijack devices by exploiting 19 separate vulnerabilities in one code library – which had inadvertently and without much traceability, been built into hundreds of millions of devices globally.
Ripple20 was heralded as a significant moment in the IoT device landscape, as it refocused attention onto the necessity of security. It also confirmed Sternum's place as a leader in IoT security.
We're thrilled to lead their US$6.5m Series A round.
An extraordinary team.
The most significant factor in our investment decision-making process is always the founding team. To say this team is impressive is an understatement.
Natali, Sternum's CEO is driven by a mission to secure the internet and protect lives. She's also something of technical genius. At 14 Natali entered university to complete her computer science degree and at 19 joined 8200, the elite technology unit in the Israeli Defence force (comparable to the NSA), building mission-critical, zero-fault software. She subsequently joined two digital intelligence organisations as a vulnerability and security researcher. Natali is, in our opinion, an extremely rare combination of technical excellence and business acumen.
Boaz, co-founder and Chief Business Officer, is the former founder and CEO at ForClass, an interactive education platform for universities which got acquired in 2016. Before Sternum, Boaz led the commercialisation of another edtech company, CET, and previously worked as an intelligence officer, attorney and editor.
Arik, Sternum's Head of Research always had a passion for security. Before turning 18, Arik self-learnt reverse engineering, codes over ten languages and finished at the top 10 of CodeGuru competition for three consecutive years. Arik was recruited to serve in IDF's 8200 elite technology unit, where he managed sensitive and complex operations in a high-pressure environment. He was discharged with honours for his service at the rank of Captain.
Lian, co-founder and VP R&D. Lian is an expert at delivering large, enterprise-scale and complex products as a software team leader. Before founding Sternum, Lian worked as Android Researcher at a leading cybersecurity company, creating high-quality generic exploits and discovering zero-day vulnerabilities in Android devices. Lian served in IDF's 8200 elite technology unit, first as a software engineer and later, as a R&D Team Leader.
The IoT market is growing at an astounding rate – and so are attacks on IoT devices
Global cybersecurity experts on average expect a 300% growth of cyber-attacks by 2025, with over half of them targeting IoT devices or critical infrastructure. Attackers know that IoT and edge devices are the weakest parts of an organisation's network – making them easy entry points into an enterprise.
To put this in perspective, here are some of the major cybersecurity attacks that recently made headlines:
In June 2020, Iran allegedly attempted to increase the levels of chlorine in Israeli water supplies via a targeted cyber-attack reported by the Financial Times.
In 2016, a malicious program caused mayhem by taking control of over 600,000 devices, mainly webcams, that brought down websites like Netflix, Airbnb, and Twitter.
In 2013, attackers gained access to Target's Point of Sale machines through an HVAC service provider. The hackers stole data from nearly 70 million people.
Just a few days weeks ago, Australia was under an attack that targeted some of its critical infrastructure.
IoT devices need tailored protection
The most effective way of securing a company and mitigating the risk of compromised IoT devices is to deploy protections within and across the devices; this sounds easy, but in practice is extraordinarily complex. You don't often replace a pacemaker or a chlorine valve once installed.
IoT devices are very different from computers, printers or mobile phones. They are often small and cheap, with low power and low processing capabilities. In general, they don't run standard operating systems; most use 3rd party open-source libraries which don't sit within enterprise networks (which was the case in Ripple20).
Traditional security providers – which use networks or endpoints to provide security – often can't detect attacks in time on IoT devices to prevent the intended outcome. We heard time and again when talking with cybersecurity experts, and IoT device manufactures in the field: existing cybersecurity solutions can't provide adequate protection.
Sternum has invented a new way to protect IoT devices that is holistic, hardware and software agnostic, and scalable.
In the simplest terms, Sternum has developed two products:
EIV – Embedded integrity verification ensures that the app hasn't been altered maliciously. Its technology detects code vulnerabilities at the exact point of exploitation to prevent attacks before they are exploited.
ADS — Advanced Detection System platform enables admins to implement security controls, monitor threats with real-time alerts, and receive valuable insights into events that enable faster, more efficient responses.
Sternum's software is deployed by remotely penetrating the IoT device and installing a few lines of code. It is so lightweight and secure, that even medical-grade IoT device manufacturers do not have to seek FDA approval for the updated codebase.
Sternum has already validated their technology in extremely sensitive medical settings. By working with a pacemaker manufacturer, Sternum was able to deploy their security to all pacemakers in the field (such as those already inside people), and protect future pacemakers that are to be fitted from vulnerabilities.
Natali and the Sternum team are already working with IoT device manufacturers and IoT device users to support the continued advancement of medical devices, Industry 4.0, smart cities and smart energy use.
The advantage of Sternum's technology also provides an additional benefit, because they are able to provide analytics on the performance and efficiency of every device – driving not just security performance, but business performance too.
We are so thrilled to be joining Sternum's journey as lead investors in their Series A round. To learn more about their product in detail, we encourage you to go to sternumiot.com.