Tempered Networks wants to secure critical infrastructure so hacks don’t lead to sewage spills

Although the rise of the internet of things means that organizations could gather enormous quantities of data through the billions of connected devices out there today, the big elephant in the room is that security is not where it needs to be, which means there’s a lot more access points for thieves to hack into. Tempered Networks, a Seattle-based security startup, aims to solve this problem and it plans to announce on Tuesday that it brought in a $15 million series A investment round, bringing the company’s total funding to $22 million.

Tempered Networks focuses on protecting the type of critical infrastructure that people “take for granted” in their daily lives, said Tempered Networks President and CEO Jeff Hussey. This type of infrastructure includes facilities like electric dams, pipelines that distribute natural gas, nuclear power plants and wastewater plants.

This type of infrastructure helps move the gears of the modern world and if something were to go awry in one of these facilities, there’s a chance that the pandemonium caused could be of several times more magnitude than your typical run-of-the-mill data breach. Just imagine a world in which a wastewater facility getting hacked causes raw sewage to flow down to the nearest fresh-water system, Hussey explained.

According to Hussey, who was a co-founder of networking company F5 Networks, the thirst for big data has led to government agencies, municipalities and companies running these types of facilities to hook together the networks that support critical infrastructure to corporate data networks in the hopes of uniting the data flow between the two networks.

What makes this somewhat worrisome is the fact that the networks supporting critical infrastructure now have security vulnerabilities because the applications and hardware on those networks are united under the transmission control protocol/internet protocol (TCP/IP), which is the standard protocol of the internet. Hussey said it wasn’t always this way as these networks used to rely on several different protocols, which created “air gaps” between the different hardware devices hooked onto the networks.

Now that everything operates under the same protocol, these “air gaps” that once acted as security buffers in the network no longer exist, which means that a hacker can now do more damage in these critical networks than he could have done in the past.

“Everything speaks the same language,” said Hussey. “It’s a relatively straight hack.”

To secure those now open networks, Tempered Networks sells little devices called HIP (Host Identity Protocol) switches that users can install in their data centers. These devices can be linked up to the critical infrastructure networks and, when working in tandem with Tempered Networks’s networking orchestration system, can create a “secure encrypted channel” from which all the data can now flow through.

Tempered Networks - overlay network

Tempered Networks – overlay network

Instead of having those gaps as a security mechanism, Tempered Networks basically encrypts the backend where the networking data has to pass between devices and applications.

Of course anything involving encryption means that there will be a hit in performance because of the amount of compute required, but Hussey said that “most of the devices we are protecting” don’t necessarily need top-of-the-line speed to operate correctly and efficiently.

“There needs to be a solution to securely connect [these devices] to a modern networking infrastructure and that is what we are doing,” said Hussey.

Hussey said Tempered Networks will sell the device “to anybody who will return our phone call” but it’s right now eyeing public utilities and industries like oil and gas or electricity. The startup counts [company]Boeing[/company], Washington Gas and the University of Washington as customers, among others.

Ignition Partners drove the funding round along with IDG Ventures. As part of the financing, Ignition Partners managing partner John Connors is taking a seat on the startup’s board.

OneLogin grabs $25M to make sure bad guys can’t access your apps

The identity-management space is not showing any signs of slowing down as security startup OneLogin plans to announce Tuesday that it landed a $25 million series C investment round, bringing its total funding to $44 million.

This makes for another security minded startup that’s been attracting a lot of investor attention in recent months. Okta took in a $75 million funding round in June, Ping Identity grabbed $35 million in September and Sailpoint reportedly took in a funding round valued at roughly several hundred million dollars in August.

All of these startups are tackling the issue that today’s enterprises use a variety of cloud-based services, like Salesforce.com or Box, and are having a hard time keeping track of who gets to log into what service. With large-scale hackings seemingly occurring each week (just ask Sony), companies also have to worry about whether attackers can access their corporate accounts using leaked emails or passwords they might have obtained from various data breaches, explained OneLogin CEO and founder Thomas Pedersen.

“In order to be cloud first, [companies] need to be identity first,” Pedersen said. “You can’t go into the cloud without an identity strategy.”

OneLogin mobile figure

OneLogin mobile figure

OneLogin’s cloud-based service can sync up with an organization’s active directory and have the pre-configured identity and management rules be passed on to the cloud, or they can go to OneLogin’s application catalog and choose the appropriate app that matches their respective cloud service. From there, IT admins can configure the access privileges of a particular app and make it possible that only users within a home country can access a Box account, for example.

The whole idea is to give users a single-sign on account for all of their cloud services as managed through OneLogin, which ensures that those without the right access privileges are unable to get into the cloud systems.

What separates a lot of these access-management focussed startups is their approach to securing mobile devices. Ping Identity, for example, recently rolled out a mobile app that essentially binds a mobile device to an organization’s network. OneLogin, on the other hand, “has been very focussed on standards” and wants to make sure that vendors are getting behind OneLogin’s preferred method of dealing with mobile access sign-ons, said Pedersen.

Scale Venture Partners drove the funding round along with previous investors Charles River Ventures and The Social+Capital Partnership. Rory O’Driscoll of Scale Venture Partners will join OneLogin’s board.

ThreatStream rakes in $22M to scan for security threats

Security startup ThreatStream has closed a $22 million Series B funding round, it said Thursday, adding yet another security company to the list of those landing cash in recent months. ThreatStream’s CEO is Hugh Njemanze, a former founder and CTO of the security firm ArcSight, which Hewlett-Packard gobbled up for $1.5 billion in 2010.

The Redwood City-based startup claims its OPTIC system can hook up to an organization’s existing security tools as well as social media, messaging systems and honeynet sensor farms — essentially makeshift networks full of security holes that are designed to attract hackers so that an organization can learn how the bad guys behave.

Once OPTIC is plugged into the various systems, it can analyze potential threats and rank them according to how severe they are. The basic point of OPTIC is to reduce the amount of noise so that a company’s security staff can concentrate on the most important security problems without having to waste time on not-so-urgent threats.

From a ThreatStream data sheet detailing the system:
[blockquote person=”ThreatStream” attribution=”ThreatStream”]Once OPTIC collects, normalizes and risk ranks IOCs, the platform enables seamless integration into the enterprise by utilizing a lightweight dedicated connector. The OPTIC connector allows organizations to dynamically sync threat intelligence from the cloud into their current security devices where it becomes immediately available for correlation. [/blockquote]

ThreatStream makes for another security firm with roots from [company]ArcSight[/company] that seems to be picking up steam. In November, startup [company]CipherCloud[/company] took in a $50 million funding round. Its CEO, Pravin Kothari, was an ArcSight co-founder and senior vice president of engineering.

General Catalyst Partners drove the funding round along with new investor Institutional Venture Partners and existing investors Google Ventures and Paladin Capital Group. General Catalyst Partners managing director Steve Herrod will take a seat on ThreatStream’s board.

Veradocs lands $14 million to secure files in the cloud

Stealth-security startup Veradocs plans to announce Tuesday that it took in $14 million in two funding rounds, which includes a seed round when the company formed in January 2014. The startup wants to build out sales and marketing and expand its engineering team, said Veradocs co-founder and CEO Ajay Arora.

Illumio lands Microsoft chairman John W. Thompson as board member

Security startup Illumio said today that Microsoft chairman John W. Thompson has taken a seat on the Illumio board. Thompson is also CEO of Virtual Instruments and the former CEO of Symantec, so it’s clear the man knows a thing or two about the security and virtualization space. The new addition to Illumio’s board highlights the momentum the startup seems to be gaining in the competitive security market. The startup, whose technology focuses on securing enterprise workloads in the cloud or on premise, exited stealth in late October and has Morgan Stanley, Plantronics and Yahoo as clients. So far, it’s raised $42.5 million from Andreessen Horowitz, General Catalyst, Formation 8, Data Collective, Marc Benioff and Jerry Yang.