Jul
23
2018
--

Xage secures $12 million Series A for IoT security solution on blockchain

Xage (pronounced Zage), a blockchain security startup based in Silicon Valley, announced a $12 million Series A investment today led by March Capital Partners. GE Ventures, City Light Capital and NexStar Partners also participated.

The company emerged from stealth in December with a novel idea to secure the myriad of devices in the industrial internet of things on the blockchain. Here’s how I described it in a December 2017 story:

Xage is building a security fabric for IoT, which takes blockchain and synthesizes it with other capabilities to create a secure environment for devices to operate. If the blockchain is at its core a trust mechanism, then it can give companies confidence that their IoT devices can’t be compromised. Xage thinks that the blockchain is the perfect solution to this problem.

It’s an interesting approach, one that attracted Duncan Greatwood to the company. As he told me in December his previous successful exits — Topsy to Apple in 2013 and PostPath to Cisco in 2008 — gave him the freedom to choose a company that really excited him for his next challenge.

When he saw what Xage was doing, he wanted to be a part of it, and given the unorthodox security approach the company has taken, and Greatwood’s pedigree, it couldn’t have been hard to secure today’s funding.

The Industrial Internet of Things is not like its consumer cousin in that it involves getting data from big industrial devices like manufacturing machinery, oil and gas turbines and jet engines. While the entire Internet of Things could surely benefit from a company that concentrates specifically on keeping these devices secure, it’s a particularly acute requirement in industry where these devices are often helping track data from key infrastructure.

GE Ventures is the investment arm of GE, but their involvement is particularly interesting because GE has made a big bet on the Industrial Internet of Things. Abhishek Shukla of GE Ventures certainly saw the connection. “For industries to benefit from the IoT revolution, organizations need to fully connect and protect their operation. Xage is enabling the adoption of these cutting edge technologies across energy, transportation, telecom, and other global industries,” Shukla said in a statement.

The company was founded just last year and is based in Palo Alto, California.

May
14
2018
--

Xage introduces fingerprinting to protect industrial IoT devices

As old-school industries like oil and gas increasingly network entities like oil platforms, they become more vulnerable to hacking attacks that were impossible when they were stand-alone. That requires a new approach to security and Xage (pronounced Zage), a security startup that launched last year thinks it has the answer with a concept called ‘fingerprinting’ combined with the blockchain.

“Each individual fingerprint tries to reflect as much information as possible about a device or controller,” Duncan Greatwood, Xage’s CEO explained. They do this by storing configuration data from each device and controller on the network. That includes the hardware type, the software that’s installed on it, the CPU ID, the storage ID and so forth.

If someone were to try to inject malware into one of these controllers, the fingerprint identification would notice a change and shut it down until human technicians could figure out if it’s a legitimate change or not.

Whither blockchain?

You may be wondering where the blockchain comes into this, but imagine a honey pot of these fingerprints were stored in a conventional database. If that database were compromised, it would mean hackers could have access to a company’s entire store of fingerprints, completely neutering that idea. That’s where the blockchain comes in.

Greatwood says it serves multiple purposes to prevent such a scenario from happening. For starters, it takes away that centralized honey pot. It also provides a means of authentication making it impossible to insert a fake fingerprint without explicit permission to do so.

But he says that Xage takes one more precaution unrelated to the blockchain to allow for legitimate updates to the controller. “We have a digital replica (twin) of the system we keep in the cloud, so if someone is changing the software or plans to change it on a device or controller, we will pre-calculate what the new fingerprint will be before we update the controller,” he said. That will allow them to understand when there is a sanctioned update happening and not an external threat agent trying to mimic one.

Checks and balances

In this way they check the validity of every fingerprint and have checks and balances every step of the way. If the updated fingerprint matches the cloud replica, they can be reasonably assured that it’s authentic. If it doesn’t, he says they assume the fingerprint might have been hacked and shut it down for further investigation by the customer.

While this sounds like a complex way of protecting this infrastructure, Greatwood points out that these devices and controllers tend to be fairly simple in terms of their configuration, not like the complexities involved in managing security on a network of workstations with many possible access points for hackers.

The irony here is that these companies are networking their devices to simplify maintenance, but in doing so they have created a new set of issues. “It’s a very interesting problem. They are adopting IoT, so they don’t have to do [so many] truck rolls. They want that network capability, but then the risk of hacking is greater because it only takes one hack to get access to thousands of controllers,” he explained.

In case you are thinking they may be overstating the actual problem of oil rigs and other industrial targets getting hacked, a Department of Homeland Security report released in March suggests that the energy sector has been an area of interest for nation-state hackers in recent years.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com