EXEIN secures €2M funding for world-first cybersecurity solution that ensures firmware security

by

Milan, November 23rd 2018

United Ventures announces a €2 Million Series A round of funding into EXEIN, the cybersecurity startup that seeks to secure the Internet of Things (IoT), industrial and critical infrastructure devices using a world-first firmware security solution that includes offline monitoring. The series A round represents the largest investment into Italy’s cyber security sector to date.

Founded in July 2018 by Gianni Cuozzo as a spin-off project undertaken by Italy’s leading cybersecurity firm, Aspisec, EXEIN looks to tackle the huge security threat posed by connected smart-devices and the vulnerabilities carried within their firmware.

IoT and smart-connected platforms are well-secured and optimized using the most recent security standards, however, firmware is not. Hardware manufacturers are racing to make the cheapest hardware possible in order to sell more devices, grow their installed base for collecting data and sell that data to profiling companies. The fall-out from this is that insufficient budget is set aside for the firmware (less than 30% of the device budget) and only 1% is allocated to security, leaving huge vulnerabilities.

In a connected world, these firmware issues are the most dangerous threat to public life and privacy since devices can be hacked and made to perform unauthorised actions including random system shutdowns or credential harvesting. Firmware attacks and exploitation are currently rising by 50% every year.

EXEIN provides a world-first firmware security software and middleware solution that can be injected like a vaccine inside the hardware in order to defend it from inside, working directly within the firmware at a lower level.

Key features of the EXEIN solution include:

  • Autonomous Security – the EXEIN payload can perform security action in an autonomous way. Thanks to an embedded decision tree, EXEIN is capable of not only understanding malicious behaviour but performing security measures autonomously.
  • Offline Monitoring – the EXEIN payload can work offline without using cloud computing and integrates itself directly into the firmware, thanks to the advanced code optimization EXEIN can perform all the operations without external computational power and storage. EXEIN can operate with or without Internet connection.
  • Hardware Profiling – an advanced hardware profiling system allows precise tracking of the hardware behaviour and management of memory packets within the firmware memory.
  • Parallel Learning – a parallel learning system reduces time to learn and create a correct pattern analysis thus enabling the creation of an ideal functioning model.
  • Artificial Intelligence – artificial intelligence is distributed locally and in the cloud promotes a lower time to action compared to competing systems, ensuring greater security.

EXEIN was primarily developed as a continuous firmware protection middleware, focused on cybersecurity issues on firmware hijacking but it can be used to collect and implement:

  • Bandwidth usage metrics
  • Energy consumption metrics
  • Fault prevention algorithms integration
  • Hardware distribution metrics into networks
  • Net discovery protocol usage
  • Passive push of firmware update without firmware rebooting
  • Warranty process handling

Gianni Cuozzo, Founder and CEO of EXEIN said, “The IOT market is set to reach $267 Billion by 2020. The SCADA market is similarly reach $32.7 Billion by the same date and with 90% of firmware unsecured, there is a clear and vital need for a unique solution like EXEIN which is not only a retrofitting application but already compatible with most firmware such as baremetal firmware, real-time based firmware and linux based firmware. We are very excited to move our project forward with a fresh injection of funding from United Ventures and hope to benefit many businesses and the general public with our cybersecurity tools.”

EXEIN’s pioneering solution includes an auto-reverse and compiling system, continuous firmware checking and dynamic threat intelligence through the network appliance directly on the device.

The Series A funding from United Ventures will ensure further research and development into the EXEIN solution which includes the task of rewriting mathematical theories.

Massimiliano Magrini, Co-Founder of United Ventures, remarked, “Critical to the success of any start-up is the people at the helm and with EXEIN, we are investing in a very talented entrepreneur with proven track record. A regular attendee of NATO workshops and nominated for the MIT Italy ‘Innovators Under 35 Award’, Gianni has proven excellence in combining entrepreneurial and technical capability. We are incredibly excited to be investing in his company with the mission of protecting the privacy and security of millions around the world ”.

About EXEIN

EXEIN is a cybersecurity startup that seeks to secure the Internet of Things (IoT) and Supervisory control and data acquisition (SCADA) using firmware security. www.exein.io

About United Ventures

United Ventures is an early stage venture capital firm that support ambitious Founders in the Technology sector. www.unitedventures.it

 

More detail about EXEIN

EXEIN clusters of all elements of a platform (e.g. ROM, RAM, DRAM, memory sections, memory partitions, CPU, embedded controllers, TPMs, Network Interface Cards, Serial Peripheral Interfaces, external peripherals) and for each cluster EXEIN measures a set of parameters; the measured values are then used as the ingress data of a Machine Learning (ML) based algorithm, which gives the device an internal Artificial Intelligence (AI) that subsequently decides whether a device is under attack or not, and crucially how to react to it.

EXEIN makes use of an internal Heavy modified “Convolutional Neuronal Network” (CNN) so data doesn’t need to be sent across the network to a central monitor, ensuring EXEIN is not subject to behavioural pattern analysis attacks. EXEIN also continuously verifies firmware code integrity and ensures that every memory partition is intact, that every request for memory and processor is legitimate. It understands which type of data it is referring to and ensures every physical parameter is working within the correct range (e.g. voltages, current absorptions and clock frequencies). By doing this, EXEIN can recognise numerous unsafe scenarios such as rootkit installations, reverse-shell installations, incoming hardware-fault and attempts to access huge portions of memory.

In order for EXEIN to learn what operating conditions are normal, devices are required to undergo a training period. EXEIN uses this time to receive inputs and calculate the weight on the neuronal network nodes. At the end of the training, EXEIN is then able to detect all eventual anomalies as a deviation from the usual pattern, without raising any false positive.

Since most devices have limited hardware resources, any algorithm ideally needs to avoid re-analysing all previously acquired data at every cycle in order to detect malicious behaviour. EXEIN successfully achieves this by measuring the maximum variations of sigma (σ) and taking advantage of a particular variation of Recurrent Neural Network (RNN) creating their own version of “Long Short-Term Memory” (LSTM) algorithms. This particular family of algorithms avoids the need to repeat calculations, which typically consume a lot of time and are particularly subject to errors that can be back-propagated through time and layers.

At firmware level, the EXEIN payload is also optimized to require few resources and to operate at slow-clocks operations (as slow as 7 MHz) while using less than 5Kb. Thus, the EXEIN solution does not add delay to the boot-time nor affects system performance during run-time. It can be used on many environments from Real-Time Operating System (RTOS) of mission-critical applications, to Monolithic Kernels (e.g. Unix, Linux…) or, generically, FPGA architectures (Field Programmable Gate Arrays), and bare metal firmwares.

 

United Ventures SGR is an independent venture capital firm specializing in investments in innovative companies in the fields of software and digital technologies. Founded in 2013 by Paolo Gesess and Massimiliano Magrini, United Ventures manages over €150 million raised from Italian and international institutional investors, and has so far invested in over 20 early stage technology companies. The current portfolio includes, among others: Credimi, brumbrum, MoneyFarm, FaceIt, Loop AI Labs, Cloud4Wi, MusiXmatch and MainStreaming.

UV2’s investment in EXEIN is also supported by the European Investment Fund through InnovFin Equity, with financial support from the European Union in the context of the Horizon 2020 financial instruments and the European Fund for Strategic Investments (“EFSI”) established as part of the investment plan for Europe. The aim of EFSI is to support the financing and implementation of productive investments in the European Union and to ensure greater access to finance.

EXEIN is a cybersecurity startup, founded in July 2018 by Gianni Cuozzo, whose purpose is the security of the Internet of Things (IoT) and the Supervision and Data Acquisition Control (SCADA) through the security of the firmware. www.exein.io

EXEIN was mainly conceived as a firmware protection middleware focused on cybersecurity problems related to firmware hijacking, but it can also be used to collect and implement: bandwidth usage and energy consumption metrics, integration of fault prevention algorithms, hardware distribution metrics in networks, analysis of usage on connected devices, use of net discovery protocols, passive firmware update push and processing of warranty processes.