vdoo Secures $25M to Advance AI-Powered IoT Security

Estimates suggest approximately 50 billion devices were connected worldwide in 2020, highlighting significant technological advancement. However, this widespread connectivity also underscores a substantial concern: security weaknesses within the devices themselves, their associated components, and the services they utilize, all of which represent potential targets for malicious actors and unintentional data exposure.

Israeli startup Vdoo, which has been developing artificial intelligence-driven solutions to identify and resolve vulnerabilities in Internet of Things (IoT) devices, today announced $25 million in new funding. The company intends to utilize these funds to broaden its capabilities and address the challenges of securing all connected objects.

Initially concentrating on substantial deployments within industries such as manufacturing, healthcare, communications infrastructure, and automotive, Vdoo is now expanding its focus to encompass the broader network of devices incorporating communications chips. It provides rapid assessments – completed within minutes – to pinpoint and resolve a range of issues, including previously unknown vulnerabilities, known Common Vulnerabilities and Exposures (CVEs), configuration deficiencies, hardening inadequacies, and non-compliance with established standards.

This funding represents an extension to the $32 million round Vdoo announced in April 2019 and is being provided by two investors: Qumra Capital and Verizon Ventures, the investment division of Verizon. Notably, Verizon also owns TechCrunch through its acquisition of AOL.

Verizon’s investment in Vdoo is a strategic move reflecting the potential within the market.

According to CEO Netanel Davidi, who co-founded the company alongside Uri Alter and Asaf Karas, operators like Verizon are interested due to their role as distributors and resellers of hardware as part of their broader service offerings, whether for broadband access, telematics, or connected home and office solutions.

“These companies distribute connected devices to both businesses and individual consumers, devices they did not manufacture, yet they are accountable for their security,” he explained. “The optimal solution is to integrate security directly into the devices themselves” to ensure a more streamlined and effective process.

Verizon is not the only strategic investor supporting the startup. The initial phase of this funding round also included participation from Japan’s NTT Docomo, MS&AD Ventures (the venture capital arm of the global cyber insurance provider), and Dell Technology Capital, the venture capital division of Dell.

To date, the company has secured approximately $70 million in funding, and while the valuation remains undisclosed, Davidi confirmed that it has more than doubled in the past year.

(PitchBook previously estimated the valuation to be just under $100 million in April 2019, which, if accurate, would now place it above $200 million.)

Davidi stated that the decision to pursue this funding as an extension of the previous round, rather than initiating a new round, was deliberate. This approach allowed the company to secure funding more quickly and dedicate additional time to preparing for a larger funding round in the future.

The urgency in raising funds was driven by a rapidly evolving landscape. The COVID-19 pandemic has accelerated the shift towards remote work, leading to increased purchases of new devices and greater reliance on communication networks.

Traditional connected-device security typically centers on monitoring network activity, tracking data flow in and out of the hardware. Vdoo’s methodology involves monitoring the behavior of the devices themselves, leveraging AI to compare that behavior and identify anomalies that suggest a problem. 

“For any type of vulnerability, we employ sophisticated deep binary analysis to understand the underlying principles and determine how similar vulnerabilities might arise,” Davidi described the process during a discussion of the initial funding round in 2019.

Vdoo develops specific “custom-built on-device micro-agents” to continue the detection and remediation process, a strategy Davidi compares to modern cancer treatment: preventative monitoring followed by a “personalized immunotherapy” informed by prior DNA analysis.

As Davidi explained this week, the platform “examines the device software, identifies all security flaws, weaknesses, and vulnerabilities, prioritizes them based on severity, and provides methods for addressing them.” Vdoo’s analysis takes into account the complete device environment, considering factors such as configuration, operating system, and drivers to provide a comprehensive assessment of the device’s security status. Subsequently, “it can automatically generate an on-device agent that delivers continuous monitoring and protection.”

Vdoo’s name is derived from a Hebrew word meaning “making sure,” reflecting the company’s core focus on verification in device monitoring. It also represents a logical progression in endpoint security, an area of expertise for Davidi and Alter in their previous venture, Cyvera, which was later acquired by Palo Alto Networks.

Focusing on devices presents a uniquely complex challenge, as it extends beyond the device itself to encompass the numerous components that comprise it. As demonstrated by vulnerabilities like Meltdown and Spectre, weaknesses can originate at the processor level.

And, as Davidi pointed out this week, some of these issues are not even intentional, yet can still lead to data leaks and potential exploitation by malicious actors.

“Backdoors are being incorporated into many devices, and some are not deliberately created,” he said. “A developer might introduce a shortcut to simplify future development. Some may view this as a backdoor, while others may not.”

Vdoo is delving into the intricate, fractal-like nature of this issue with its expanded approach.

“Initially, our goal was to serve the ecosystem of manufacturers, as they are the source of the problem and the origin of security issues,” he said. “We began by working with Fortune 500 companies in sectors like automotive, industrial, medical, telecommunications, and aviation. The aim was to create a platform that could serve and protect all security stakeholders. However, we then realized there was a significant underserved market.”

Indeed, Vdoo cites research from MarketsandMarkets, which projects the global device security market to grow from $12.5 billion in 2020 to $36.6 billion by 2025.

“The rapid increase in the number of connected IoT devices is creating more opportunities for security breaches,” stated Boaz Dinte, managing partner of Qumra Capital, in a press release. “Vdoo’s unique, device-centric, automated technology has already delivered substantial value to vendors in a short timeframe. We believe the market opportunity is immense, and with this new funding, Vdoo is well-positioned to become the leading global provider of connected device security.”

“With the rollout of 5G networks and mobile edge computing, there is a growing need for a comprehensive, device-centric security approach to IoT,” added Tammy Mahn, MD at Verizon Ventures, in a statement. “As the venture arm of a leading telecommunications company, Verizon Ventures is proud to invest in Vdoo and its exceptional team as they work to address this global challenge and usher in a new era of security by design in our increasingly connected world.”