Viakoo raises $10 million in Series A funding for IoT vulnerability remediation

MOUNTAIN VIEW, Calif.—Viakoo, a leader in IoT device remediation, announced it has secured $10 million in Series A funding led by Shasta Ventures, joining existing investors Stanley Black & Decker, PivotNorth Capital, and BlueFog Capital.

This latest round will be used to expand executive leadership, as well as invest in product development and go-to-market.

In addition, Viakoo is launching its Viakoo Action Platform suite of cyber modules, which remediate and repatriate IoT devices, meeting the growing demand for enterprise IoT device management and vulnerability remediation at scale.

“We’ve been really oriented toward helping people make sure that their IoT systems are achieving their desired business outcomes,” Viakoo CEO Bud Broomhead told Security Systems News. “In the case of video, we make sure that their video systems are actually recording and that they’re accumulating the recordings to the number of days that customers want and making sure that these systems are performing to high levels of uptime. That’s really where we got our start, and that’s the flagship product in the area of physical security.

“But one thing that we noticed in these systems themselves was that they were way behind in the implementation of security best practices. They didn’t have the latest security patches and firmware. They weren’t enforcing password best practices on these devices, and they weren’t provisioning them with certificates like 802.1x and TLS (Transport Layer Security) certificates, which are the way that the network validates that the device that is connecting to their network is indeed a known and trusted quantity.”

Firmware, Certificates and Passwords

Broomhead pointed out that with IoT systems in physical security lagging behind in the areas of firmware, certificates and passwords, enhancements had to be made in each of the three modules.

“Our customers started to say, ’Hey, we’re finding that our cameras are set at default passwords, and bad players are able to hack into our cameras and get into our system. Do you have anything that could tell us what the status is of our passwords. Are they all default passwords on the devices? Are they easy to guess? Are they strong passwords?’” he noted. “That’s really where we started to get involved in this, and that led us to providing a way for customers to implement security patches in their devices via firmware upgrades that contain the latest security patches on them and protect them that way.

“Lastly is the implementation of provisioning and managing certificates of different flavors on to these devices. Those are really the three elements of cyber hygiene and best practice when it comes to making sure that you have the devices in the best cyber defensive profile that you can make them. That’s what we’re helping customers do – bring basic cyber hygiene to IoT devices.”

As a result, an influx of funding was necessary to address these IoT vulnerability issues.

“What we realized was we needed to quickly expand into that market because it’s getting a lot of attention these days, and we didn’t want that wave to move over us,” Broomhead said. “We wanted to make sure that we got out ahead of it, and that’s why we went out and raised our Series A funding.”

He continued. “We got traction with some important customers and also connected into the IoT infrastructure management products, and those largely today are vulnerability detection and mitigation. Those are new technologies that have been out the last couple of years and gotten huge traction. They’re answering a very simple question for customers, which is ‘What is my IoT landscape? Where are my IoT devices? How many do I have? How vulnerable are they?’ That’s sort of the first step that customers are taking.

“That’s followed by a very familiar conversation that we have with customers, which is ‘Okay, we deployed this threat detection and mitigation technology, and that’s turned on all the lights, and we discovered all of these vulnerabilities in our IoT systems that we didn’t know we had before, and that’s the good news. The bad news is I told my boss about it. Now my boss wants to know what I’m doing about it.’” 

Broomhead noted that Viakoo partners with threat detection companies like Armis, Tanium, and Forescout in order to provide remediation of the vulnerabilities on IoT devices, which entails firmware updating, password enforcement and certificate provisioning management.

“We worked with those companies, and we were very successful with end users, getting traction and really seeing the cyber element of our business become much more prominent on the landscape and in our future,” he noted. “We are opening up to talk to the cyber buyer, not just the physical security buyer, who is looking for automation to remediate the vulnerabilities of these IoT devices and systems that they have running.”

Allocation of Funding

Viakoo’s influx of funding was a planned process, according to Broomhead.  

“We realized that to really take advantage of this opportunity and really capitalize on what we’ve built and our foresight into what we predicted would happen, that the time was now,” he explained. “We couldn’t just organically get there under our own steam. We wanted to accelerate our growth plans. That’s why we purposely went out basically in the spring of this year and started the process of obtaining the funding and getting it landed, closed, in the bank and now we’ve been deploying. We’ve been spending the money in additional R&D, but we’re also building out sales and marketing, so we’re starting to realize some of the plans that we had laid in 2020 while we were all hunkered down for COVID and have taken action in 2021 on those plans.” 

The additional funding also allows Viakoo to expand its executive leadership.

“As an example, one of our technical co-founders, who basically architected and built the service, is now pivoting to focus on all things security for our own technology,” Broomhead explained. “Our vulnerability and the measures that we take to protect the Viakoo service center and the data that we hold for customers is pretty vital. That really required C-level exposure, so we’re expanding the team and dividing different tasks among new leadership that we’re bringing in, and also, in particular, the creation of the Chief Information Security Officer (CISO) group. They’re going to focus on all things security for Viakoo.

“What we’re finding is that customers, as part of their selection process now, are saying, ‘Hey, how do you guys manage your own security?’ They want to know that, as a manufacturer provider of software and services, so we’re making some moves and you’ll see more detail on that as it unfolds. We’re putting people in key positions to focus on that thing in particular.”   

At the same time, Broomhead noted that as Viakoo moves more into the cyber realm and starts addressing more of the cyber aspects, the company is talking more and more to information technology (IT) organizations.

“They have the desire to know what we’re doing to secure their data and are we adhering to their standards,” he said. “On that whole topic, we are reorganizing and restructuring around creating a department of people who just focus on our own security, everything from cyber insurance to terms and conditions to certifications and all of our internal procedures and systems, and it has to be as rock solid as we can make it.”

Loosely Coupled and Tightly Coupled Devices

With the launch of the Viakoo Action Platform suite of cyber modules, Broomhead explained the difference between two types of IoT devices – loosely coupled and tightly coupled - when citing the platform’s impact on end users.

“It’s interesting that not all IoT devices are created equally,” the CEO said. “An example of a loosely coupled device is your Fitbit and my Fitbit, and your Fitbit is not dependent on my Fitbit. They’re independent things. They’re both Fitbits, but that’s where their association ends. They are basically individual contributor-type devices.

“Tightly coupled devices are members of a team of IoT devices that achieve a specific business outcome. Video is a great case, where the cameras and the application software are part of a team of things that work together to achieve the business outcome of streaming, recording and repeated recording for life safety, typically.

“Those devices are part of a team of cameras that work together to achieve a business outcome. They’re not just sitting on the network all on their own. They’re actually coordinated by an application. Let’s say if you change the password on a tightly coupled IoT device, you better coordinate with the application that actually uses that device, or you will have cut the user off from the data that the device was providing.

Broomhead added that the ability to handle both types of devices is “vital” to providing a comprehensive solution in this area.

“We have filed and received U.S. patents on the technology to do this for both loosely coupled and tightly coupled devices, and we have more in the works,” he said. “Part of where this funding is going is in additional R&D to build out features that are pretty special and require a lot of engineering.”

The latest funding round allows the company to put additional development resources behind its Viakoo Action Platform, which delivers remediation and repatriation of IoT devices, enabling them to join or rejoin as a full network citizen replete with an audit trail for governance and compliance. Coupling hundreds or even thousands of devices at a scale, Viakoo automatically discovers, monitors, and updates device firmware, passwords, and network certificates for unlimited devices across an enterprise to keep them operational, reliable, and secure. The platform is agentless to work across multi-vendor environments to deliver the real-time view of every IoT device.

Broomhead explained that the Action Platform supports four modules, three of which are cyber modules – firmware updating, passwords and certificates. The fourth module, on the operational side, is service assurance, which is the module that helps customers make sure their applications are running properly and achieving their business outcome. “It’s sort of a performance uptime management module,” he said.

Other modules are in the works, according to Broomhead, revolving largely around compliance and governance.

“One of the key things about making changes to these IoT applications and devices is leaving an audit trail because as the IoT applications come more and more under corporate standards and regulatory bodies, they have a definite need to produce reports, charts and graphs that support and satisfy compliance requirements,” he said. “You’ll see us adding compliance and governance requirements in the future.”

Global Expansion

Broomhead pointed out that Viakoo’s infusion of funding will expand the company’s footprint and capabilities globally.

“We have focused primarily on North American customers,” he said. “Those North American customers, however, are global accounts that have actually taken us to every continent except Antarctica. We’re already being deployed all over the world, but through the lens of these U.S.-based companies.

“Part of our rollout strategy is to start to place people in these regions – Europe, Asia-Pacific, etc., to pursue regional partners and users that are sourcing there. It’s not just U.S. companies that have a global reach; it’s actually companies that are in that region and partners in that space. It will expand our reach a bit.”

He continued. “What we’re expecting is a pace of growth that is being accelerated by the cybersecurity awareness that’s pretty much occurring across the board in corporations all over in every vertical, whether it’s education or healthcare or wherever it might be. People are becoming aware that IoT security is an important thing.”

In addition to enhancing its own security, Viakoo is in the process of building out its go-to-market.

“We’re building out a systematic way to reach out and get to this market, and then deliver solutions to real-world problems that these folks have,” Broomhead noted.

“Automation is definitely the push, and we have initiatives to increase that and make it easier for people to deploy and manage and kind of accelerate time to value. That’s one of the big vectors we’re working on.”

He also pointed out a recent study that said that five percent of the IoT landscape is security cameras, yet security cameras represent 33 percent of the vulnerabilities.

“By focusing in on specific IoT systems, like cameras, like card access, like perimeter detection, you can shrink your IoT attack surface pretty dramatically by just deploying automation for firmware, certificates and passwords on these applications like video and access control,” Broomhead explained. “It is not just one type of device; there are many types of devices, and they come in the flavors of loosely coupled and tightly coupled devices. One way to get started on a big chunk of that IoT surface is to focus on a particular system, and we help customers do that.”

IDC estimates that more than 40 billion connected IoT devices will be operating by 2025, and each one is a potential entry point into a business. However, manually managing device security across multiple locations, which may include cameras, kiosks, intercoms, and other equipment, is impossible at scale. Viakoo confronts the issue of managing outdated and insecure devices and IoT systems, shrinking the massive modern attack surface used for ransomware and data exfiltration of business devices, networks, applications, and private data.

“Today’s enterprises are experiencing cyber vulnerabilities caused by thousands of unmanaged and IoT devices that keep their employees and facilities secure and perform critical functions to ensure the business or facility runs smoothly,” said Nitin Chopra, Managing Director, Shasta Ventures. “Viakoo enables organizations to secure, manage, and remediate both loosely and tightly coupled devices like medical equipment, point-of-sales systems, HVAC, video security and other IP-based systems at scale.”

Next Chapter of Growth

Viakoo partners with leading IoT discovery tool vendors and is trusted by customers across mission-critical industries, including enterprise, municipal services, government, and healthcare.

Broomhead noted that the influx of funding will allow Viakoo to continue supporting its customer base.

"With support from our investors, Viakoo is entering its next chapter of growth to achieve its vision of helping customers defend their IoT attack surfaces across the enterprise," he said. "We’ve already gained significant traction with large-scale customers, including cities, healthcare, education, and large data centers. With our latest investment, we are now in an excellent position to extend our leadership in IoT device vulnerability remediation.”

For more information, please visit www.viakoo.com