By Tom Ballard, Chief Alliance Officer, PYA
“I’ve been doing cybersecurity my whole life,” says Chris Rouland, Chief Executive Officer of Phosphorus CybersecurityTM. “It’s my passion.”
Today, the company that he co-founded in 2017 in Milledgeville, GA – and more recently moved to 12th South in Nashville – is growing aggressively. Their growth is fueled by two factors; one is the start-up’s focus on a major void in the cybersecurity world, and the other is a $38 million Series A funding round led by SYN Ventures and MassMutual Ventures that was announced in February.
Since that investment, Phosphorus CybersecurityTM has made four key strategic personnel announcements – Brian Contos as Chief Security Officer (March 8), Art Coviello Jr. as Chairman of its Board of Directors (April 6), John Vecchi as Chief Marketing Officer (May 24), and Obbe Knoop as Chief Revenue Officer (June 14).
Each will help propel the start-up and its comprehensive Security of ThingsTM suite of solutions focused on the cyber vulnerabilities created by the extended Internet of Things (xIoT) devices – spanning IoT devices, OT (operational technology) devices, and network devices – that are connected to corporate networks but don’t have keyboards.
“Several years ago, I founded one of the first threat hunting start-ups for IoT; a company called Bastille,” Rouland told us in a recent interview. “That’s when I first saw how infrequently companies patched or updated these devices. I realized then that the biggest challenge with IoT wasn’t some exotic vulnerability or a zero-day attack. It was basic security hygiene – like keeping firmware updated and changing passwords. I decided I was going to develop a technology platform that could automate all of those processes so that companies would have an easy way of keeping these products secure.”
Over the next five years, he and a team of four other engineers spent a combined 50,000 hours developing an automated solution and ensuring it would work for any xIoT device, regardless of the brand, model, firmware, or operating system.
“We assumed everyone knew what was on their network, but we learned that they don’t,” Rouland said, citing everything from building controllers to devices like security cameras, printers, WiFi routers, and network devices. Not knowing and not patching creates a significant vulnerability that is an easy and open opportunity for hackers.
Other important datapoints that Phosphorus CybersecurityTM cites start with the fact that 20 to 30 percent of today’s corporate networks are comprised of xIoT devices, with little to no security programs in place for them. Across the enterprise, as high as 25-30 percent of all xIoT devices are end-of-life and no longer supported by their manufacturer. Alarmingly, as many as 50 percent of xIoT devices are using default passwords and have known vulnerabilities – with 20 percent of those vulnerabilities being ‘critical’ CVEs (Common Vulnerabilities and Exposures) with a CVSS (Common Vulnerability Scoring System) score of nine or above.
Unlike typical network scanners that use expensive SPAN ports to sniff traffic – often knocking over a company’s xIoT devices by blasting them with signals hoping to get a return – Phosphorus CybersecurityTM has developed a platform uniquely designed to natively communicate with xIoT devices to give enterprises full visibility into what is on their network.
The cyber company explains that its Enterprise xIoT Security Platform identifies every device down to the make, model, firmware version, and whether or not that device is still supported. This is unlike legacy solutions that claim to give granular device visibility but only detect the MAC and IP addresses. Phosphorus goes even further. It goes beyond visibility of xIoT devices to provide full, automated remediation of any security problems these devices face. This includes automated credential updates and rotation, automated firmware updates and management, and automated certificate updates—making them significantly different from other legacy IoT and OT security companies.
How big is the IoT security problem? Rouland says there are five billion computers in the world that are connected to networks, but 50 billion xIoT devices that are also connected to those same networks. And the number of xIoT devices is growing at more than 30 percent annually.
“Who’s the leader in securing them? I’m raising our hands,” he says. “We are going to be it. While there are other companies that claim to do IoT security, they’re really just doing vulnerability research or scanning for devices on the network. We are the only company that can actually fix and secure these devices with a fully automated, hands-off process – regardless of the device’s brand or type, or how many of them there are.”
Rouland co-founded Phosphorus CybersecurityTM with Rebecca Rouland, Chief Financial Officer, and Earle Ady, Chief Technology Officer.
“We’ve had a terrific year so far, between strong sales growth and recent investments,” he says. “Corporate demand for our enterprise xIoT security platform has been surging, and our sales pipeline keeps getting bigger. Meanwhile, the IoT market continues to grow by leaps and bounds and more and more businesses are waking up to reality of these threats every day. My goal isn’t to just build a thriving company, but to be the next Norton LifeLock, or bigger. After all, xIoT is already outpacing traditional endpoints by a factor of 10. We see a really bright future ahead for our company.”