ReFirm Labs Nets $2M As IoT Security Platform Lures MSPs, SIs

'If they're either being asked about product security or doing product security assessments, it's a tool that helps them do it more effectively or more comprehensively,' ReFirm Labs CEO Derick Naef says of the startup's IoT firmware security platform.

ReFirm Labs has raised $2 million from investors to expand its Centrifuge IoT security platform, which is beginning to catch on with MSPs and systems integrators, months after the Fulton, Md.-based startup launched a formal partner program.

Derick Naef, CEO of ReFirm Labs, told CRN that the funding round, announced on Wednesday, will help the company invest further in product development and expand sales and marketing efforts for Centrifuge, which analyzes the firmware of connected devices to identify out-of-date software components and vulnerabilities.

[Related: 5 Industrial IoT Security Issues Businesses Need To Know About]

"This market is one that's developing, so what we're trying to help do is educate the market with awareness pieces to get people to understand the risk that firmware presents and the tools you can use to make devices more secure," he said.

Device firmware is a "commonly unprotected attack surface," according to Naef, and with Gartner projecting more than 14 billion IoT devices to be found in homes and businesses by 2020, it poses an increasingly prevalent threat. In August, for instance, Microsoft researchers uncovered attempts by a Russian hacking group to breach corporate networks by exploiting insecure IoT devices.

The market for firmware security analysis is at different points of maturity across various verticals, which Naef said is why ReFirm Labs decided to raise a pre-Series A round before raising a larger round for a more aggressive expansion, expected to happen sometime next year.

"We want to make sure we're really got our ducks in row before we hit accelerate," he said.

One vertical where ReFirm Labs has found traction is telecom, where increased scrutiny and regulatory pressure is forcing companies to more carefully vet the security of the devices, such as modems and routers, that they are adding to networks, according to Naef. This has resulted in major customers like AT&T and Charter Communications.

The increasing demand for companies to analyze device firmware for vulnerabilities is also impacting the device manufacturers themselves. On the telecom side, ReFirm Labs has landed modem maker Arris as a customer. It has also found traction with industrial equipment manufacturers.

"If a particular device is compromised, it could cause them large regulatory, financial and reputational risk," Naef said.

ReFirm Labs is finding traction with the channel as well, which is After launching its partner program for Centrifuge in May, the company now has roughly 10-15 MSPs and SIs that are signed up to sell Centrifuge or are in the process of doing so. For MSPs, the opportunity is to offer Centrifuge as an outsourced product security risk assessment service for customers while SIs can use the platform to vet the security of products they're sourcing for products.

"If they're either being asked about product security or doing product security assessments, it's a tool that helps them do it more effectively or more comprehensively," Naef said.

The company's new funding round was led by cybersecurity venture studio DataTribe and accredited investment group New Dominion Angels, with participation from TEDCO and Tysons Angel Investors.