Check Point Buys IoT Security Startup Cymplify To Safeguard Firmware

Early-stage IoT security vendor Cymplify is expected to harden and protect everything from IP cameras and smart TVs to elevator controllers and medical devices against advanced zero-day attacks.


Check Point Software Technologies has purchased early-stage security vendor Cymplify to defend IoT devices against highly-sophisticated attacks by hardening and protecting the devices’ firmware.

The San Carlos, Calif.-based platform security vendor said its acquisition of Tel Aviv, Israel-based Cymplify will help harden and protect everything from IP cameras and smart TVs to elevator controllers and medical devices against advanced zero-day attacks.

“What the partners are excited about is many of them have already started on IoT, so many of them are ahead of the vendors,” said Frank Rauch, Check Point’s head of worldwide channel sales. “Now, with Cymplify, we start to complete the picture.”

Sponsored post

[Related: Check Point Snags Cylance Exec To Lead Americas Channels: Exclusive]

Rauch said Cymplify’s technology can prevent adversaries from capitalizing on remote code execution (RCE) flaws or security vulnerabilities like VENOM (Virtualized Environment Neglected Operations Manipulation) or GHOST. Specifically, Rauch said partners are excited about the access control, threat prevention, and runtime workload capabilities Cymplify brings to the table.

Cymplify’s capabilities could be a good fit for some of Check Point’s enterprise partners like Insight and WWT that have pursued advanced technology capabilities through an aggressive acquisition strategy or robust organic R&D. Solution providers like Sirius and ePlus that have invested heavily in healthcare could also benefit from Cymplify given the pervasiveness of IoT-enabled devices in the vertical, he said.

Many boutique channel partners have also moved aggressively into the IoT security space and are expected to take a close look at what Cymplify is able to offer, Rauch said. And demand for IoT security tools among mid-market solution providers is expected to grow as the market matures, according to Rauch.

“Incorporating Cymplify into Check Point’s Infinity architecture will strengthen our ability to reduce our customers’ exposure to IoT cyber risk, and proactively tackle IoT-related threats and vulnerabilities without disrupting critical operations,” Check Point Vice President of Products Dorit Dor said in a statement.

The inherent security weakness in IoT devices used by consumer, enterprise, industrial and health care organizations has created a security blind spot against advanced attacks, Check Point said. As a result, the company said adversaries are often able to breach an IP camera surveillance unit, manipulate the operation of a medical device, or take over a critical manufacturing plant to generate colossal damage.

Businesses need to extend their cybersecurity capabilities to address the increased targeting of new and developing platforms like IoT by threat actors, according to Check Point.

Terms of the deal, which was announced Thursday, were not disclosed. Check Point’s stock is down $0.30 (0.26 percent) to $115.52 in late morning trading.

Cymplify was founded on March 1, 2019 by Ram Yonish, Yali Sela and Gili Yankovitch, according to Crunchbase and a cached version of the company’s website. The startup addresses IoT security by coupling a cutting-edge firmware analysis engine with an on-device software security hardening module, according to Check Point.

The highly detailed cybersecurity posture reports generated by Cymplify are yielded to an on-device agent, Check Point said. This optimizes the agent’s protection controls and ability to defend against known vulnerabilities and zero-day exploits by providing a tailor-made, embedded security suite on every device, according to Check Point.

The deal comes 10 months after Check Point purchased emerging web application and API protection vendor ForceNock to bolster its advanced machine-learning protection capabilities. Three months before that, Check Point bought emerging vendor Dome9 for $175 million to help customers secure multi-cloud deployments across Amazon Web Services, Microsoft Azure and Google Cloud.

All told, Check Point has made 14 acquisitions over the course of its 26-year history, according to Crunchbase.