Why We Invested in Finite State

Energize leads $30M Series B round

Energize Ventures
August 2, 2021

Energize Ventures is proud to lead the oversubscribed $30M Series B investment in Finite State, the leader in connected device security. Schneider Electric Ventures and Merlin Ventures joined the round alongside existing investors Energy Impact Partners, Drive Capital and Zetta Venture Partners. Energize partner Juan Muldoon will join the Finite State board of directors. This investment mark’s Energize’s third investment in the cybersecurity sector and our third investment in a company based in the Midwest (Finite State is headquartered in Columbus, Ohio).

Supply Chain Security Enabling the Energy Transition

The energy transition depends on a complex international supply chain of electronic components and controllers. Dozens, sometimes hundreds, of components made by various suppliers around the world are combined by integrators and equipment manufacturers in the development of assets used in energy and industry. At each link of the supply chain, new factors are combined and new layers of code are introduced. The end result is a long, complex and transcontinental supply chain, often full of potential vulnerabilities and nearly impossible to audit.

Finite State’s platform enables (chief) product security officers and device manufacturers to proactively analyze the vulnerabilities, threats, and risks associated with their connected devices.

Every modern energy and industrial asset — whether that be a wind turbine, connected camera, solar inverter, substation, or smart meter — is comprised of a combination of hardware, software, and firmware (the layer of systems that orchestrates how hardware and software work together). Firmware plays a pivotal role in our “smart” world by bringing together applications, drivers, and operating systems. Even one critical vulnerability in a device’s firmware can serve as an entry point for outside cyber-attacks.

The reality is that firmware is everywhere. IDC and McKinsey estimate that there will be 56 billion internet-connected devices by 2025, representing compound annual growth rate of nearly 30 percent. Industrial deployments such as wind farms and next-generation manufacturing facilities represent roughly 30 percent of all connected devices around the world. Despite our reliance on IoT, connected device product design has historically revolved around cost and scale — often at the expense of security. In fact, while roughly 30 percent of device budgets are typically allocated to firmware, less than one percent is dedicated to securing those devices[1].

Motivated attackers are realizing that product security levels have not kept up with their pace of adoption, and mission-critical functions are running through devices that are vulnerable even before they roll off the assembly line. In fact, firmware-based attacks have grown five-fold in four years[2].

As we transition to more connected energy and industrial assets, trust alone is no longer sufficient: we need transparency and traceability for vendors and supply chains.

From Trust to Verify

For the last five years, Energize has been investing in cybersecurity solutions that enable a more digital, sustainable energy and industrial ecosystem. We’ve seen firsthand how industrial budgets have grown to ensure security across operating assets, enterprise networks, and industrial endpoints. In the complicated world of industrial cybersecurity, we focus on finding pain points where buyers are already searching for solutions.

We were introduced to Finite State by one of their customers in our industrial network. As we got to know Matt and the team, we saw the clear customer need for transparency and traceability in supply chains. Customers and regulators are demanding more security and accountability from integrators and device manufacturers. Device manufacturers in turn are being required to design security into their products and deliver more information such as a Software Bill of Materials (SBOM). The recent executive orders make it clear that firmware security will become a crucial component for our nation’s critical infrastructure.

Device manufacturers are under pressure to prove their products meet security standards, and asset owners need scalable tools beyond third-party risk assessments for connected devices. Finite State is here to help.

The Journey Ahead

Finite State’s mission-driven team brings deep experience serving U.S. Intelligence Community and Fortune 500 companies, with backgrounds in security research, reverse engineering, and policy. Guided by founder and CEO Matt Wyckhouse, the team leads with firsthand understanding of the challenges that industrial customers face and the importance of securing connected devices. The need for device and supply chain security has never been more evident, and Finite State is attracting top talent among industry experts and engineers looking to help advance one of the fasted growing sectors in cybersecurity. Beyond the team, Finite State’s investors align on the commitment it will take to build a defining company in this space.

We believe that the energy and industrial world will continue to deploy more connected devices — and that supply chain security will play a major role in the rollout of digital industrial assets. We are proud to join Matt and the team on this journey and welcome Finite State to the Energize portfolio.

[1] FiniteState analysis

[2] Source: Microsoft Security Signals survey