The Cyber Startup Challenge 2022 was organised for the third time by the Cyber-Defence Campus at armasuisse Science and Technology as a market exploration. This year, the startups presented their technologies on the topic of «Network detection and security of Internet of Things (IoT) devices».

The challenge’s goal is to shed light on the startup technology landscape in a specific subject area and present the Swiss Federal Department of Defence, Civil Protection and Sport (DDPS) with innovative solutions that can then be tested in a real environment.

Startups often have novel and trendsetting ideas and can thus produce innovations which enable a technical advantage to ensure security in cyberspace. Therefore, it is essential to identify and use such technologies as early as possible, even if they still need to be fully developed.

Thirty-six startups from all over the world took part in this year’s Cyber Startup Challenge. They presented a wide variety of innovative technologies in the area of «Network detection and security of IoT devices». The jury nominated the following three finalists from a wide range of interesting startup companies:

ONEKEY is a leading European specialist in the automated security and compliance analysis of IoT devices and operative technologies (OT).  Using the «Software Bill of Materials (SBOM)» of the devices and automatically generated «Digital Twins», ONEKEY analyses the firmware for critical security vulnerabilities and compliance violations. On the one hand, the SBOM provides a detailed overview of all components of a software. On the other hand, a «Digital Twin» is a virtual representation of a system and enables its investigation in a laboratory without the source code, the network or physical access to the equipment. Vulnerabilities for attacks and security risks are thus identified in the shortest possible time and can be specifically eliminated.

The solution can be integrated into the software development and procurement processes. As a result, it enables manufacturers, distributors and users of IoT technologies to efficiently and automatically assess security and compliance both before implementation and throughout the product lifecycle. Leading international companies already benefit from this platform - universities and research institutions can use the ONEKEY platform free of charge for study purposes.

You can find more information here: https://onekey.com

Networks are growing continuously, becoming increasingly heterogeneous and highly dynamic. With this in mind, Narrowin's manufacturer-independent «lightweight Network Explorer» reduces the complexity and effort of network analysis to gain deep insights into its structure and the assets within it. Assets are all types of software, hardware and other components that are connected to a network.

The technology explores the network to gather information on known and unknown assets to analyse their structure and composition. It automatically visualises the network’s topology and provides structured data on virtual applications and hardware (switches, servers, firewalls, printers, operating technology, IoT, etc.), as well as the logical and physical relationships between these network assets. The technology eliminates the need for time-consuming network documentation.

An intuitive user interface ensures transparency for real-time monitoring and analysis of the network. Users can thus comprehend the overall structure of the network and its development efficiently and quickly.

Finally, what is known as a «back-end data lake» offers the resources for advanced analyses and data-driven networking and security. The flexible and open data format can also be used for data analyses and feeding into other systems (for example, for security purposes).

You can find more information here: https://narrowin.ch

Sepio’s Asset Risk Management (ARM) platform, founded by cybersecurity experts in 2016, detects, assesses and reduces known and unknown asset risks. The Sepio platform is scalable and correspondingly capable of protecting all assets in the event of any access to the decentralised, uncontrolled ecosystem of the company. 

Sepio uses a novel algorithm, a combination of a DNA profiling module for the physical layer and a machine learning module. Thereby, the desired physical layer visibility and policy enforcement are provided. The platform is further augmented by a threat intelligence database, ensuring a lower risk to hardware infrastructure and achieving incomparable asset risk management.

Sepio has received, among other awards, the «Gartner Cool Vendor Award for Cyber-Physical Security» and the «Frost & Sullivan Enabling Technology Leadership Award» in Hardware Risk Management.

You can find more information here: sepiocyber.com