For more than two decades, Window Snyder has built security into products at some of the biggest companies in the world. Now, she’s unveiling her own company that aims to bake security into billions of connected devices made by other companies.
San Francisco-based Thistle Technologies said on Thursday that it received $2.5 million in seed funding from True Ventures. The startup is creating tools that will help manufacturers build security into connected devices from the ground up.
IoT, hackers’ low-hanging fruit
Printers, ATMs, consumer electronics, automobiles, and similar types of Internet-of-things devices have emerged as some of the biggest targets of malware. Manufacturers typically don’t have the security expertise that companies like Apple, Microsoft, and Google have developed over the past 20 years.
The result is billions of devices that ship with vulnerabilities that are preyed upon by profit-driven criminals and nation-state hackers.
“What it takes to build security into products… requires a lot of really specialized skills,” said Snyder, Thistle’s CEO and founder. “You get folks, especially at the devices level, building the same security mechanisms over and over again, reinventing the wheel, and doing it to different levels of resilience.”
Snyder previously served as chief security officer at Square, Mozilla, and Fastly and was chief software security officer at Intel. As a teenager, she was part of a Boston hacker collective before going on to be a consultant at @stake, a security company that employed many of the members of L0pht, another Boston hacker collective. She also spent time at Microsoft working on Windows XP SP2, the update that added a host of security improvements to the OS. Later, she worked on security at Apple.
Thistle will develop frameworks that allow device manufacturers to quickly build reliable and resilient security into their products more quickly than they could do on their own. The company’s initial work will focus on building a platform that delivers security updates to connected devices. Patching devices typically requires reflashing firmware, a process that can be fraught with risk.
“It’s one of the reasons that nobody delivers updates for devices, because the cost of failing an update is so high,” Snyder said. “If you’ve got 100 million devices out there and you’ve got a 1-percent failure rate—which is very, very low for updates—that’s still a million devices that are bricked potentially.”
True Ventures is investing $2.5 million in seed funding to Thistle. The Silicon Valley venture capital firm has provided funding to hundreds of early-stage startups, including Duo Security, the company that provides two-factor authentication and other security services and is now owned by Cisco.