October 25, 2022

Why we invested in Perygee

The platform for securely embracing IoT/OT

By Barmak Meftah, Co-founder and General Partner

Things we do daily, from brushing our teeth in the morning to turning the lights off before going to bed at night, rely on critical infrastructure. Critical infrastructure powers our supply chain, including utility plants, manufacturing plants, and even hospitals. If you haven’t noticed, our physical world is getting stitched into a digital fabric. Every single one of these processes relies on internet-enabled technology to do some combination of ensuring safety, quality, and efficiency. With so many benefits to realize, it’s no wonder a future where everything is connected is here. 

However, if recent events have taught us anything, these devices, commonly referred to as the Internet of Things (IoT) and Operational Technology (OT), are inherently vulnerable and fragile, susceptible to hacking and downtime. Default passwords are rarely changed, and patches can take entire networks down. Organizations are facing a fundamental challenge: secure the expanding attack surface and minimize disrupting business operations, all while maintaining that balance as the business priorities evolve and the attack landscape gets more complex.  

Enter Perygee, a new lightweight, complete platform for IoT/OT with a big vision to help all companies securely embrace IoT/OT and raise the bar on what security teams can expect from their products.

My partners and I at Ballistic are incredibly excited and proud to announce our investment in Perygee. The company, led by Mollie Breen, understands how to build for a new world where the lines between the digital and physical are blurred. They bring together the triple threat expertise of cybersecurity, IoT/OT operations, and uniting new technologies to markets in a customer-centric way.

At Ballistic, we have an urgent and relentless commitment to solving the biggest challenges in cybersecurity. Perygee is solving one of the biggest problems that directly impact us all: securing critical infrastructure and doing so at an incredibly critical time. To follow are just a few pressing trends hallmarking this time.

1. The convergence of IoT/OT redefines the attack surface.

It wasn’t too long ago that IT and OT environments were siloed. The IT team oversaw computers and servers, and the OT team managed connected equipment. It wasn’t through a technical divide alone; the separate environments were made even more pronounced through distinct business cultures, different processes, and an often literal air gap.

With 10 million new devices connecting daily, networks are becoming more and more interconnected. IT and OT environments are fast becoming co-mingled, and the legacy PLCs to modern HVAC now make up more than 30% of the network-connected endpoints. With IT assets growing at just 2% and IoT/OT at 28%, it’s time to rethink how we secure IoT/OT.  The old way of protecting OT devices through silos or applying IT practices won’t be able to keep up. Securing the modern enterprise calls for a new holistic approach.

2. Every company is an IoT-enabled company, but different.  

IoT/OT is not only reserved for the medical or shop floor. Companies across every industry of every size are adopting new innovative technologies to make experiences better for their customers, find efficiencies in day-to-day workflows, and adapt to changes in the business priorities, as we saw with the Covid pandemic. Small and medium-sized enterprises are growing IoT use cases at an almost similar rate to that of large enterprises: 21% and 25%, respectively. 

It is not enough to apply a one-size fits all approach to any sector or organization of any size. Just as it has gotten easier to build custom websites and web apps as every company is expected to have a digital presence, every company needs more accessible and configurable ways to customize their own IoT/OT security capabilities to address their varying needs.

3. Security teams need to keep up. 

Our industry has a shortage of cyber talent. The acceleration of devices and the corresponding exponential growth in attack vectors makes it hard for every security practitioner to keep up.  Walk into any business today and there will undoubtedly be dozens, if not hundreds, of different device types, from a small thermostat to a large backup-power system. Zoom into a single thermostat, and you’ll come across several vendors. Take a closer look at a group of thermostats of the same vendor, and you’ll still find variations of different ages or patch history. It would be manageable (albeit expensive) if this information lived in one or more systems within the IT teams’ domain. In reality, it lives on the network, across IT and OT systems, in public data sources, and even held in people’s mental models. It’s not enough to rely on the data sources of the security team’s disposal. Bringing together all IoT/OT stakeholders will enable a future of doing more with the same or fewer resources. 

Securing any organization’s network 

These trends will dominate the security landscape into the future, and they’re also why we’re so excited to be backing a company we believe can lead them.

Perygee is a comprehensive platform for the combined IT/OT world. It is lightweight and configurable, making it equally accessible to mature security teams in a Fortune 500 retail chain to the single IT professional in an oil & gas corporation.

It’s so easy to use that the platform can be used by additional IT and OT stakeholders, lessening the burden on security teams for years to come. Just as the intersection between security and operations continues to expand, we can look to Perygee to push the boundaries on how far the IoT security market can go.