Rupan Technology completed an angel round of financing of 10 million yuan, jointly invested by Meihua Venture Capital and Yecao Venture Capital

Visit the original URL

Recently, 36氪 was informed that Rupan Technology recently announced the completion of an angel round of financing of 10 million yuan, jointly invested by Meihua Venture Capital and Yecao Venture Capital. Tenda Capital acted as the exclusive financial advisor for this round. This round of financing will be used to expand the R&D team and upgrade and iterate security products based on core industrial control vulnerability research.

Rupan Technology was established in December 2021. The core team is from the well-known domestic business security company Top Vision Technology. The team takes “unknown attack and defense” as the core concept, based on the research on industrial control system vulnerabilities and various actual combat offensive and defensive confrontation The understanding of technology, combined with the long-term accumulation of top image technology in the field of artificial intelligence, has launched intelligent chemical control security products with “actual attack and defense capabilities”.

Industrial control security is one of the investment hotspots in the network security industry in recent years. From the demand side, the current industrial control systems are widely used in fields related to the national economy and people’s livelihood, such as energy, rail transit, water conservancy, municipal administration, etc. general impact. Under the development trend of industrial interconnection and intelligence, the industrial control system has gradually developed from a closed and isolated system to an open, intelligent and interactive system. The original loopholes and defects will be more vulnerable to external attacks, and the industrial system will face huge challenges. .

More than 80% of the critical infrastructure involving the national economy and people’s livelihood needs to rely on industrial control systems to achieve automated operations. Once a security accident occurs, it will cause great losses to enterprises. The most famous example is the “Stuxnet virus” that broke out in 2010, infecting more than 45,000 networks around the world and bringing down a large area of ​​Iran’s nuclear power system. After the “Stuxnet” incident, the safety of industrial control systems has also attracted the attention of governments around the world. By 2018, with the increase in policy support and demand, industrial control security ushered in the first year of the outbreak.

Under the guidance of market demand and policies, there are currently a large number of domestic industrial control security companies, and the participants mainly include industrial control companies that need to meet endogenous needs, traditional comprehensive network security companies and specialized industrial control security companies. Rupan Technology belongs to the third category of companies.

The vast majority of industrial control security products are still based on traditional detection based on known characteristics, which cannot deal with the risk of products that bypass security detection. However, Rupan Technology has accumulated a large number of industrial control vulnerability knowledge. In addition, the company has mastered the automation of unknown vulnerabilities. The mining and detection capabilities can use the self-developed vulnerability intelligent mining technology to realize automatic mining of industrial control system firmware and industrial software vulnerabilities.

According to the company’s CEO Bai Yuxing, the company has accumulated thousands of industrial control loopholes. In 2020, the team also won the first place in the National Industrial Information Security Vulnerability Library Contribution List and the first prize of the “2021 Sky Patching Cup Crack Contest”. , and has been recognized and thanked many times by internationally renowned manufacturers such as Siemens and Schneider Electric.

With the development of the Industrial Internet of Things, a large number of industrial systems are exposed to open systems. The demand for security products by leading customers has also begun to expand from firewall products to defense-in-depth products, and the market demand has increased. With in-depth research on industrial control system vulnerabilities, Rupan Technology can provide customers with comprehensive vulnerability protection and effectively avoid various known and unknown vulnerability risks.

Rupan Technology has four products – Mizhen (third-generation attack, deception and trapping system), Zhijia (unknown threat defense system), Zhanlu (industrial automation intrusion and attack simulation system) and Xuanwu (actual attack and defense training platform).

  • The third-generation attack, deception, and trapping system is an active defense system based on network virtualization and high-simulation deception defense technology. It can generate multiple virtual systems with one click, and hide the customer’s real system in a large number of virtual devices. Greatly reduce the risk of being attacked and interfered; Mazda also provides functions such as dynamic hopping, supporting IT/OT system services and other hundreds of services and protocol simulations, and automatically cloning real services to enhance the authenticity and confusion of the honeynet Sexuality; when the attacker touches the virtual system, the maze will quickly capture the attack behavior.
  • The Unknown Threat Defense System Intelligent Armor monitors the abnormal behavior of the system based on real-time kernel-level program behavior monitoring, attack behavior monitoring and other technologies, and defends against various known and unknown vulnerability attacks without paying attention to whether the system is patched.
  • Zhanlu, an industrial automation intrusion and attack simulation system, can help customers to perform vulnerability investigation, examine the vulnerabilities and configurations of customer products from the perspective of attackers, and help customers understand the risk of the system and the risk points that may be attacked.
  • The actual attack and defense training platform, Xuanwu, combines its own mining of a large number of 0DAY vulnerabilities and the latest attack methods to generate attack and defense shooting ranges, which can simulate attack behaviors and test the weak links of customers’ existing security prevention and control systems.

At present, the third-generation attack, deception and trapping system was released at the end of last year, and the unknown threat defense intelligence armor and the actual combat attack and defense training platform Xuanwu are still in the research and development stage.

According to Bai Yuxing, the capture rate of the rock-like maze attack trapping and threat detection system can reach 99%, and the deployment method is simple. Beneficial for customer deployment.

In terms of deployment methods, customers can choose between private deployment and cloud deployment. In the local privatization deployment, the Panan attack trapping and threat detection system consists of a trapping device and a management platform. The trapping device supports distributed deployment. The management system has the functions of unified management of sensors and monitoring of the security status of the whole network. Configure the number of traps. Cloud deployment uses cloud probes to record attack data and block malicious attacks.

Compared with security companies that focus on subdivisions, Rupan Technology hopes to use known and self-discovered security vulnerabilities to cover more types of industries. Rupan Technology has served the government, petroleum and petrochemical, aerospace, rail transit, intelligent manufacturing and other industries, and has provided services for leading customers such as State Grid, PetroChina, Sinopec, and China Satcom, with more than 50 customers.

On the founding team, the founder and CEO of Rupan Technology, Bai Yuxing, graduated from the Chinese University of Hong Kong. He used to be the capital market director of the Hong Kong main board listed company under the central enterprise China Resources Group and the CFO of Dingxiang Technology. He has many years of business management experience; founder and CTO Dong Yang Zeng Worked in Alibaba, NSFOCUS, Antiy and other well-known domestic leading security companies, proficient in core security technologies such as anti-virus, operating system kernel security, industrial system security research and vulnerability, and has 15 years of experience in network security.

More than 80% of the security experts in the company’s core team are from well-known companies such as Ali, 360, NSFOCUS, Tianrongxin, and Weinute, and they all have senior industrial automation and network security research experience.

Meihua Venture Capital said: Rupan Technology is one of the few companies in China that can conduct information security testing on high-precision systems. A large number of security loopholes and backdoor systems implanted by foreign manufacturers have been found in aerospace equipment, which has made significant contributions to ensuring national security. The current industrial side network attack methods are constantly iteratively upgraded, and the attackers and defenders are in a highly asymmetric state in terms of capabilities. From the initial attack method of simple tools or automated scripts, it has evolved to advanced attack methods such as APT and 0day. From the initial single means of attack, it has evolved to the compound use of multi-tool means, from the initial hacker’s personal behavior, to the profit-driven organization, and even the national background network warfare. Against this background, we believe that Rupan’s actual offensive and defensive capabilities will bring great value to industrial customers, especially critical infrastructure customers.

Yecao Ventures said: Rupan Technology has long-term and in-depth technical accumulation in the field of industrial control security unknown threat attack and defense, and has broken through a number of technical difficulties. Through the experience of senior security experts and the depth of deep learning and neural network technology with artificial intelligence experts Fusion has developed the first automatic vulnerability mining system for industrial control systems and industrial software in China. Team security experts can use this system to dig out high-risk security vulnerabilities dozens of times more than their domestic and foreign counterparts in a short period of time, reflecting the core team. Superb technical strength. In addition, we are very optimistic about the company’s commercialization in the future, and very much recognize the team’s concept of “cloud deployment + hardware delivery + continuous service” for security products.

(36 krypton analyst Long Zhenzi is also helpful for this article)

media coverage

36Kr investment community start-up state
Related events

This article is reprinted from:
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment

Your email address will not be published.