Medigate provides a dedicated medical device security platform, enabling providers to deliver secure, connected care. The company fuses the knowledge and understanding of medical workflow, device identity, and protocols with cybersecurity threats. It was founded in 2017 and is based in Brooklyn, New York. On December 8th, 2021, Medigate was acquired by Claroty.
Medigate's Product Videos
ESPs containing Medigate
The ESP matrix leverages data and analyst insight to identify and rank leading companies in a given technology landscape.
The operational technology (OT) security tools market offers a range of solutions designed to protect industrial control systems (ICS) and other OT assets from damaging and disruptive cyber threats, like malware and ransomware. These solutions help businesses ensure the integrity, availability, and confidentiality of their OT systems and prevent financial losses, reputational damage, and other neg…
Medigate's Products & Differentiators
Claroty xDome is a modular, SaaS-powered industrial cybersecurity platform that scales to protect your environment and fulfill your goals as they evolve.
Research containing Medigate
Get data-driven expert analysis from the CB Insights Intelligence Unit.
CB Insights Intelligence Analysts have mentioned Medigate in 2 CB Insights research briefs, most recently on Dec 2, 2022.
Expert Collections containing Medigate
Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.
Medigate is included in 3 Expert Collections, including Conference Exhibitors.
These companies protect organizations from digital threats.
The digital health collection includes vendors developing software, platforms, sensor & robotic hardware, health data infrastructure, and tech-enabled services in healthcare. The list excludes pureplay pharma/biopharma, sequencing instruments, gene editing, and assistive tech.
Medigate has filed 7 patents.
Country code top-level domains, Health informatics, Medical imaging, Electronic health records, Network protocols
Country code top-level domains, Health informatics, Medical imaging, Electronic health records, Network protocols
Latest Medigate News
Sep 18, 2023
Enterprises are turning to IoT-focused startups to address new security challenges. Huawei As the volume of IoT devices connecting to enterprise networks continues to climb, the number of security threats has been increasing in lockstep. Cybersecurity threats, alongside supply chain issues, chip shortages and geopolitical instability, are a major reason that IoT growth has been slower than many analysts had predicted. Even so, the scale of the IoT security problem is great enough that 52 IoT startups raised a total of $840 million in the latest quarter, and even cautious analysts believe the IoT market will grow steadily in the coming years. In fact, research firm IDC predicts that the IoT market will expand to 55.7 billion connected IoT devices by 2025 , with those devices generating 80B zettabytes (ZB) of data. In response to IoT-based security threats, enterprises are turning to startups to fill gaps in their existing security infrastructure. Here are five key IoT security challenges that organizations face, and that startups can help to address. 1. The attack surface is growing Recent IoT security breaches are enough to keep any CISO awake at night. Here are just a few of the known IoT security incidents from the past few years: In May, a mother who runs a large TikTok account discovered that an attacker had breached the family’s connected baby monitor and spoken to her children late at night. As part of its ongoing invasion of Ukraine, Russian special services have hacked IoT cameras in residential complexes and coffee shops to surveil adjacent streets, gather intelligence on Ukrainian citizens, and monitor aid convoys. Hackers supporting Ukraine have hacked Russian TV networks to play videos supporting Ukraine’s armed forces; other hackers penetrated CCTV networks in several Russian cities to broadcast a speech from Ukraine President Zelensky. In 2019, a Milwaukee couple’s smart home system was attacked ; hackers raised the smart thermostat’s temperature setting to 90°, talked to them through their kitchen webcam, and played vulgar songs. In 2016, Mirai botnet malware infected poorly secured IoT devices and other networked devices and launched a DDoS attack that took down the Internet for much of the eastern U.S. and parts of Europe. As troubling as those incidents are, IoT security risks could become even worse as edge computing expands into the mainstream and advanced 5G networks roll out features, such as Reduced-Capability (RedCap) 5G, that are intended to spur the accelerated adoption of enterprise IoT . With RedCap 5G, mobile devices with cellular connections, such as smart phones and watches, will be able to serve as hubs that provide ad-hoc connectivity to nearby constrained devices. While this could help streamline workflows and deliver business efficiencies, poorly secured mobile devices that automatically connect to, for instance, industrial equipment for diagnostics could also expose those devices to threats like Stuxnet-style malware that could cause the machine to self-destruct. “Obviously, more endpoints mean that attackers have a greater attack surface to exploit, and security teams must manage many more risks,” said IDC analyst Jason Leigh. There is a saving grace, however, that may inadvertently limit IoT risks. “With constrained devices, it’s difficult to get complex malware through them,” Leigh said. “Additionally, new networking specifications [such as 5.5G] include details about security components that can be deployed at the network level to reduce risks,” Leigh said. New specifications will help, but attackers are already targeting IoT networks, meaning that organizations must act now to mitigate risks. Many organizations find that they need to engage new vendors to solve this problem. 2. A fractured market means IoT visibility is getting worse One of the most common cybersecurity credos is that you can’t secure what you can’t see. The fractured nature of the IoT market exacerbates the issue. With no single vendor claiming more than a 3% market share , according to IoT Analytics, interoperability and visibility are two major challenges to improved IoT security. At Dayton Children’s Hospital – a $600 million pediatric network with an acute care teaching hospital, two primary campuses, and another 20 ambulatory care sites – IoT, Internet of Medical Things (IoMT), and Bring Your Own Device (BYOD) proliferated over the past decade as the organization grew. The hospital’s IT staff estimates that there are now approximately 25,000 devices connected to the hospital’s networks, including smart TVs, security cameras, and critical medical devices like X-ray machines, MRI machines, and robots that aid in neurosurgery. This situation is by no means unique to Dayton Children’s Hospital. IoT growth is rapid across the healthcare sector, and IT teams must figure out how to provide consistent connectivity to caregivers without undermining safety or violating various industry regulations that prioritize privacy. Mount Sinai Health System, based in New York City, also faced significant challenges when trying to boost the security of their vast network of medical equipment and IoT devices. The lack of visibility into the devices connecting to the network was a major headache. In addition, Mount Sinai had operated with separate teams responsible for biomedical and IT operations, so the lack of coordination between these teams led to limited visibility and awareness of many devices’ nature and purpose. As the organization sought to streamline and modernize its IT systems, Dr. Tom Mustac, senior director for cybersecurity, was frustrated by the inability to accurately identify assets using the system’s existing resources. This visibility gap posed significant challenges, as IT was unable to assess a device’s impact on patient care and potential network vulnerabilities. Additionally, the biomedical team was severely constrained by vendor patches, end-of-life operating systems, and non-remote upgradable devices. Mount Sinai also faced unique challenges beyond medical devices. Their diverse network environment encompassed a wide range of connected devices, including automobiles, gaming systems, and exercise equipment. Without proper context, identifying and managing these devices was a nightmare that just kept getting worse. In order to gain visibility, these healthcare organizations first had to grapple with the next challenge on our list: legacy constraints. 3. Legacy constraints are prevalent Like many large healthcare systems, both Mount Sinai and Dayton Children’s relied on Cisco infrastructure and software. Whatever IoT-specific security tools they brought on board would need to integrate into existing Cisco-based systems. “We have a variety of Cisco products, and what I love is that they're designed to work with each other in a way that you can correlate if something is going on,” said Nicholas Schopperth, Dayton Children's Chief Information Security Officer. Schopperth's team had already deployed Cisco Secure Network Analytics, a cloud-based network monitoring tool, and Cisco Umbrella, a SASE service. But to secure and manage IoT, IoMT, and BYOD , Dayton Children’s security team needed help finding and classifying devices, managing IoT/IoMT flows, and deciphering communication patterns to identify anomalies. The cybersecurity team at Mount Sinai faced a similar challenge, relying on Cisco ISE (Identity Services Engine) to handle network access control. However, Mount Sinai needed another tool to help it identify, classify, and monitor the devices moving in and out of its network. Both organizations knew they would need to bring in new technologies, but they prioritized finding ones that would interoperate with existing networking and security systems. 4. Controlling IoT access without impeding business goals Both Dayton Children’s and Mount Sinai turned to different startups that provide IoT security integration with Cisco infrastructure. Dayton Children’s selected the IoT security platform from Ordr, a Santa Clara-based startup that was founded in 2015, while Mount Sinai chose the security platform from Claroty, a New York-based startup that was also founded in 2015. Dayton Children’s used Ordr’s Connected Device Security software to identify device contexts, baseline normal device communications flows, and perform behavioral analytics of both devices and users. Dayton Children’s cybersecurity team then used this tool to generate policies and access controls that could be automated and enforced using Cisco ISE on Cisco wireless controllers and firewalls. By moving to a zero-trust architecture, Dayton Children’s is now able to segment its devices and only allow them to connect to specific VLANs, limiting access between devices as well as device access to the network. Mount Sinai pursued a similar strategy, deploying Medigate, a healthcare IoT security platform recently acquired by Claroty, and integrating it with Cisco ISE. With Medigate, Mount Sinai gains insights into device behavior, communication patterns, and potential policy violations. Medigate’s continuous monitoring and violation detection helps Mount Sinai actively monitor application dependencies and ownership, enhancing their ability to assess potential risks and implement proactive measures. The IoT visibility tools enable Mount Sinai to monitors traffic, identify ports and protocols, and learn what applications are installed on IoT devices. This allows Mount Sinai to be situationally aware of and to apply policies to any new device. The IT team can also segment the network from newly discovered, unmanaged devices. Next, Medigate automates policy creation and enforcement by defining typical device behaviors, monitoring traffic, and identifying communication patterns. These patterns are used to create policies and best practices, and once approved, they are transferred to Cisco ISE for enforcement. “Our integration with Medigate and Cisco has allowed us to enforce stringent security policies across our network, preventing unauthorized access and ensuring the integrity of our critical clinical systems,” Dr. Mustac said. These protections ensure that only authorized communications occur between devices and clinical systems, so Mount Sinai can prioritize patient safety without impeding critical clinical communication necessary for effective care delivery. 5. Trusted/untrusted partners Insider risks have long been one of the most difficult cybersecurity threats to mitigate. Not only can power users, such as C-level executives, overrule IT policies, but partners and contractors often get streamlined access to corporate resources, and may unintentionally introduce risks in the name of expediency. As IoT continues to encompass such devices as life-saving medical equipment and self-driving vehicles, even small risks can metastasize into major security incidents. For San Francisco-based self-driving car startup Cruise, a way to mitigate the many risks associated with connected cars is to conduct thorough risk assessments of partners and suppliers. The trouble is that third-party assessments were such a time-consuming and cumbersome chore that the existing process was not able to scale as the company grew. “The rise in cloud puts a huge stress on understanding the risk posture of our partners. That is a complex and non-trivial thing. Partnerships are always under pressure,” said Alexander Hughes, Director of Information Security, Trust, and Assurance at Cruise. Cruise is backed by $10B in funding from General Motors, Honda, Microsoft, SoftBank, T. Rowe Price, Walmart, and others, but even with eye-popping amounts of funding, as Cruise scaled up its manufacturing, the company struggled to manage a growing ecosystem of suppliers. With limited personnel, the cybersecurity team was under constant pressure to review new vendors. Turnaround times got longer and longer, eventually cascading to slow down other security reviews, as well. Cruise chose the IoT security platform from VISO TRUST, a startup founded in 2016, based in San Geronimo, CA. The VISO TRUST risk management platform automates manual risk management tasks. Using AI and machine learning, the VISO TRUST platform has helped Cruise reduce manual assessments, cut overall assessment times in half, and shorten the turnaround time to onboard new vendors. “VISO Trust has completely automated the [security review] process, allowing us to reduce staff expenses by 90% and improve time to complete by 50% while supporting 117% more vendor assessments,” Hughes said. For the foreseeable future, IoT security, like the IoT market in general, will be a complicated problem with no simple, single-vendor solution. Organizations would be wise strengthen protections with existing vendors, and then tap into those vendors’ partner ecosystems. Startup partners are often laser-focused on industry-specific IoT security issues, and the solutions that interoperate with what you already have typically will offer the highest, quickest ROI. _______________________________________________________________ (Jeff Vance is an IDG contributing writer and the founder of Startup50.com , a site that discovers, analyzes, and ranks tech startups. Follow him on Twitter, @JWVance , or connect with him on LinkedIn .) Next read this:
Medigate Frequently Asked Questions (FAQ)
When was Medigate founded?
Medigate was founded in 2017.
Where is Medigate's headquarters?
Medigate's headquarters is located at 134 N 4th St., Brooklyn.
What is Medigate's latest funding round?
Medigate's latest funding round is Unattributed.
How much did Medigate raise?
Medigate raised a total of $80.35M.
Who are the investors of Medigate?
Investors of Medigate include Claroty, Blumberg Capital, YL Ventures, U.S. Venture Partners, Partech Partners and 3 more.
Who are Medigate's competitors?
Competitors of Medigate include Asimily and 3 more.
What products does Medigate offer?
Medigate's products include xDome and 4 more.
Who are Medigate's customers?
Customers of Medigate include Heritage Valley Health System, Childrens Mercy Kansas City and BW Offshore.
Compare Medigate to Competitors
Ordr autonomously identifies, regulates, and protects local networks by classifying attached systems and applying traffic flow and access policies accordingly. It taps machine learning algorithms and data analytics to build a baseline understanding of devices' behavior and flag suspicious events in real time to offer network-level device security. Ordr was founded in 2015 and is based in Santa Clara, California.
Asimily provides comprehensive monitoring for perspective maintenance and cyber-security across devices and vendors. Asimily’s IoMT risk remediation platform holistically secures mission-critical healthcare devices from cyberattacks for delivering safe and reliable care. It was founded in 2017 and is based in Sunnyvale, California.
Armis develops an asset intelligence and security platform. The platform helps protect devices such as laptops and smartphones, smart televisions (TVs), webcams, printers, industrial robots, medical devices, and more. It offers cyber asset attack surface management solutions, medical device security solutions, operational technology asset management solutions, and more. The company serves healthcare, manufacturing, retail, and other industries. It was founded in 2015 and is based in San Francisco, California.
Claroty provides cybersecurity solutions. The company offers solutions such as asset management, asset discovery, network protection, threat detection, and more. It serves industries such as healthcare, government, and more. The company was founded in 2015 and is based in New York, New York.
Finite State gives cyber defenders a tactical advantage by identifying the devices running on the network and proactively analyzing firmware buried inside the IoT devices for hidden vulnerabilities. With this insight, Finite State helps healthcare organizations understand and mitigate risks, detect advanced threats, and respond to attacks.
Cylera operates as a cybersecurity company. It offers asset management, risk analysis, smart segmentation, threat defense, compliance and risk governance, and more. The company's insights and recommendations simplify response playbooks when incidents arise and decrease the time to remediate and enable informed decision-making. It was founded in 2017 and is based in New York, New York.