Synergy with SBOMs: Relay Medical and Cybeats reflect on acquisition

Toronto-based technology innovator Relay Medical acquired cybersecurity firm Cybeats for a little over $7 million back in March. After a smooth deal, the freshly integrated outfit sat down with 4i-mag to discuss the transition process.

The stakes are mounting for cybersecurity professionals. The world was still coming to terms with the Colonial pipeline ransomware attack at the start of May, when another major company was targeted by hackers. This time JBS, the largest meatpacking company in the world, had its global operations brought to a standstill.

As of late 2020, global IoT connections already outnumbered non-IoT devices, and more and more equipment is coming online every second. This presents a formidable challenge for IT and cybersecurity professionals who must protect an increasingly bloated and diverse digital landscape.

“The basic need that we are addressing was actually highlighted recently by the White House,” explains Yoav Raiter, Cybeats’s freshly onboarded CEO and head of its new parent company, Relay Medical.

Cybeats’s solution is a cybersecurity platform for critical devices, rooted in the idea of the Software Bill of Materials (SBOM), Yoav explains. SBOM, which is essentially an itemised list of the components that make up a software application, appeared no less than 11 times in President Joe Biden’s recent executive order on cybersecurity standards.

This gives some sense of the timeliness of Cybeats’s offering.

Mounting recognition

Immediately following the acquisition by Relay, security thought leader Chuck Brooks joined Cybeats on the company’s advisory board. Cyber expert Chris Blask, the architect of the Digital Bill of Materials, came on board shortly after. The arrival of the two men indicates growing momentum at the company.

The acquisition has been transformative, according to Dmitry Raidman, Cybeats’s CTO and one of the company’s three founders.

“Things that we wouldn’t dream of happening a year ago, two years ago — now they’re just happening on their own,” he says, adding that being in a room with these kinds of thinkers felt like meeting celebrities. The vision and strategic foresight they bring to proceedings is invaluable, he explains.

The fusion with Relay Medical was also surprisingly seamless; the process took less than a month.

“It’s been really great — a great synergy […] we probably tripled our speed of releasing and innovating since we closed this transaction,” the CTO explains, adding that the resources available — academic, scientific, and financial — have been incredible.

Security by design

Cybeats started out in 2016, when Dmitry and his cofounders tried to meet a cyber industry need absent from the market. The CTO recalls his surprise in realising that a baby monitor that he tried had allowed unguarded access to its video feed for anyone with an internet connection.

There was zero security on these kinds of devices at the time, Dmitry explains. This led him to develop a solution with his own teams.

At its most basic, Cybeats’s solution keeps an effective record of what software elements are on any given model of device, like ingredients in a recipe, explains the company’s CEO, Yoav. It also knows their dependencies and supply chain relationships. Software can be monitored as cyber threats are identified for individual software components. This provides a risk picture for the device and simplifies the process of assessing which software needs updated at any given time.

But “Cybeats is more than a database to compare things,” Yoav says.

The solution embeds a software agent onto each device at the point of production. This agent knows the correct function of the device, concerning itself only with whether operations are normal.

This narrow focus grants the agent an extremely small digital footprint. This is a crucial consideration for IoT, as capacity on devices is quite limited. By monitoring security in this way, device down time is greatly reduced, saving customers critical time and money.

Yoav compares it to a bodyguard: rather than making decisions, the solution validates and ensures that only the right doors get opened. If the wrong doors are accessed, Cybeats provides an alert and keeps the door closed.

Smooth chemistry

Opening the right doors has also been a key part of Relay’s role with Cybeats.

The parent company was once just a client, using Cybeats’s solution to secure its medical devices. But when a capital-hungry cyber start-up went looking for funds, the team at Relay saw an opportunity.

“You do business with people,” Yoav explains, adding that it is never simply about transactions. “We fell in love with the technology, and we had a good chemistry with our supplier […] and you know, the relationship developed,” he concludes.

Going forward, Relay will provide the financial background and financial tools, wielding its advantage as a public company.

“There are tools that public companies have that other small companies, or cybersecurity companies, don’t have,” Yoav says. It is through these links that Cybeats now enjoys connections with celebrated voices in the industry.

“Our DNA at Relay Medical is people that came from start-up industries: we know what’s required to grow,” Yoav explains, adding that Relay is by no means one of those huge companies that come to swallow up and bog down budding innovators.

CTO and founder Dmitry affirms that his time with the company has no horizon.

“I’m very engaged and I’m planning to stick around for many more years,” he explains — “We are going to grow this company.”

Crucially, Cybeats is now publicly traded under CSE:RELA. “With that, the company is poised to capture a wider investor following, which is both an exciting catalyst and an opportunity for Cybeats,” explains Yoav Raiter.

The company is fielding interest from players in the infrastructure space, in IoT and top medical device manufacturers, with prospects in the automotive sector and even aerospace. The focus will be on original equipment manufacturers and device operators.

Because the security features are incorporated during production, the costs for manufacturers per device are very low, Yoav says. In fact, clients can even monetise the solution by creating their own branded cybersecurity environment using Cybeats’s software lifecycle management as a service. Yoav and Dmitry are convinced that this business model gives the company massive scaling potential.

“At the moment we just want to move fast and prove that the product is working,” Yoav explains. The validation from market experts is already there, next what is needed are proof cases through installations with increasing numbers of clients, he says.

With so many threads to pull, Cybeats aims to grow quickly. Currently, fewer than 20 people work at the company, but Yoav and Dmitry hope to double the number of employees every few months, or even weeks, as they take on salespeople and the product development ramps up. Prior to the acquisition, Cybeats raised $3 million in a seed investment round announced in December 2018.

Mark Swift is a Scottish freelance journalist and writer based in Paris. His work covers business, technology, European politics, and EU policy. Before writing for 4i-mag, he was a journalist for Young Company Finance Scotland, covering investment in Scottish technology start-ups. Mark's portfolio can be found here: