Sternum

Sternum is an IoT security company that provides an embedded security and observability platform for connected devices. Founded by veterans of the Israeli Defense Forces' Unit 8200, the company develops technology designed to protect IoT devices at the firmware level, targeting device manufacturers across industries including medical devices (IoMT), industrial, and consumer IoT. The core of Sternum's offering is its Embedded Integrity Verification (EIV™) technology, which instruments device firmware to enforce runtime memory and control flow integrity. EIV operates directly on embedded systems with minimal performance overhead, providing protection against memory-based attacks such as buffer overflows, heap corruption, double-free, use-after-free, and return-oriented programming (ROP) attacks. The approach is described as deterministic, meaning it enforces strict behavioral rules rather than relying on pattern matching or signatures, enabling zero-day threat protection without requiring updates. Beyond active runtime protection, the platform also provides device observability capabilities, including real-time security alerts, health metrics, and detailed logs accessible remotely. This allows device manufacturers to monitor deployed devices at scale and identify issues—including software bugs like memory leaks—during both preproduction and post-deployment phases. Sternum's platform supports multiple embedded operating systems, including Zephyr RTOS, and is designed for integration into the product development lifecycle. The company holds patents covering flow integrity, code protection, and memory protection. It has raised approximately $36M in funding from investors including Spark Capital, Square Peg, and btov Partners.