-
ReFirm Labs, a provider of the industry’s first proactive IoT and firmware security solutions.
-
IoT device manufacturers and users can automate compliance checks against new IoT security standards and regulations while protecting against emerging cyber and supply chain threats.
-
Centrifuge continues to enhance the capabilities of its platform and introduces automated compliance reporting to address the rapidly increasing number of IoT industry standards and regulatory requirements.
ReFirm Labs, a provider of the industry’s first proactive IoT and firmware security solutions, today announced the Spring 2020 release of its flagship Centrifuge Platform®. Centrifuge vets, validates and continuously monitors the security of firmware - the software that runs IoT devices - to protect against emerging cyber threats. With this new release, Centrifuge continues to enhance the capabilities of its platform and introduces automated compliance reporting to address the rapidly increasing number of IoT industry standards and regulatory requirements.
Widely recognized as a pressing cybersecurity issue, firmware is a major unprotected attack surface that hackers use to get a foothold and move laterally into corporate or critical infrastructure networks. A host of emerging standards and regulations are being developed to address this threat by enforcing proper cyber hygiene by IoT device manufacturers. Recently both the US Cyberspace Solarium Commission and the NIST Cybersecurity for IoT Program released reports recommending stronger regulatory enforcement and clearer baseline standards and guidance for IoT device manufacturers and their supply chains in order to defend the country against cyberattacks. The Solarium report recommended Congress pass laws making device manufacturers liable for delivering products with known vulnerabilities.
Read More: SDSol Technologies Provides an Overview of How IoT Can Transform Your Business
IoT firmware is the next big attack vector. Yet IoT device manufacturers and users alike struggle to demonstrate compliance with these emerging standards and regulations due to the complicated, time intensive and expensive cybersecurity assessment process for these products. Device manufacturers also need visibility into the security of third-party components from their supply chain. Automation of these assessments and validation early in the development process is the key to trust and managing risk throughout the IoT ecosystem,
Derick Naef, CEO of ReFirm Labs.
He adds, “Just as organizations require a show of security and compliance due diligence for their enterprise applications, so should they be doing for their IoT devices.”
The Spring ’20 release of ReFirm Labs’ Centrifuge Platform introduces major new capabilities that expand the firmware security analysis platform to help automate and address the compliance and certification needs of embedded systems. Updates include:
• Security Policy and Standards Compliance Validation: To help IoT device manufacturers integrate security policies into their quality checks and development process, these security policies can be defined and automatically checked against the Centrifuge analysis results. The new Centrifuge Policy Engine quickly determines if a product release is compliant, which saves time and money before starting an expensive and time consuming certification process. In addition, manufacturers can now enforce security compliance when receiving code from third parties before they accept new releases. And product security teams can quickly evaluate compliance before that equipment is placed on the network. Security policies can be customized and mapped to any one of the emerging security standards to verify standards compliance.
• Firmware Comparison for Supply Chain Visibility: To address Cyber Supply Chain Risks, Centrifuge now supports firmware differencing. Product security teams can get a detailed view of what has changed between releases or within equipment in the field. This reduces the time required to conduct product security assessments. Now security analysts can focus on just those components that changed or identify changes they were not expecting. Automated firmware differencing provides a key capability to organizations standing up Cyber Supply Chain Risk Management programs as required by emerging industry regulations.
Other key improvements to Centrifuge’s core security analysis capabilities include:
• Speed: Dramatically improved firmware extraction & analysis speed in some cases 10x faster
• Expanded vulnerability coverage: 10 new analyzers for detecting known vulnerabilities in open source components, including Bluetooth, UPnP, and a variety of SSL security libraries
• Expanded exploit coverage: 4 new detectors to identify exploits, including CABLEHAUNT and HiSilicon backdoors
• PowerPC support: Binary analysis of firmware built for the PowerPC CPU architecture
• Enhanced security: Support for two-factor authentication
Highly scalable, automated and cloud-based, the Centrifuge Platform is a simple and reliable way for monitoring security across an entire system of deployed IoT devices without the need for agents or access to the network itself. Centrifuge has been proven to increase productivity for security teams while reducing the number of breaches on internet-connected devices.
Read More: Canuc Signs MoU with M3SH Technologies for IoT Equipment Distribution
About ReFirm Labs
ReFirm Labs provides the industry's first IoT and firmware security solutions that proactively vet, validate and continuously monitor IoT devices from hidden threats. Its flagship product, Centrifuge Platform®, detects and reports potential zero-day vulnerabilities, hidden crypto keys, backdoor passwords and known vulnerabilities in IoT devices without needing access to source code. ReFirm Labs' technology has been proven to provide the insight and intelligence needed for users to proactively defend connected devices and maintain compliance and the integrity of supply chain security. Founded by a team of former NSA offensive cyber operators, ReFirm Labs is trusted by government agencies and Fortune 500 companies that operate in a wide variety of industries, including: telecommunications, cloud infrastructure and data centers, automotive, health care, utilities, and manufacturing.