Centrifuge Winter Release 2020

by Jan 22, 2020

ReFirm Labs Announces Winter 2020 Release of Updates to Its Centrifuge Platform for IoT and Firmware Security 

ReFirm Labs continues to enhance the capabilities of its flagship platform that proactively vets, validates and continuously monitors the security of the firmware that runs IoT devices

FULTON, Md. – Jan. 22, 2020 – ReFirm Labs, a provider of the industry’s first proactive IoT and firmware security solutions, today announced the Winter 2020 release of updates to its flagship Centrifuge Platform®. The first solution that proactively manages the security of firmware — a specific class of software that provides the low-level control for the hardware of an IoT device — Centrifuge Platform® can identify and report abnormalities and vulnerabilities in firmware in less than 30 minutes. It allows companies to quickly analyze their firmware for hidden dangers and respond immediately to potential weak spots.

The Winter 2020 updates include:

  • Binary Hardening Analysis: To make it more difficult for hackers to gain control of an IoT device by exploiting bugs in a product’s source code, Centrifuge Platform® adds support for Binary Hardening Analysis that reports across five different hardening features for all executable code in firmware. The analysis identifies options — such as randomizing code loading and creating “stack canaries” that prevent buffer overruns — for automatically hardening code to make it more difficult for attackers to exploit bugs. Analysis results are also available via Centrifuge Platform’s API.
  • Automated Reverse Engineering Support for ARM64 Architectures: As the IoT industry continues to rapidly adopt 64-bit ARM as a CPU architecture, Centrifuge Platform®’s automated reverse engineering analysis now supports ARM64. By identifying potential zero-day vulnerabilities, Centrifuge Platform® dynamically emulates each potential vulnerability to reduce the number of false positives by an order of magnitude.
  • Enterprise SSO Authentication: The cloud version of Centrifuge Platform® adds support for Enterprise Single Sign-on (SSO) authentication, with initial support for federated identity providers from Google and Ping Identity. Enterprise SSO Authentication improves the overall security, compliance and end user experience of Centrifuge Platform® and includes Active Directory authentication for customers that are using the on-premise deployment of Centrifuge Platform® for legal or security purposes.

“These newest updates continue to enhance the capabilities of Centrifuge Platform and further enable developers and penetration testers to more thoroughly analyze the firmware that powers IoT devices,” said Derick Naef, CEO of ReFirm Labs. “These new features add to the robust set of proactive tools in Centrifuge Platform that can prevent attackers from gaining a foothold in a network through IoT devices.”

Centrifuge Platform® identifies and reports potential zero-day vulnerabilities, hidden crypto keys, backdoor passwords and already known vulnerabilities in IoT devices, all without needing access to source code. Highly scalable, automated and cloud-based, Centrifuge Platform® is a simple and reliable way for monitoring security across an entire system of deployed IoT devices without the need for agents or access to the network itself. Centrifuge Platform® has been proven to increase productivity for security teams while reducing the number of breaches on internet-connected devices.

Other Announcements
IoT Cybersecurity Education Program

IoT Cybersecurity Education Program

ReFirm Labs Launches IoT Cybersecurity Education Program to Advance Cyber Skills and Tackle Emerging National Security Threats Collaborating with nation’s top universities to arm new generation of cyber professionals with tools and skills to find dangerous bugs in IoT...

Centrifuge Addresses Growing IoT Compliance Standards

Centrifuge Addresses Growing IoT Compliance Standards

The Spring ’20 release of ReFirm Labs’ Centrifuge Platform introduces major new capabilities that expand the firmware security analysis platform to help automate and address the compliance and certification needs of embedded systems.