ReFirm Labs Announces Spring 2020 Release of its IoT Firmware Security Platform to Address Growing Compliance Standards
IoT device manufacturers and users can automate compliance checks against new IoT security standards and regulations while protecting against emerging cyber and supply chain threats
FULTON, Md. – June 18, 2020 – ReFirm Labs, a provider of the industry’s first proactive IoT and firmware security solutions, today announced the Spring 2020 release of its flagship Centrifuge Platform®. Centrifuge vets, validates and continuously monitors the security of firmware – the software that runs IoT devices – to protect against emerging cyber threats. With this new release, Centrifuge continues to enhance the capabilities of its platform and introduces automated compliance reporting to address the rapidly increasing number of IoT industry standards and regulatory requirements.
Widely recognized as a pressing cybersecurity issue, firmware is a major unprotected attack surface that hackers use to get a foothold and move laterally into corporate or critical infrastructure networks. A host of emerging standards and regulations are being developed to address this threat by enforcing proper cyber hygiene by IoT device manufacturers. Recently both the US Cyberspace Solarium Commission and the NIST Cybersecurity for IoT Program released reports recommending stronger regulatory enforcement and clearer baseline standards and guidance for IoT device manufacturers and their supply chains in order to defend the country against cyberattacks. The Solarium report recommended Congress pass laws making device manufacturers liable for delivering products with known vulnerabilities.
“IoT firmware is the next big attack vector. Yet IoT device manufacturers and users alike struggle to demonstrate compliance with these emerging standards and regulations due to the complicated, time intensive and expensive cybersecurity assessment process for these products. Device manufacturers also need visibility into the security of third-party components from their supply chain. Automation of these assessments and validation early in the development process is the key to trust and managing risk throughout the IoT ecosystem,” said Derick Naef, CEO of ReFirm Labs.
He adds, “Just as organizations require a show of security and compliance due diligence for their enterprise applications, so should they be doing for their IoT devices.”
The Spring ’20 release of ReFirm Labs’ Centrifuge Platform introduces major new capabilities that expand the firmware security analysis platform to help automate and address the compliance and certification needs of embedded systems. Updates include:
- Security Policy and Standards Compliance Validation: To help IoT device manufacturers integrate security policies into their quality checks and development process, these security policies can be defined and automatically checked against the Centrifuge analysis results. The new Centrifuge Policy Engine quickly determines if a product release is compliant, which saves time and money before starting an expensive and time consuming certification process. In addition, manufacturers can now enforce security compliance when receiving code from third parties before they accept new releases. And product security teams can quickly evaluate compliance before that equipment is placed on the network. Security policies can be customized and mapped to any one of the emerging security standards to verify standards compliance.
- Firmware Comparison for Supply Chain Visibility: To address Cyber Supply Chain Risks, Centrifuge now supports firmware differencing. Product security teams can get a detailed view of what has changed between releases or within equipment in the field. This reduces the time required to conduct product security assessments. Now security analysts can focus on just those components that changed or identify changes they were not expecting. Automated firmware differencing provides a key capability to organizations standing up Cyber Supply Chain Risk Management programs as required by emerging industry regulations.
Other key improvements to Centrifuge’s core security analysis capabilities include:
- Speed – Dramatically improved firmware extraction & analysis speed in some cases 10x faster
- Expanded vulnerability coverage – 10 new analyzers for detecting known vulnerabilities in open source components, including Bluetooth, UPnP, and a variety of SSL security libraries
- Expanded exploit coverage – 4 new detectors to identify exploits, including CABLEHAUNT and HiSilicon backdoors
- PowerPC support – Binary analysis of firmware built for the PowerPC CPU architecture
- Enhanced security – Support for two-factor authentication
Highly scalable, automated and cloud-based, the Centrifuge Platform is a simple and reliable way for monitoring security across an entire system of deployed IoT devices without the need for agents or access to the network itself. Centrifuge has been proven to increase productivity for security teams while reducing the number of breaches on internet-connected devices.