The two companies unveiled the acquisition on Wednesday, but did not disclose the terms of the deal. So far, the startup has raised $3.5 million in seed funding.
Headquartered in Maryland, ReFirm Labs develops open source-based products that help security experts find firmware vulnerabilities in connected devices (IoT Gateway, Switch, PLC, Sensors, Smart TV, Phone smartphone, camera, etc.).
ReFirm Binwalk Enterprise, formerly known as Centrifuge, offers Binwalk, a cloud-based SaaS version of the open source software (under the MIT license) developed since 2010 by the team that founded the startup seven years later. The free version of the extraction engine written in Python will be used by “50,000+ companies worldwide” (50,000 downloads likely to be understood).
Strengthening the security of the Internet of Things, IT infrastructure and technology, “Emergency”
Compatible with OS Linux, OSX, Cygwin, FreeBSD and Windows operating systems, Binwalk Enterprise can extract binary images and executable code from firmware and perform scans for outdated encryption keys, expired or heavily encrypted credentials, backdoors, exploits, and suspicious zero-day errors or involuntary changes and failure to comply with common security rules. The startup pulls CVEs from its benchmark databases and maintains a list of vulnerabilities found in its firmware.
Refirm also performs what it calls a “Software Materials List (SBOM)” to track versions and licenses of open source dependencies. The enterprise version basically provides ways to maintain the software (two-factor authentication, SSO, single-tenant deployment, etc.) and more reporting features (API, PDF, CLI, shared links, etc.). Binwalk is typically used for penetration testing and is being evaluated for its reverse engineering capabilities by security researchers.
David Weston, director of enterprise security and operating systems at Microsoft, said that security tools often struggle to identify vulnerabilities in a device’s firmware. “ReFirm’s analytics software will improve Azure Defender’s ability to detect vulnerabilities and apply fixes,” he said.
As deployments of IoT sensors accelerate, firmware becomes a “necessity to secure them,” David Weston wrote in a blog post.
In its announcement, ReFirm Labs says the two companies share the same view on IoT security risks.
“Vulnerabilities in the network, the Internet of Things, and advanced devices pose significant and growing security risks to businesses and consumers,” the cloud giant said. “By working with Microsoft, it has become clear that they share the same vision and urgency about IoT security.”
David Weston doesn’t express it clearly, but the cloud giant was already collaborating with Refirm Labs to develop Azure Defender for IoT, in order to perform discovery and network analytics on connected objects or (IT-OT deployments) associated with the Azure stack. Azure Defender for IoT primarily takes over the Binwalk Enterprise interface. But Microsoft is adding the ability to set the perimeter to be secured and identify potential attack vectors, in order to set alerts and start mitigating flaws or vulnerabilities.
New Line in IoT Investment Plan
In 2018, Microsoft pledged to spend $5 billion over four years on the Internet of Things. The company has made several investments since then. The acquisition of ReFirm Labs comes a year after Microsoft acquired Internet security startup CyberX, which has created a platform for discovering threats and vulnerabilities in IoT equipment. In 2019, Microsoft picked up Express Logic, which developed a real-time operating system (RTOS) for IoT devices.
Constellation Research analyst Liz Miller says the purchase is helping Microsoft solve a growing security problem. The National Institute of Standards and Technology has reported a fivefold increase in firmware attacks over the past four years with the number of IoT devices increasing.
Miller said firmware has become a prime target for hackers because it is difficult for IT teams to manage. As a result, Microsoft is working to fill holes in its IoT security portfolio “as quickly as possible, through development or acquisition”. »