Modern computing devices can be thought of as a collecting of discrete microprocessors each with a dedicated role like high-speed networking, graphics, Disk I/ O, AI, and everything in between. The emergence of the intelligent boundary has accelerated the number of these cloud-connected machines that contain multiple specialized sub-processors each with its own firmware layer and often a custom operating system. Many vulnerability analysis and endpoint detection and response( EDR) tools find it challenging to monitor and protect machines at the firmware degree, leading to an attractive security gap for attackers to exploit.
At the same time, we have also seen growth in the number of attacks against firmware where sensitive knowledge like credentials and encryption keys are stored in memory. A recent survey commissioned by Microsoft of 1,000 security decision-makers found that 83 percent had experienced some level of firmware security incident, but only 29 percent are allocating resources to protect that critical layer. And according to March 2021 data from the National Vulnerability Database included in a presentation from the Department of Homeland Security’s Cybersecurity and Infrastructure Agency( CISA ) at the 2021 RSA, difficult-to-patch firmware attacks are continuing to rise. Microsoft’s Azure Defender for IoT team( formerly CyberX) recently announced alongside the Department of Homeland Security a series of more than 25 critical severity vulnerabilities in IoT and OT devices
The challenge in securing these devices starts with securing the render chain. Device builders typically integrate third-party software and ingredients in their solution, but they are missing the tools and the skills necessary in analyzing the components they consume and as a result may unknowingly ship devices with security vulnerabilities.
This is where ReFirm Labs comes in. Microsoft believes that firmware is not a future menace, but an imperative to fasten now as more machines flood the market and expand the available attack surface. We are committed to helping clients be protected against these sophisticated menaces now and in the future, which is why we’re announcing that we have acquired ReFirm Labs.
Microsoft will enhance chip-to-cloud protection with ReFirm Labs
We are excited to announce that ReFirm Labs is joining Microsoft to enrich our firmware analysis and security abilities across devices that form the intelligent side, from servers to IoT. The addition of ReFirm Labs to Microsoft will bring both world-class expertise in firmware questions of safety and the Centrifuge firmware platform to enhance our ability to analyze and help protect firmware backed by the power and hastened of our cloud.
ReFirm are the authors of the well-respected Binwalk open-source software, which has been used to analyze thousands of device kinds for firmware security issues, uncovering unpatched common vulnerabilities and exposures( CVEs ), insecure secrets, and a multitude of other safety problem in plugin IoT devices and embedded firmware. ReFirm’s firmware analysis technology will advance Microsoft’s existing capabilities to help secure IoT and OT machines via Azure Defender for IoT which was recently improved with engineering from our acquisition of CyberX. Together, we will provide device builders and patrons capacities necessary to both discover, protect, and assess machine peril both at the firmware and network level and then patch devices with an easy-to-use cloud-based solution as is explained in this video.
Microsoft has already taken steps to bring the power of the cloud to help secure and eliminate gaps between hardware and software with the announcement of Secured-core PCs, the creation of the Pluton security processor with our partners, and most recently the extension of secured-core to servers and edge devices. This acquisition marks the next step in our journey and ability to help secure customers from the chip to the cloud, backed by more than 3,500 defenders at Microsoft and the> 8 trillion security signals we process every day.
We are thrilled to take this next step with ReFirm Labs to proactively address what is already becoming the next big onslaught surface, firmware. Together, will continue to provide innovation and value to our customers by helping them discover, monitor, and update all of their network-connected machines. The engineering and expertise that ReFirm brings will be an incredible addition to Microsoft and help us continue to deliver on our commitment to protecting from the chip to the cloud.
To learn more about Microsoft Security answers, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
The post Microsoft acquires ReFirm Labs to enhance IoT security seemed first on Microsoft Security .
Read more: microsoft.com