Microsoft obtained ReFirm Labs Wednesday in a bid to bolster its operational technology security choices. (Picture by Drew Angerer/Getty Visuals)
Microsoft obtained ReFirm Labs Wednesday in a bid to bolster its operational technology security choices.
ReFirm supplies drag-and-fall automatic firmware evaluation, which Microsoft hopes will give security insight for industrial IoT products, where security staff normally struggle to glimpse inside of created-in components.
“I operate vulnerability and pen tests for the functioning method group at Microsoft, and the excellent of reviews that were being coming out the ReFirm automated method was commencing to rival the things that I would spend a highly-competent specialist to deliver,” mentioned David Weston, Microsoft director of enterprise and OS security in Azure Edge and platform.
Microsoft’s ReFirm acquisition follows June’s acquisition of CyberX, an agentless OT network defense technique. Weston hopes that the goods will synergistically bolster the defenses of industrial methods. And when substantially of Microsoft’s declared concentration has been on industrial IoT, he sees worthy uses for everything with firmware, like desktops.
ReFirm was established in 2017 as an offshoot of the well known open up-supply Binwalk products. Weston stated he anticipated function on Binwalk would proceed unabated.
The ReFirm announcement arrives much less than a month soon after the Section of Homeland Security named “vulnerabilities beneath the running system” a key concentrate of long term cybersecurity initiatives. Thomas Ruoff and Boyden Rohner, methodology department main and affiliate director of CISA respectively, introduced an agency marketing campaign at the RSA Meeting previous thirty day period to increase firmware security.
The Cybersecurity and Infrastructure Security Company announcement exclusively mentions automatic code assessment as a critical element, a target Weston backs.
“Firmware is type of the software package that we politely dismiss right now,” he reported. “Mostly we really do not have capabilities about it.”
Some elements of this write-up are sourced from: