Microsoft acquires ReFirm Labs to enhance IoT security

Microsoft acquires ReFirm Labs to enhance IoT security

Modern computing devices can be thought of as a collection of discrete microprocessors each with a dedicated function like high-speed networking, graphics, Disk I/O, AI, and everything in between. The emergence of the intelligent edge has accelerated the number of these cloud-connected devices that contain multiple specialized sub-processors each with its own firmware layer and often a custom operating system. Many vulnerability analysis and endpoint detection and response (EDR) tools find it challenging to monitor and protect devices at the firmware level, leading to an attractive security gap for attackers to exploit.


At the same time, we have also seen growth in the number of attacks against firmware where sensitive information like credentials and encryption keys are stored in memory. A recent survey commissioned by Microsoft of 1,000 security decision-makers found that 83 percent had experienced some level of firmware security incident, but only 29 percent are allocating resources to protect that critical layer. And according to March 2021 data from the National Vulnerability Database included in a presentation from the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) at the 2021 RSA, difficult-to-patch firmware attacks are continuing to rise. Microsoft’s Azure Defender for IoT team (formerly CyberX) recently announced alongside the Department of Homeland Security a series of more than 25 critical severity vulnerabilities in IoT and OT devices


The challenge in securing these devices starts with securing the supply chain. Device builders typically integrate third-party software and components in their solution, but they are missing the tools and the expertise in analyzing the components they consume and as a result may unknowingly ship devi ..

Support the originator by clicking the read the rest link below.