“Modern computing devices can be thought of as a collection of discrete microprocessors each with a dedicated function like high-speed networking, graphics, Disk I/O, AI, and everything in between. The emergence of the intelligent edge has accelerated the number of these cloud-connected devices that contain multiple specialized sub-processors each with its own firmware layer and often a custom operating system. Many vulnerability analysis and endpoint detection and response (EDR) tools find it challenging to monitor and protect devices at the firmware level, leading to an attractive security gap for attackers to exploit.
At the same time, we have also seen growth in the number of attacks against firmware where sensitive information like credentials and encryption keys are stored in memory. A recent survey commissioned by Microsoft of 1,000 security decision-makers found that 83 percent had experienced some level of firmware security incident, but only 29 percent are allocating resources to protect that critical layer. And according to March 2021 data from the National Vulnerability Database included in a presentation from the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) at the 2021 RSA, difficult-to-patch firmware attacks are continuing to rise. Microsoft’s Azure Defender for IoT team (formerly CyberX) recently announced alongside the Department of Homeland Security a series of more than 25 critical severity vulnerabilities in IoT and OT devices
The challenge in securing these devices starts with securing the supply chain. Device builders typically integrate third-party software and components in their solution, but they are missing the tools and the expertise in analyzing the components they consume and as a result may unknowingly ship devices with security vulnerabilities.
This is where ReFirm Labs comes in. Microsoft believes that firmware is not a future threat, but an imperative to secure now as more devices flood the market and expand the available attack surface. We are committed to helping customers protect from these sophisticated threats now and in the future, which is why we’re announcing that we have acquired ReFirm Labs.
Microsoft will enhance chip-to-cloud protection with ReFirm Labs
We are excited to announce that ReFirm Labs is joining Microsoft to enrich our firmware analysis and security capabilities across devices that form the intelligent edge, from servers to IoT. The addition of ReFirm Labs to Microsoft will bring both world-class expertise in firmware security and the Centrifuge firmware platform to enhance our ability to analyze and help protect firmware backed by the power and speed of our cloud.
ReFirm are the authors of the well-respected Binwalk open-source software, which has been used to analyze thousands of device types for firmware security issues, uncovering unpatched common vulnerabilities and exposures (CVEs), insecure secrets, and a multitude of other security problems in plugin IoT devices and embedded firmware. ReFirm’s firmware analysis technology will advance Microsoft’s existing capabilities to help secure IoT and OT devices via Azure Defender for IoT which was recently enhanced with technology from our acquisition of CyberX. Together, we will provide device builders and customers the ability to both discover, protect, and assess device risk both at the firmware and network level and then patch devices with an easy-to-use cloud-based solution as is explained in this video.
Microsoft has already taken steps to bring the power of the cloud to help secure and eliminate gaps between hardware and software with the announcement of Secured-core PCs, the creation of the Pluton security processor with our partners, and most recently the extension of secured-core to servers and edge devices. This acquisition marks the next step in our journey and ability to help secure customers from the chip to the cloud, backed by more than 3,500 defenders at Microsoft and the >8 trillion security signals we process every day.
We are thrilled to take this next step with ReFirm Labs to proactively address what is already becoming the next big attack surface, firmware. Together, will continue to provide innovation and value to our customers by helping them discover, monitor, and update all of their network-connected devices. The technology and expertise that ReFirm brings will be an incredible addition to Microsoft and help us continue to deliver on our commitment to protecting from the chip to the cloud.”