Many vulnerability analysis and endpoint detection and response (EDR) tools find it challenging to monitor and protect devices at the firmware level, say the companies, leading to an attractive security gap for attackers to exploit. ReFirm Labs is the developer of the Binwalk Open Source software for extracting file systems from firmware images for analysis, which has been used to analyze thousands of connected device types for firmware security issues, uncovering unpatched common vulnerabilities and exposures (CVEs), insecure secrets, and a multitude of other security problems in plugin IoT devices and embedded firmware.
The company's Binwalk Enterprise version (formerly Centrifuge) includes automation and deep reporting tools that transform device-by-device analysis into a scalable security process. Once a firmware image is analyzed, Binwalk Enterprise continuously monitors and notifies users of new CVEs and vulnerabilities without ever accessing their network.
The acquisition of Refirm Labs, says Microsoft, will enrich its firmware analysis and security capabilities across devices that form the intelligent edge, from servers to IoT.
"Microsoft believes that firmware is not a future threat, but an imperative to secure now as more devices flood the market and expand the available attack surface," says David Weston, Director of Enterprise and OS Security at Microsoft. "The addition of ReFirm Labs to Microsoft will bring both world-class expertise in firmware security and the Centrifuge firmware platform to enhance our ability to analyze and help protect firmware backed by the power and speed of our cloud."
The company says ReFirm’s firmware analysis technology will advance its existing capabilities to help secure IoT and OT devices via Azure Defender for IoT, which was recently enhanced with technology from its acquisition of CyberX .
"Together," says Weston, "we will provide device builders and customers the ability to both discover, protect, and assess device risk both at the firmware and network level and then patch devices with an easy-to-use cloud-based solution."
The acquisition cost was not disclosed.