Microsoft recently acquired firmware security startup ReFirm Labs for an undisclosed amount. With its latest acquisition, the tech giant looks to strengthen its firmware analysis and security capabilities across devices that form the intelligent edge–from servers to IoT.
ReFirm Labs was founded by a group of IoT security experts, Peter Eacmen and Terry Dunlap, in 2017. The company has developed a method that automates the process of identifying security flaws in connected devices and mitigating them. Its Centrifuge Platform is the first to deliver this capability to the commercial market.
The addition of ReFirm Labs to Microsoft will bring both world-class expertise in firmware security and the Centrifuge firmware platform to enhance our ability to analyze and help protect firmware backed by the power and speed of our cloud, Microsoft said.
ReFirm’s technology is used by global companies to test firmware end-to-end and monitor new vulnerabilities. ReFirm Labs had raised a total of $3.5 million across multiple rounds from early-stage venture capital firms New Dominion Angels and DataTribe.
ReFirm Labs has also launched a popular firmware analytics tool Binwalk.
The emergence of the intelligent edge has boosted the number of cloud-connected devices with multiple specialised sub-processors– each with its firmware layer and often a custom operating system. Vulnerability analysis and endpoint detection and response (EDR) tools are not good enough to protect devices at the firmware level, resulting in a security gap.
In January 2021, a global wave of cyberattacks and data breaches started after four zero-day exploits were discovered in on-premises Microsoft Exchange servers, giving hackers full access to user emails, passwords and connected devices on the same network.
Reports suggest nearly 30,000 organisations across the US came under attack. A recent survey commissioned by Microsoft found 83 percent of the firms had experienced some firmware security incident, but only 29% are allocating resources to protect the critical layer.
In March 2021, the cybersecurity and infrastructure security agency (CISA) issued an emergency directive urging government networks to update a patched version of the exchange. In the same month, CISA urged users to scan exchange server logs with Microsoft’s detection tool.
Last month’s security breach at Colonial Pipeline saw hackers shutting down a significant part of America’s fuel supply. Following this incident, the US department of justice is now elevating investigations of ransomware attacks to a similar priority as terrorism.
India has seen an average of 213 weekly attacks since January 2021, as per Check Point Research.
With WFH becoming the new norm, reports show remote workers will continue to be a target for cybercriminals. According to Gartner, the security market is expected to reach $170.4 billion in 2022. As per Cabinet, 95% of cybersecurity breaches are caused by human error. Accenture also reported that 68% of business leaders feel their cybersecurity risks are increasing.
Microsoft acquired three other firms this year including software development company Kinovolk, conversational AI startup Nuance and global technology firm Marsden Group. Last year, it acquired CyberX to accelerate and secure customers’ IoT deployments.
Why ReFirm Labs?
Microsoft said the challenge of securing connected devices starts with securing the supply chain. The manufacturers typically integrate third-party software and components in their devices. They don’t have the tools and expertise to analyse the components they use and, as a result, may unknowingly ship connected devices with security vulnerabilities.
“We are committed to helping customers protect from these sophisticated threats now and in the future, which is why we’re announcing that we have acquired ReFirm Labs,” Microsoft said.
“This acquisition marks the next step in our journey and ability to help secure customers from the chip to the cloud, backed by more than 3,500 defenders at Microsoft and the >8 trillion security signals we process every day,” said Microsoft.
Microsoft has already taken steps to bring the power of the cloud to help secure and eliminate gaps between hardware and software with the announcement of Secured-core PCs, the creation of the Pluton security processor.
ReFirm and Microsoft will proactively try to curb the next big attack surface, firmware. Together, we will continue to provide innovation and value to our customers by helping them discover, monitor, and update all of their network-connected devices, said Microsoft.