Head over to our on-demand library to view sessions from VB Transform 2023. Register Here

Microsoft has acquired firmware security startup ReFirm Labs to boost its security capabilities for protecting internet of things and intelligent edge devices.

The intelligent edge — made up of cloud-connected devices capable of specialized tasks — have opened up a new attack surface, David Weston, Microsoft’s director of enterprise and operating system security, told VentureBeat. Attacks targeting sensitive information such as credentials and encryption keys stored in memory are on the rise, and Microsoft has spent the past few years “securing the operating system below the operating system,” he said.

“Microsoft believes that firmware is not a future threat, but an imperative to secure now as more devices flood the market and expand the available attack surface. We are committed to helping customers protect from these sophisticated threats now and in the future, which is why we’re announcing that we have acquired ReFirm Labs,” Weston wrote in a blog post on Tuesday. Microsoft declined to disclose the terms of the acquisition.

Microsoft has been focused on IoT security on multiple fronts, including Azure Defender for IoT, Azure Sentinel, and devices such as Edge Secured-core and Azure Sphere. The company has pledged to invest $5 billion in IoT by 2022. The acquisition of ReFirm Labs, with its expertise in firmware security and the Centrifuge firmware platform to analyze and detect security issues, is “a culmination of that [IoT] strategy,” Weston said, and will enhance the company’s “chip-to-cloud protection” capabilities.


VB Transform 2023 On-Demand

Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.


Register Now

“ReFirm allows us to assess all the code running on the device and provide a security rating before you connect the device,” Weston said. The tool is a “a key piece of the missing puzzle” to make it easier for organizations to feel comfortable about deploying IoT. “Today, you plug [the device] into the Internet and you say ‘YOLO, I hope everything’s cool.'”

‘Patch Tuesday’ for IoT

ReFirm Labs develops the open source Binwalk firmware security analysis tool, which has been used by more than 50,000 organizations around the world to analyze thousands of IoT and embedded devices to identify firmware security issues. System builders and device owners use the tool to assess device risk by looking for known vulnerabilities that have not yet been patched, uncovering exposed secrets (security keys, tokens, and passwords), flagging default passwords, and detecting other security problems.

ReFirm’s tool gives the end users an easy way to determine the basic security posture of the device. The analyzer — Weston called it “essentially a drag and drop tool” — unpacks the device firmware and performs nested scans looking for security issues. The tool is capable of scanning all kinds of IoT and edge devices, regardless of who built it, such as smart light bulbs, cars, printers, smart refrigerators, or servers running edge applications. The tool returns an assessment report as well as a “software bill of materials” explaining what components were used.

Enterprises can use the assessment to understand whether the devices meet security and compliance requirements before deploying them in the environment. Once the devices are connected, IT teams can monitor them with Azure Defender for IoT. And Azure Device Update, IoT’s version of Windows Update introduced six months ago, lets users apply patches.

“Now the customers have pretty much everything they need: They can assess the device, they can monitor it, and they can update it on Patch Tuesday, just as if it was a Windows device,” Weston said.

In the Windows world, IT teams rely on Qualys Cloud Platform or Tenable’s Nessus vulnerability scanner to assess the security of the network before applying all the Patch Tuesday updates. “Now you can do the same thing with IoT devices,” Weston said.

System builders — people building devices to sell — will be able to use the analyzer to show their devices are secure, which would boost buyer confidence in these devices.

Just the beginning

Microsoft has a vision of getting 50 billion intelligent edge devices connected to Azure, empowering digital transformation and running AI applications on the edge. The security issues are just getting worse. A recent Microsoft survey of 1,000 security decision makers found that 83% had experienced some level of firmware security incident. The Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) called out an increase in the number of attacks against difficult-to-patch firmware at the RSA Conference just last month.

Integrating ReFirm’s technology into Azure Defender for IoT is just the first step, Weston said. It was important to give customers all the various capabilities but to keep complexity low. He envisioned a future where firmware scanning was available across the Microsoft portfolio. “We’re going to stitch it through everywhere it makes sense. We’re going to integrate it into all the products that we can where we think we can help the user,” Weston said.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.