Security Architecture, Cloud Security, Endpoint/Device Security, IoT, Governance, Risk and Compliance, Critical Infrastructure Security, ICS/SCADA, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Microsoft acquires firmware analysis company ReFirm, eying edge IoT security

The Cybersecurity and Infrastructure Security Agency is particularly concerned that recently disclosed vulnerabilities in Microsoft Exchange servers will become a locus of ransomware activity. (Photo by Drew Angerer/Getty Images)

Microsoft acquired ReFirm Labs Wednesday in a bid to bolster its operational technology security offerings.

ReFirm provides drag-and-drop automated firmware analysis, which Microsoft hopes will provide security insight for industrial IoT products, where security personnel often struggle to look inside built-in hardware.

"I run vulnerability and pen testing for the operating system group at Microsoft, and the quality of reports that were coming out the ReFirm automated system was starting to rival the things that I would pay a highly-skilled professional to generate," said David Weston, Microsoft director of enterprise and OS security in Azure Edge and platform.

Microsoft's ReFirm acquisition follows June's acquisition of CyberX, an agentless OT network defense system. Weston hopes that the products will synergistically bolster the defenses of industrial systems. And while much of Microsoft's announced focus has been on industrial IoT, he sees worthy uses for anything with firmware, including desktops.

ReFirm was founded in 2017 as an offshoot of the popular open-source Binwalk product. Weston said he anticipated work on Binwalk would continue unabated.

The ReFirm announcement comes less than a month after the Department of Homeland Security named "vulnerabilities below the operating system" a key focus of future cybersecurity efforts. Thomas Ruoff and Boyden Rohner, methodology branch chief and associate director of CISA respectively, announced an agency campaign at the RSA Conference last month to increase firmware security.

The Cybersecurity and Infrastructure Security Agency announcement specifically mentions automated code analysis as a key component, a goal Weston backs.

"Firmware is kind of the software that we politely ignore today," he said. "Mostly we don't have capabilities around it."

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.