Sectigo and ReFirm Labs Partner to Help Device Manufacturers Uncover IoT Firmware Vulnerabilities and Achieve Compliance
Sectigo has partnered with ReFirm Labs to help device OEMs ensure security and compliance. Under the agreement, Sectigo’s customers will now have access to ReFirm Lab’s firmware scanning tools to analyze device firmware and detect known vulnerabilities, out-of-date open source components, hard-code encryption keys, expired certificates, and potential zero-day vulnerabilities.
Device firmware presents a largely unprotected attack surface that hackers can use to gain access to—and move laterally within—corporate or critical infrastructure networks. The explosion of connected devices has escalated this risk, leading industry groups, including the U.S. Cyberspace Solarium Commission, to recommend stronger regulatory enforcement and clearer baseline standards and guidance for IoT device manufacturers and their supply chains to combat attacks on device firmware.
ReFirm Labs’ Centrifuge Platform provides an automated platform to analyze IoT / embedded device firmware to identify potential cybersecurity vulnerabilities before original equipment manufacturers (OEMs) release firmware updates, and before deployment onto device operators’ networks. Sectigo IoT Identity Platform is the industry’s first end-to-end IoT security platform, offering both embedded device identity and integrity technologies, as well as purpose-built certificate issuance and management.
By combining the two platforms, OEMs using both Sectigo and ReFirm Labs platforms are able to:
- Create more secure embedded software
- Guarantee the integrity of device software and validity of certificates at boot, and in software updates
- Protect the device by operating through secure boot, secure storage, and embedded firewall technologies
- Detect hard-code encryption keys, expired certificates, and other security vulnerabilities
- Ensure compliance with a growing number of IoT security standards, such as NIST 8259, OWASP IoT Top 10, and ISA/IEC 62443
“Sectigo’s IoT security platform was created to deliver end-to-end security for every connected device, at the point of manufacture and throughout the entire lifecycle,” said Alan Grau, VP of IoT/Embedded Solutions, Sectigo. “By teaming with ReFirm Labs, we are enabling device OEMs to address security and compliance requirements using a comprehensive solution that works across every stage of the device lifecycle.”
“Our partnership with Sectigo is an important advancement in addressing the growing market and regulatory pressure that is forcing device OEMs to adopt best practices for developing secure IoT device firmware. Using ReFirm Labs’ Centrifuge Platform, our OEM customers are able to uncover the vulnerabilities in IoT devices. They can then address those problems using Sectigo’s IoT Security platform, and ultimately implement higher levels of security and achieve compliance with new standards for device security,” explained Derick Naef, CEO, ReFirm Labs.
For more information about Sectigo’s IoT Security Platform, visit https://www.sectigo.com/enterprise-solutions/sectigo-iot-platform.
About ReFirm Labs
ReFirm Labs provides the industry's first IoT and firmware security solutions that proactively vet, validate and continuously monitor IoT devices from hidden threats. The company’s flagship product, Centrifuge Platform®, detects and reports potential zero-day vulnerabilities, hidden crypto keys, backdoor passwords and known vulnerabilities in IoT devices without needing access to source code. ReFirm Labs' technology has been proven to provide the insight and intelligence needed for users to proactively defend connected devices and maintain compliance and the integrity of supply chain security. Founded by a team of former NSA offensive cyber operators, ReFirm Labs is trusted by government agencies and Fortune 500 companies that operate in a wide variety of industries, including: telecommunications, cloud infrastructure and data centers, automotive, health care, utilities, and manufacturing. For more information, visit https://www.refirmlabs.com or follow on Twitter @ReFirmLabs.
About Sectigo
Sectigo is a leading cybersecurity provider of digital identity solutions, including TLS / SSL certificates, DevOps, IoT, enterprise-grade PKI management, and multi-layered web security. As the world's largest commercial Certificate Authority with more than 700,000 customers and over 20 years of experience in online trust, Sectigo partners with organizations of all sizes to deliver automated public and private PKI solutions for securing webservers, user access, connected devices, and applications. Recognized for its award-winning innovation and best-in-class global customer support, Sectigo has the proven performance needed to secure the digital landscape of today and tomorrow. For more information, visit www.sectigo.com and follow @SectigoHQ.