Sectigo, a renowned provider of automated digital identity management and web security solutions, has partnered with ReFirm Labs to help device original equipment manufacturers (OEMs) ensure security and compliance. Under the agreement, Sectigo’s customers will now have access to ReFirm Lab’s firmware scanning tools to analyse device firmware and detect known vulnerabilities, out-of-date open source components, hard-code encryption keys, expired certificates, and potential zero-day vulnerabilities.
Device firmware presents a largely unprotected attack surface that hackers can use to gain access to - and move laterally within - corporate or critical infrastructure networks.
End-to-end IoT security platform
The explosion of connected devices has escalated this risk, leading industry groups, including the U.S. Cyberspace Solarium Commission, to recommend stronger regulatory enforcement and clearer baseline standards and guidance for IoT device manufacturers and their supply chains to combat attacks on device firmware.
Sectigo’s IoT security platform was created to deliver end-to-end security for every connected device"
ReFirm Labs’ Centrifuge Platform provides an automated platform to analyse IoT / embedded device firmware to identify potential cyber security vulnerabilities before OEMs release firmware updates, and before deployment onto device operators’ networks. Sectigo IoT Identity Platform is the industry’s first end-to-end IoT security platform, offering both embedded device identity and integrity technologies, as well as purpose-built certificate issuance and management.
Embedded firewall technologies
By combining the two platforms, OEMs using both Sectigo and ReFirm Labs platforms are able to:
- Create more secure embedded software
- Guarantee the integrity of device software and validity of certificates at boot, and in software updates
- Protect the device by operating through secure boot, secure storage, and embedded firewall technologies
- Detect hard-code encryption keys, expired certificates, and other security vulnerabilities
- Ensure compliance with a growing number of IoT security standards, such as NIST 8259, OWASP IoT Top 10, and ISA/IEC 62443
“Sectigo’s IoT security platform was created to deliver end-to-end security for every connected device, at the point of manufacture and throughout the entire lifecycle,” said Alan Grau, VP of IoT/Embedded Solutions, Sectigo. “By teaming with ReFirm Labs, we are enabling device OEMs to address security and compliance requirements using a comprehensive solution that works across every stage of the device lifecycle.”
IoT device firmware
“Our partnership with Sectigo is an important advancement in addressing the growing market and regulatory pressure that is forcing device OEMs to adopt best practices for developing secure IoT device firmware. Using ReFirm Labs’ Centrifuge Platform, our OEM customers are able to uncover the vulnerabilities in IoT devices."
"They can then address those problems using Sectigo’s IoT Security platform, and ultimately implement higher levels of security and achieve compliance with new standards for device security,” explained Derick Naef, CEO, ReFirm Labs.