Sectigo and ReFirm Labs’ Collaboration Help Curb IoT Firmware Vulnerabilities

Sectigo, automated digital identity management and web security solutions provider, has collaborated with ReFirm Labs, the industry’s first IoT and firmware security solutions provider to help device original equipment manufacturers (OEMs) ensure security and compliance.

The partnership allows Sectigo’s customers to access ReFirm Labs’ firmware scanning tools that analyze device firmware and detect known vulnerabilities, out-of-date open source components, expired certificates, hard-code encryption keys, and potential zero-day vulnerabilities.

Device firmware provides a relatively unprotected surface of attack that hackers can use to reach corporate or critical infrastructure networks – and travel laterally within. This risk was compounded by the proliferation of connected devices, leading industry groups, such as the U.S. Cyberspace Solarium Commission, to recommend stronger regulatory enforcement and clearer baseline standards and guidance for manufacturers of IoT devices and their supply chains to combat device firmware attacks.

The Centrifuge Platform of ReFirm Labs offers an automated platform to analyze IoT/embedded system firmware to detect possible cyber threats until software updates are issued by OEMs and before delivery to system operator networks. The industry’s first end-to-end IoT security platform Sectigo IoT Identity is offering both integrity technologies and embedded device identity, as well as purpose-built certificate issuance and management.

Through merging the two platforms, OEMs are able to use both Sectigo and ReFirm Labs’ technologies:

• More secure embedded software can be created
• Ensuring the integrity of device software and validity of certificates at boot, and in software updates
• Providing device protection by operating through the secure boot, secure storage, and embedded firewall technologies
• Detection of expired certificates, hard-code encryption keys, and other security vulnerabilities
• Ensuring compliance with a growing number of IoT security standards, such as NIST 8259, OWASP IoT Top 10, and ISA/IEC 62443

“Sectigo’s IoT security platform was created to deliver end-to-end security for every connected device, at the point of manufacture and throughout the entire lifecycle,” said Alan Grau, VP of IoT/Embedded Solutions, Sectigo. “By teaming with ReFirm Labs, we are enabling device OEMs to address security and compliance requirements using a comprehensive solution that works across every stage of the device lifecycle.”

“Our partnership with Sectigo is an important advancement in addressing the growing market and regulatory pressure that is forcing device OEMs to adopt best practices for developing secure IoT device firmware. Using ReFirm Labs’ Centrifuge Platform, our OEM customers are able to uncover the vulnerabilities in IoT devices. They can then address those problems using Sectigo’s IoT Security platform, and ultimately implement higher levels of security and achieve compliance with new standards for device security,” explained Derick Naef, CEO, ReFirm Labs.