ReFirm Labs, provider of proactive IoT and firmware security solutions, has announced the Fall 2019 release of updates to its flagship Centrifuge Platform.
The first solution that proactively manages the security of firmware, a specific class of software that provides the low-level control for the hardware of an IoT device, Centrifuge Platform can identify and report firmware abnormalities and vulnerabilities in less than 30 minutes, allowing companies to quickly analyse their firmware for hidden dangers and respond immediately to potential weak spots.
The Fall 2019 updates include:
- On-premise deployment: For organisations that have legal requirements that prohibit them from performing firmware security analysis in a secure cloud environment, Centrifuge Platform now offers an on-premise deployment including air-gapped networks. Its on-premise deployment, including updates and upgrades, is fully automated even when physically isolated from an internet-connected network, and simplifies user management and authentication by seamlessly integrating with Active Directory.
- Faster static and dynamic binary analysis: The speed with which Centrifuge Platform identifies potential zero-day vulnerabilities and then dynamically emulates them has been increased by up to three times.
- Enhanced cryptographic analysis: Centrifuge Platform has added a new, higher level analysis of crypto material that identifies and highlights key issues such as expired and revoked certificates, weak signing, and dangerous private keys delivered in the same firmware. It also shows linkages between certificate chains and public/private key pairs.
- Improved file system extraction support: Centrifuge Platform now provides extraction support bzip2 and ext2/4 files, along with improved support for zip, gzip, JFFS2 and cpio files. It also can now support very large, multi-gigabyte firmware images.
- PDF summary reports: Centrifuge Platform now offers a graphical summary of detailed information about the security of firmware images, formatted as a PDF file. Designed as easy-to-understand, actionable information, the PDF report allows information sharing about firmware vulnerabilities with product leadership, suppliers, customers and other stakeholders. The PDF report links to more detailed information with the entire analysis results available in JSON or CSV format.
“These newest updates to our Centrifuge Platform enable developers and penetration testers to work faster with a wider range of file systems while efficiently managing a greater amount of cryptographic information about potential vulnerabilities in the firmware that power IoT devices,” said Derick Naef, CEO of ReFirm Labs. “With the additions of a new reporting feature that provides easy-to-understand graphical summaries for sharing findings and a new on-premise deployment option, we’re excited to roll out these new set of features that increases both effectiveness and productivity for security teams.”
Highly scalable, automated and cloud-based, Centrifuge Platform identifies and reports potential zero-day vulnerabilities, hidden crypto keys, backdoor passwords and already known vulnerabilities in IoT devices, all without needing access to source code. A simple and reliable way for monitoring security across an entire system of deployed IoT devices without the need for agents or access to the network itself, Centrifuge Platform has been proven to increase productivity for security teams while reducing the number of breaches on internet-connected devices.