Microsoft has purchased ReFirm Labs to enhance the software giant’s firmware analysis and security capabilities from servers to IoT.
The Redmond, Wash.-based company said its acquisition of Fulton, Md.-based ReFirm Labs will allow device builders and customers to discover, protect and assess device risk at the firmware and network levels as well as patch devices via a cloud offering.
“The addition of ReFirm Labs to Microsoft will bring both world-class expertise in firmware security and the Centrifuge firmware platform to enhance our ability to analyze and help protect firmware backed by the power and speed of our cloud,” David Weston, Microsoft’s director of enterprise and OS security, wrote in a blog post.
Terms of the deal were not disclosed, and Microsoft didn’t immediately respond to a request for additional comment. Microsoft’s stock is up US$1.30 (0.53 percent) to US$248.70 per share in Wednesday morning trading.
ReFirm Labs was founded in 2017, employs 12 people and has raised US$3.5 million in three rounds of outside funding, according to LinkedIn and Crunchbase. The company said it partners with systems integrators and VARs to help businesses proactively vet, validate and continuously monitor the security of the firmware that runs billions of IoT devices, embedded devices and enterprise systems.
“Vulnerabilities in network, IoT and edge devices are a significant and growing risk to enterprise and consumer security,” ReFirm Labs said on its website. “As we worked with Microsoft, it became clear that they shared the same vision and urgency around IoT security with a comprehensive suite of solutions such as Azure IoT Defender, Azure Sentinel, and devices such as Edge Secured-core and Azure Sphere.”
ReFirm Labs is the author of the Binwalk open-source software, which has been used over the past decade to analyze thousands of devices for firmware security issues, uncovering unpatched common vulnerabilities and exposures and a multitude of other security problems in plug-in IoT devices and embedded firmware, according to Weston.
Following the launch of ReFirm Labs, the company debuted Binwalk Enterprise, which provides deep visibility into third-party devices before they are installed while also ensuring that such devices meet an organization’s security and compliance requirements. ReFirm Labs was named one of the 10 Coolest IoT Security Companies in CRN’s 2021 Internet Of Things 50.
The company’s firmware analysis technology will advance Microsoft’s efforts to secure IoT and OT devices via Azure Defender for IoT, Weston said. The ReFirm Labs deal comes less than a year after Microsoft bought Waltham, Mass.-based IoT security startup CyberX for a reported US$165 million to better safeguard devices used in industrial IoT, operational technology and infrastructure scenarios.
“We are thrilled to take this next step with ReFirm Labs to proactively address what is already becoming the next big attack surface—firmware,” Weston wrote in his blog post. “Together, [we] will continue to provide innovation and value to our customers by helping them discover, monitor and update all of their network-connected devices.”
ReFirm Labs has been led since the start of 2019 by Derick Naef, who previously ran Acronis’ secure mobile access and file sync and share business following its acquisition of internet software vendor Group Logic, which he had co-founded. ReFirm Labs was co-founded by entrepreneurs Peter Eacmen and Terry Dunlap, who had previously founded Tactical Network Solutions and Reaver Systems.