Microsoft Acquires IoT Security Firm with Roots in NSA

Microsoft this week said it is acquiring IoT security provider ReFirm Labs, which was founded by former U.S. National Security Agency (NSA) hackers.

ReFirm Labs, based in Fulton, Md., creates security solutions for organizations using Internet of Things and network edge devices. Though it was officially founded in 2017, producing security products for large enterprises and small-to-medium businesses, it first grew out of the Binwalk Open Source project in 2010 that helped security analysts extract firmware images from devices.

ReFirm's Web site is fairly upfront about its team coming from the NSA, per a company blurb:

Our team is composed of former offensive cyber professionals from the U.S. National Security Agency (NSA), where we specialized in the weaponization of device vulnerabilities. When IoT adoption exploded across the commercial sector, we knew that more businesses than ever were exposing themselves to attacks -- so we turned our offensive cyber innovations into proactive tools for corporate leaders.

Microsoft is buying ReFirm Labs "to enrich our firmware analysis and security capabilities across devices that form the intelligent edge, from servers to IoT," according to David Weston, Microsoft's director of enterprise and OS security, in the announcement. To that end, it's adding ReFirm Lab's Centrifuge firmware platform, he added.

Centrifuge was replaced with Binwalk Enterprise, an analysis product designed for use by larger organizations such as telcos and device manufacturers, according to a January ReFirm Labs announcement. Binwalk Teams is the company's other product for small and midsize organizations. The product differences have to do with things like the availability of policy and compliance reporting capabilities, and more, as described in this product comparison sheet (PDF).

It's not clear from the company announcements whether ReFirm Labs' products will continue to be sold. Microsoft's announcement suggested they will be folded into Microsoft products. The deal's terms weren't described.

Weston described the ReFirm Labs acquisition as being synergistic to Microsoft's earlier acquisition a year ago of CyberX, which built security solutions for both IoT devices and the operational technology used in industrial systems. Microsoft was a partner with CyberX before acquiring the company, and CyberX's technology was later added to Microsoft's Azure Defender for IoT security solution.

The ReFirm Labs acquisition will be used to help both builders of IoT and Edge devices and their customers, Microsoft contended. It offered the following illustration to that effect:

[Click on image for larger view.] Microsoft's concept on how ReFirm Labs technologies will be used to add security for both device builders and the organizations using those devices.

Microsoft explained in a video that IoT device builders are unintentionally shipping devices with software exposed to "known threats" that then get sold to businesses. Those businesses also are unaware of the flaws, mostly because it's difficult to detect vulnerabilities at the firmware level. The ReFirm Labs addition will bolster Azure Defender for IoT to detect the problems, adding "firmware protection, certificates and device updates" capabilities. Device builders can address vulnerabilities early on by uploading their firmware for analysis in Microsoft's cloud.

The acquisition adds to Microsoft's general efforts to address security issues at the firmware level. Other efforts along those lines, according to the announcement, include Microsoft's Pluton security processor, Secured-core PCs and Microsoft's emerging Windows Server 2022 Secured-core server approach.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.