Given the rising number of cyberattacks by state-sponsored groups and other malicious actors, Microsoft has been investing heavily in expanding its cybersecurity capabilities. Last month, the software giant released a new tool called Counterfit that automates the security testing of an organization's AI systems and partnered with Darktrace to help customers combat cyber threats with AI.
Today, Microsoft announced it has acquired ReFirm Labs, a US-based company that provides tools to evaluate and monitor risks lurking inside the firmware of IoT and connected devices. The acquisition will bolster Microsoft’s Azure Defender for IoT platform, helping customers protect against sophisticated firmware and supply chain attacks.
Microsoft noted that firmware is rapidly becoming the next big attack surface and many device builders which integrate third-party components in their products often lack the expertise or the tools to detect any underlying vulnerabilities. According to a survey of 1,000 IT security professionals that Microsoft recently commissioned, 83 percent of responders had experienced some sort of firmware security incident, but only 29 percent committed resources to discover and mitigate such issues.
With the addition of ReFirm Labs’ technology and its highly regarded Binwalk open-source firmware analysis tool, Microsoft aspires to provide customers with an all-in-one, cloud-based solution that will help them identify, monitor, and respond to security issues ranging from the chip- and firmware-level to the network and the cloud.