Microsoft acquires firmware analysis company ReFirm, eying edge IoT security

Microsoft acquired ReFirm Labs Wednesday in a bid to bolster its operational technology security offerings.

ReFirm provides drag-and-drop automated firmware analysis, which Microsoft hopes will provide security insight for industrial IoT products, where security personnel often struggle to look inside built-in hardware.

"I run vulnerability and pen testing for the operating system group at Microsoft, and the quality of reports that were coming out the ReFirm automated system was starting to rival the things that I would pay a highly-skilled professional to generate," said David Weston, Microsoft director of enterprise and OS security in Azure Edge and platform.

Microsoft's ReFirm acquisition follows June's acquisition of CyberX, an agentless OT network defense system. Weston hopes that the products will synergistically bolster the defenses of industrial systems. And while much of Microsoft's announced focus has been on industrial IoT, he sees worthy uses for anything with firmware, including desktops.

ReFirm was founded in 2017 as an offshoot of the popular open-source Binwalk product. Weston said he anticipated work on Binwalk would continue unabated.

The ReFirm announcement comes less than a month after the Department of Homeland Security named "vulnerabilities below the operating system" a key focus of future cybersecurity efforts. Thomas Ruoff and Boyden Rohner, methodology branch chief and associate director of CISA respectively, announced an agency campaign at the RSA Conference last month to increase firmware security.

The Cybersecurity and Infrastructure Security Agency announcement specifically mentions automated code analysis as a key component, a goal Weston backs.

"Firmware is kind of the software that we politely ignore today," he said. "Mostly we don't have capabilities around it."