Picture shows inner parts of an IoT device.

Azure Defender for IoT Boosts Protection with Microsoft’s ReFirm Labs Acquisition

Good morning!* For the sake of imagining the Internet of Things, I’m going to envision that you were woken up this morning by your smart alarm, you glanced at your watch to give you a sleep or heart rate summary from your night, then you checked on your little one via your baby monitor before heading to the kitchen for breakfast and news played by Alexa. (*If I were an IoT device, I’d adapt this greeting to whatever time of day you were reading this…but then you’d have additional vulnerabilities to worry about too.)

A good start to an informed, productive day. Unfortunately, though, there’s an issue to address with these handy little devices: IoT design leaves lots of holes for attacks through firmware. Microsoft recognizes this vulnerability and has accordingly made a move to improve its Azure Defender for IoT by acquiring ReFirm Labs, a leading company in firmware security.

Microsoft’s Investment in IoT Security

Image shows a common IoT device, a home assistant.

Microsoft already saw IoT as both a rising star and a growing vulnerability a few years ago, announcing in 2018 that it would invest over $5 billion in it over the next four years. In particular, they planned to develop cloud services for IoT operating systems and focus on analytics for insights and enhanced security. Last year Microsoft continued along that investment goal by acquiring CyberX, which helped add visibility in contexts where thousands of IoT devices were used. CyberX’s capabilities are especially helpful in finding and understanding the existing IoT devices that organizations already have connected to their networks. Since these devices may not have been designed with the strongest security standards in mind, they have generally been a challenge to protect well. The acquisition of ReFirm Labs, which happened this June, is now the latest of Microsoft’s ongoing efforts to shore up IoT and its security. The capabilities that ReFirm brings expand on those of CyberX and help streamline top-notch security through the whole life cycle of new devices.

About ReFirm Labs

ReFirm Labs, headquartered in Fulton, Maryland, is the owner of the open-source Binwalk Enterprise software (formerly called Centrifuge). The Binwalk technology was introduced in 2010, and over 50,000 organizations worldwide have used it since then. Binwalk addresses several IoT-specific vulnerabilities with its capabilities to analyze the firmware of thousands of device types, find unpatched common vulnerabilities and exposures (CVEs), and expose insecure secrets. Its slogan is “Find the holes in your device security before attackers do.” Interestingly, ReFirm is uniquely able to find those holes because it was founded by former hackers. Microsoft will be incorporating the capabilities of ReFirm’s Binwalk software into its Azure Defender for IoT.

Azure Defender for IoT

Graphic shows the protection process of Azure Defender for IoT.

Microsoft Defender XDR is the most comprehensive cybersecurity solution on the market. Azure Defender for IoT is the part of it that protects the Internet of Things specifically. The graphic above shows the process that this solution delivers, bolstered by the additional technology from ReFirm Labs. Starting at the level of manufacturers building the devices, Azure Defender for IoT helps detect any firmware vulnerabilities. These are fixed right away, before the devices ever reach customers. Then, with the firmware connected to Azure Device Update, any problems that develop can be patched as needed. The multi-faceted analyzing capabilities of the Binwalk software together with Azure’s speed and power make this a very strong offering. It steps up IoT protection to a new standard and provides more extensive safeguarding at every stage.

For a visual rundown of how this process works across the life cycle from manufacturers to customer use, see this video from Microsoft.


More recent Microsoft news: Windows Virtual Desktop has changed its name to Azure Virtual Desktop (AVD).


Leave a Comment