Sectigo, a renowned provider of automated digital identity management and web security solutions, has partnered with ReFirm Labs to help device original equipment manufacturers (OEMs) ensure security and compliance. Under the agreement, Sectigo’s customers will now have access to ReFirm Lab’s firmware scanning tools to analyse device firmware and detect known vulnerabilities, out-of-date open source components, hard-code encryption keys, expired certificates, and potential zero-day vulnerabilities.

Device firmware presents a largely unprotected attack surface that hackers can use to gain access to - and move laterally within - corporate or critical infrastructure networks.

End-to-end IoT security platform

The explosion of connected devices has escalated this risk, leading industry groups, including the U.S. Cyberspace Solarium Commission, to recommend stronger regulatory enforcement and clearer baseline standards and guidance for IoT device manufacturers and their supply chains to combat attacks on device firmware.

Sectigo’s IoT security platform was created to deliver end-to-end security for every connected device"

ReFirm Labs’ Centrifuge Platform provides an automated platform to analyse IoT / embedded device firmware to identify potential cyber security vulnerabilities before OEMs release firmware updates, and before deployment onto device operators’ networks. Sectigo IoT Identity Platform is the industry’s first end-to-end IoT security platform, offering both embedded device identity and integrity technologies, as well as purpose-built certificate issuance and management.

Embedded firewall technologies

By combining the two platforms, OEMs using both Sectigo and ReFirm Labs platforms are able to:

  • Create more secure embedded software
  • Guarantee the integrity of device software and validity of certificates at boot, and in software updates
  • Protect the device by operating through secure boot, secure storage, and embedded firewall technologies
  • Detect hard-code encryption keys, expired certificates, and other security vulnerabilities
  • Ensure compliance with a growing number of IoT security standards, such as NIST 8259, OWASP IoT Top 10, and ISA/IEC 62443

“Sectigo’s IoT security platform was created to deliver end-to-end security for every connected device, at the point of manufacture and throughout the entire lifecycle,” said Alan Grau, VP of IoT/Embedded Solutions, Sectigo. “By teaming with ReFirm Labs, we are enabling device OEMs to address security and compliance requirements using a comprehensive solution that works across every stage of the device lifecycle.”

IoT device firmware

“Our partnership with Sectigo is an important advancement in addressing the growing market and regulatory pressure that is forcing device OEMs to adopt best practices for developing secure IoT device firmware. Using ReFirm Labs’ Centrifuge Platform, our OEM customers are able to uncover the vulnerabilities in IoT devices."

"They can then address those problems using Sectigo’s IoT Security platform, and ultimately implement higher levels of security and achieve compliance with new standards for device security,” explained Derick Naef, CEO, ReFirm Labs.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

Happy, engaged employees are the key to a profitable business
Happy, engaged employees are the key to a profitable business

It is a truism that in the physical security industry your workforce and your reputation are the business’s largest and most important assets. Managing your workforce with empathy to ensure happy, engaged employees can be a balancing act. However, providing flexible working practices that are still profitable for your business is achievable, and something that every security business should be aiming for. SmartTask CEO, Paul Ridden discusses the hidden benefits of an engaged workforce and the role that good workforce management has to play. The importance of an engaged workforce can’t be stressed enough because motivated employees are what makes a business successful. Highly engaged staff According to Gallup, disengaged employees are a drain on any business. On average, they have 37% higher absenteeism, 18% lower productivity and 15% lower profitability. When the impact to the bottom line is calculated, you're looking at the cost of 34% of a disengaged employee's annual salary. Conversely, highly engaged staff show a 40% reduction in absenteeism, and almost 60% less turnover. Engaged employees show up every day with enthusiasm and purpose Engaged employees show up every day with enthusiasm and purpose. They tend to work harder, treat customers well (leading to more business), and, are more likely to remain with the company. Employee engagement is determined by factors such as feeling clear about your role at work, and having the right tools to enable you to do your job to the best of your ability. Being recognised for your hard work and diligence is also a key factor. Enabling security businesses Workforce management, when done well, can make a significant difference to all of these factors, and therefore help to foster an engaged workforce, which is good for business. Traditionally, workforce management and time & attendance (clocking on and off) systems may have seemed a bit ‘big brother’, however, this is no longer the case. In a world where almost everyone carries a smartphone, people are quite used to the idea of constant connectivity. This can be harnessed to enable security businesses to run more smoothly and efficiently, benefitting everyone. Indeed, being able to prove that a contracted service has been delivered is not only good for customer service, and invoicing, it is also provides recognition for hardworking staff. Workforce management solution Staff that feel empowered in such a way are more likely to feel happy and engaged Providing Flexibility and Work/life Balance - While we all know that contracts are contracts, and security businesses must deliver, ditching paper based systems in favour of an electronic workforce management solution, can provide additional flexibility to workers, supporting work/life balance. For example, shifts and rosters, which can be designed in a fraction of the time with a purpose-built solution, can be published further in advance, giving employees enough notice of work patterns to plan their lives around their shifts. People are more easily able to swap shifts or sign up for additional work, and the control room still has oversight to see exactly who is working where and when. In addition, staff can see their accrued holiday entitlement more easily, and request leave from their smartphones. Staff feel more in control of their lives when they can discuss their work patterns and holidays with family while at home simply by referring to an app on their device. Staff that feel empowered in such a way are more likely to feel happy and engaged with the business. Delivering work schedules Task lists for completion while onsite sent directly to their mobile device is convenient for all Convenience and Duty of Care - Using an app to deliver work schedules and assignment instructions provides your employees with the tools and information they need to do their job while removing the stress of dealing with paper-based forms. Task lists for completion while onsite sent directly to their mobile device is convenient for all, and helps to prove compliance with any regulatory requirements, including Duty of Care. Check calls are part of daily life for security workers. Remembering to make them can be cumbersome, but with an app, they can be built into the employee’s Actions for the day/shift, with an automated prompt to make the call. Managing finances better Payroll Visibility and additional Services for Staff - With an online time & attendance solution where people clock in and out electronically, they are able to check their hours accrued and see what their salary will be. If a shift is missed, for example, they are able to query with the payroll department much sooner, leading to more accurate and timely pay. Additional services can be provided, such as ‘pay in advance’ schemes, where workers are able to draw down a percentage of their earned salary before payday. This enables staff to manage their finances better and avoid taking payday loans. Keeping electronic records The benefits to the business of a workforce management solution are many The benefits to the business of a workforce management solution are many. Saving time on back office processes such as designing rosters, managing shifts/attendance/service delivery, holidays and absence. Reducing reliance on manual systems, keeping electronic records provides audit trails, proves compliance and streamlines invoices for all work completed. Having detailed records also means better analysis of the business. Managing rosters and schedules is one thing, ensuring that every shift is profitable is much more complex. However, with electronic workforce management all the variables, fixed costs, recurring costs, salaried people, hourly people and the cost of equipment required, that go into costing a shift can be analysed to ensure every shift is profitable. Providing better safeguards In a post-COVID world, people have embraced technology at a pace not previously imagined. Technology has enabled us to keep in contact with loved ones, enabled those that can to work remotely, and provides better safeguards to key workers that cannot work remotely. In a post-COVID world, people have embraced technology at a pace not previously imagined Providing people with the right tools to do their job is a major step forward in empowering your workforce to do well. Electronic systems that reduce paperwork, also reduce the drudgery of form filling. At head office that frees people up for more proactive, strategic and customer facing work, that really makes a difference to your business. Affordable software solutions Out in the field, electronic systems keep people safer, more informed and helps them to manage their work/life balance. A winning combination for everyone. Paul has spent most of his working life in the computer industry, with the last ten years spent focusing on software solutions for the security, cleaning, FM and logistics sectors. Part of Paul’s role is to use his passion and entrepreneurial approach to build a technology team that can develop and deliver affordable software solutions that take advantage of the latest technologies and help deliver value to all SmartTask users, large and small.

How has security industry training changed in the last year?
How has security industry training changed in the last year?

In-person training sessions were mostly canceled during the worst of the COVID-19 pandemic. However, the need for training continued, and in some cases increased, as the security industry sought to adapt to the changing business climate of a global emergency. So how well did we as an industry adjust? We asked this week’s Expert Panel Roundtable: How has security industry training changed in the last year?

Wire-free, mobile first and data rich? The future of access control is within almost anyone’s reach
Wire-free, mobile first and data rich? The future of access control is within almost anyone’s reach

The 2020s will be a wireless decade in access control, says Russell Wagstaff from ASSA ABLOY Opening Solutions EMEA. He examines the trends data, and looks beyond mobile keys to brand new security roles for the smartphone. The benefits of wire-free electronic access control are well rehearsed. They are also more relevant than ever. A wireless solution gives facility managers deeper, more flexible control over who should have access, where and when, because installing, operating and integrating them is easier and less expensive than wiring more doors. Battery powered locks Many procurement teams are now aware of these cost advantages, but perhaps not their scale. Research for an ASSA ABLOY Opening Solutions (AAOS) benchmarking exercise found installation stage to be the largest contributor to cost reduction. Comparing a typical installation of battery-powered Aperio locks versus wired locks at the same scale, the research projected an 80% saving in installers’ labour costs for customers who go cable-free. Battery powered locks all consume much less energy than traditional wired locks Operating costs are also lower for wireless: Battery powered locks all consume much less energy than traditional wired locks, which normally work via magnets connected permanently to electricity. Wireless locks only ‘wake up’ when presented with a credential for which they must make an access decision. AAOS estimated a 70% saving in energy use over a comparable lock’s lifetime. Find out more about wireless access control at ASSA ABLOY's upcoming 29th June webinar Deploying wireless locks In short, every time a business chooses a wireless lock rather than a wired door, they benefit from both installation and operating cost savings. A recent report from IFSEC Global, AAOS and Omdia reveals the extent to which the advantages of wireless are cutting through. Responses to a large survey of security professionals — end-users, installers, integrators and consultants serving large corporations and small- to medium-sized organisations in education, healthcare, industrial, commercial, infrastructure, retail, banking and other sectors — suggest almost four locations in ten (38%) have now deployed wireless locks as a part or the whole of their access solution. The corresponding data point from AAOS’s 2014 Report was 23%. Electronic access control Electronic access control is less dependent than ever on cabling Without doubt, electronic access control is less dependent than ever on cabling: Even after a year when many investments have been deferred or curtailed, the data reveals fast-growing adoption of wireless locks, technologies and systems. Is mobile access control — based on digital credentials or ‘virtual keys’ stored on a smartphone — an ideal security technology for this wire-free future? In fact, the same report finds mobile access is growing fast right now. Among those surveyed, 26% of end-users already offer mobile compatibility; 39% plan to roll out mobile access within two years. Before the mid-2020s, around two-thirds of access systems will employ the smartphone in some way. The smartphone is also convenient for gathering system insights Driving rapid adoption What is driving such rapid adoption? The convenience benefits for everyday users are obvious — witness the mobile boom in banking and payments, travel or event ticketing, transport, food delivery and countless more areas of modern life. Access control is a natural fit. If you have your phone, you are already carrying your keys: What could be easier? IBM forecasts that 1.87 billion people globally will be mobile workers by 2022 Less often discussed are the ways mobile management makes life easier for facility and security managers, too. Among those polled for the new Wireless Access Control Report, almost half (47%) agreed that ‘Mobile was more flexible than physical credentials, and 36% believe that mobile credentials make it easier to upgrade employee access rights at any time.’ IBM forecasts that 1.87 billion people globally will be mobile workers by 2022. Workers in every impacted sector require solutions which can get the job done from anywhere: Access management via smartphone offers this. Site management device The smartphone is also convenient for gathering system insights. For example, one new reporting and analytics tool for CLIQ key-based access control systems uses an app to collect, visualise and evaluate access data. Security system data could contribute to business success. The app’s clear, visual layout helps managers to instantly spot relevant trends, anomalies or patterns. It’s simple to export, to share insights across the business. Reinvented for learning — not just as a ‘key’ or site management device — the phone will help businesses make smarter, data-informed decisions. The smartphone will also play a major role in security — and everything else — for an exciting new generation of smart buildings. These buildings will derive their intelligence from interoperability. Over 90% of the report’s survey respondents highlighted the importance of integration across building functions including access control, CCTV, alarm and visitor management systems. Genuinely seamless integration They offer greater peace of mind than proprietary solutions which ‘lock you in’ for the long term Yet in practice, stumbling blocks remain on the road to deeper, genuinely seamless integration. More than a quarter of those polled felt held back by a lack of solutions developed to open standards. ‘Open standards are key for the momentum behind the shift towards system integration,’ notes the Report. As well as being more flexible, open solutions are better futureproofed. Shared standards ensure investments can be made today with confidence that hardware and firmware may be built on seamlessly in the future. They offer greater peace of mind than proprietary solutions which ‘lock you in’ for the long term. Open solutions and mobile management are critical to achieving the goals which end-users in every vertical are chasing: scalability, flexibility, sustainability, cost-efficiency and convenience.