emt Distribution brings ReFirm Labs to Australia and New Zealand to counter growing cyber threats to devices and the IoT
Agreement allows reseller partners to offer Centrifuge Platform™ to secure Internet-connected devices from routers and security cameras to light bulbs
Adelaide, Australia – 23 April 2019: Cyber security software specialist, emt Distribution, today announced an agreement with U.S.-based ReFirm Labs to bring its Centrifuge Platform™ to Australia and New Zealand for vetting, validation and monitoring of organisations’ firmware security.
emt Distribution will execute a 100% channel strategy in the region, working with partners to market and support the Centrifuge Platform so organisations can counter the cyber threat to growing numbers of Internet-connected devices from routers and security cameras to light bulbs and refrigerators.
According to ReFirm Labs, cyber security standards have not kept pace with rapid Internet of Things (IoT) adoption. Firmware within devices is vulnerable to attacks that are difficult to predict or protect against, placing an organisation’s customers, finances and reputation at risk. Current security measures don’t effectively protect firmware, and fail to proactively address vulnerabilities before it’s too late.
Among the challenges faced by organisations is meeting the demand for IoT devices with the confidence that they do not pose a security risk. The entry of ReFirm Labs into the region closes this security gap for enterprises, government agencies and operators of critical infrastructure.
ReFirm Labs’ Centrifuge Platform gives organisations confidence in the security of their devices and IoT deployments. With no source code required, continuous monitoring, API integration and actionable reporting, organisations can address IoT vulnerability concerns, and make informed purchasing and deployment decisions.
“ReFirm Labs lines up with our focus on sourcing and delivering innovative solutions for cyber security vulnerabilities that mainstream technologies don’t address,” said Scott Hagenus, CMO at emt Distribution. “The fact that organisations with a heavy reliance on IoT devices can vet firmware images for vulnerabilities in around 30 minutes, without requiring source code, brings confidence to the choices they make.”
Channel partners looking to lower the cyber risks of organisations reliant on potentially vulnerable devices can leverage emt Distribution’s resources to assist with everything from discovery meetings to demonstrations, pre-sales engineering and solutions implementation.
“emt Distribution’s knowledge of the cyber security market, long-term relationships with channel partners and technical expertise give us the capability to meet the growing demand for firmware security solutions in Australia and New Zealand,” said Derick Naef, CEO at ReFirm Labs.
“emt Distribution is delighted to add device and IoT firmware security to our broad cyber security solutions set,” said Richard Rundle, CEO at emt Distribution. “ReFirm Lab’s entry into the region gives our channel partners and their customers access to a new level of cyber security sophistication and maturity in an area that is often overlooked.”
About ReFirm Labs
ReFirm Labs provides the industry’s first IoT and firmware security solutions that proactively vet, validate and continuously monitor IoT devices for hidden threats. Its flagship product, Centrifuge Platform®, detects and reports potential zero-day exploits, hidden crypto keys, backdoor passwords and known vulnerabilities in IoT devices without needing access to source code. ReFirm Labs’ technology has been proven to provide the insight and intelligence needed for users to proactively defend connected devices and maintain compliance and the integrity of supply chain security. Founded by a team of former NSA offensive cyber operators, ReFirm Labs is trusted by government agencies and Fortune 500 companies that operate in a wide variety of industries, including: telecommunications, cloud infrastructure and data centers, automotive, health care, utilities and manufacturing. For more information, visit www.refirmlabs.com or follow on Twitter @ReFirmLabs.
About emt Distribution
emt Distribution is an Adelaide-based value added distributor and vendor representative with a presence in Australia, Singapore, Hong Kong, Philippines, UAE and South Africa. It also works closely with like-minded distributors in the UK, Netherlands and Germany. emt offers cyber security solutions that address the top four mitigation strategies to prevent cyber security incidents, the broader strategies in the Australian Government’s Information Security Manual (ISM) and solutions to address Cyber Threat Management.
emt Distribution assists channel partners, MSPs and MSSPs to deliver cyber security solutions their customers need. emt offers pre and post-sales support, channel development, engaged sales processes and marketing assistance for both vendors and channel partners. See: www.emtdist.com
+61 (0)2 9387 2332
By Alex Duffy, Security Solutions Architect, emt Distribution
Threat Intelligence is quickly becoming one of the most powerful ideas in our current IT security landscape. Threat Intelligence allows you context for your data and helps empower your organisation to develop a proactive cyber security posture and strengthen overall risk management policies. It also helps security teams make more informed decisions during and in the aftermath of cyber-attacks.
So, you may already have a plethora of security products in place like Firewalls, Proxys and endpoint security, but are you able to see the big picture? With all of these security products logging back to your Security Information and Event Management (SIEM) it can come across as just noise. How can you evaluate if that IP address or domain is important to you?
Your trusty SIEM is collecting data, but do you know what it’s collecting or how important it is? Maybe, you may have the SIEM using a lookup list so when it detects a bad IP it will alert you. Great, that’s a good start, but WHY is it a bad IP? Is it part of a larger attack? Is it just the beginning stages in the cyber kill chain? This is where context becomes key, linking into why Threat Intelligence is critical.
Rudimentary threat Intelligence can be achieved manually. An example being identifying an IP address you want to find out more information from, and then using the internet and your security sources to build a picture around it. But what if you want more comprehensive analytics, then you will need automation, which brings me onto my next point;
What is a Threat Intelligence Platform (TIP) and why do you need one?
The human element is the slow part in threat intelligence. The human brain, although magnificent can often not compete with the ease and functionality of an automated system. Besides, why waste your Security Analyst’s precious hours when you can have half the cumbersome work done for you. Threat Intelligence Platforms (TIP) allow you to pass off key information like IPs and URLs that are important to you and build context on them using a large number of open source threat feeds and open source blocklists. A TIP becomes your single pane of glass to the security of your organisation. For example, you have seen a URL come through the proxy, and you have identified through the TIP that it is related to a malware campaign that re-uses their infrastructure and domain names for the command and control (C2) portion of their attack. By using this information, you now know that a device in your network is infected and you can begin the process to clean it up. TIPs make
Great, you now have a TIP, so what are your next steps? Automation. This will allow you to leverage the TIP to help make better informed decisions and then take action. In the above example I said that we saw a C2 URL in the proxy, and by using the TIP we have determined that it is malicious. Following this, and using automation, we can block said URL, either with or without human interaction.
But most importantly a TIP can parse through massive amounts of your data, provide context for your security logs, and focus your efforts in stopping real world threats. Last but not the least, A TIP optimises response time and improves remediation, and reports strategic, operational and tactical intelligence to stakeholders.
This all sounds cool right? Learn more about Threat Intelligence at our live webinar on April 17th. This interactive webinar is perfect for a security professional who wants to quickly identify real threats to their organisation, even if they don’t have the budget to build out a dedicated threat intelligence team.Register Here
By Alex Duffy, Security Solutions Architect, emt Distribution
The recent (25/2/19) and unexpected update to the Australian Signals Directorate’s Essential Eight Maturity Model serves to keep the ASD’s guidelines relevant going forward and address the latest weak points in IT security. What stays the same though is the ASD’s guidance on practical updates on how to stay ahead.
While these guidelines are specifically relevant to federal government organisations’ critical infrastructure they are now being pushed indirectly to contractors or businesses who work with the federal government. But even though these guidelines may not be mandatory for private businesses, they are best practice. If they are good enough to safeguard our political, defence and economic interests as a nation, they should be appropriate to safeguard our businesses from the majority of possible cyber security attacks and incidents.
This recent update sees fewer restrictions around patching but a higher level of control on Application Whitelisting which has now been extended to all workstations for levels 1 and 2 of the maturity models. Multi Factor Authentication no longer permits the use of SMS, emails or voicemails for level 1 maturity and specifically states a requirement for passwords to be longer than six characters at all levels.
But what does this actually mean for today’s IT professionals?
These changes reflect the changing priorities required to address today’s threat landscape. With the loosening of controls around patching, the ASD acknowledges the balancing act that security personnel must perform in certain environments. There is definite acknowledgement of the dilemma faced where patching may break functionality vs maintaining a secure environment and strict adherence. A reduction in the burden on already overworked IT admins meeting requirements while allowing better automation is removing overhead while not reducing security.
The higher importance placed on Application Whitelisting definitely reflects what we see in the marketplace. With Application Whitelisting now available as a mature solution it is reasonable to expect organisations to use it across their entire environment. Increased visibility alone of endpoint applications makes life easier for security, helpdesk and management alike stopping more endpoint threats before they reach any part of the network.
Combined focus on patch automation and increased scope of Application Whitelisting we also see as acknowledgement of a more distributed workforce need for security and higher difficulty in controlling remote endpoints.
The more specific wording for Multi Factor Authentication also recognises how threat actors are now working around basic MFA and endeavours to close those weak spots.
There are now only three maturity levels instead of the original five: Partly (level 1), Mostly (level 2) and Fully (level 3) aligned. Level 0 is no longer listed as it doesn’t meet even the most minimal criteria and level 4 is only required on an ad hoc basis depending on advice from the ASD. These changes assume that organisations will now at least begin to adhere to these standards to a degree and give a clear path to full alignment at level 3.
The biggest takeaway from this update appears to be that it is no longer reasonable for a business entity to not address the Essential Eight, especially with the removal of level 0. If a business has not yet met the criteria for level 1 then its current security measures are faulty and need immediate remediation.
We welcome this specific update because it reflects what our customers have been demanding already. emt’s focus on security solutions addresses the Essential Eight and beyond to ensure our customers’ networks are ahead of requirements using the latest technologies. We already have solutions that address the Top 4 – Airlock Digital, Flexera, Stealthbits, and Thycotic.
Read more about our solutions for Top 4 mitigations at https://www.emtdist.com/solutions/australian-signals-directorate-top-4-mitigations/