This news release is about three weeks old. The topic is embedded security. This week’s news on a security hack is an entirely different animal. However, protecting our industrial control embedded systems from intrusion and hacking remains a priority. I do realize convincing top financial management to invest in this area is tough because you cannot prove a negative. Convince them, we must.
Red Balloon Security announced an expanded and customizable set of offerings for critical infrastructure and a range of industries –– including energy, industrial control systems (ICS), building management systems (BMS), automotive, and telecommunications.
Embedded devices and firmware have proven to be an attractive target for threat actors given the disruption and damage that can be caused and the multiple ways vulnerabilities can be exploited. In 2019, the National Vulnerability Database reported that firmware vulnerabilities increased more than 30% year-over-year – and are now becoming staples in the arsenals of nation-state APTs. By injecting malicious code into the firmware of electrical grid devices, industrial control devices or automotive ECUs, either though the supply chain or directly into deployed devices, bad actors can compromise critical systems, enabling espionage and sabotaging campaigns.
Red Balloon Security is launching a portfolio of solutions combining its world-class expertise with its advanced suite of technologies for embedded devices. The core components of its Embedded Defense suite will be available as individual offerings, including Firmware Hardening, Embedded Security Consulting, Runtime Protection, and Runtime Monitoring. This provides organizations with the option to choose the security capabilities that best fit the needs of their enterprise, delivering tailored guidance and customized protections for customers.
“Red Balloon Security has the deepest stack of technologies to secure embedded devices along with the world’s best embedded defense engineers,” said Dr. Ang Cui, founder and CEO of Red Balloon Security. “Our expanded solutions have been accessible to the U.S. government to advance the state of embedded security for the devices that matter most. As more organizations prioritize securing embedded devices, Red Balloon Security is now ensuring that this capability is easily accessible to commercial vendors to give them access to one of the only proven solutions available on the market today that can protect against exploits at the firmware level.”
Red Balloon Security’s offerings include:
- Firmware Hardening with Autotomic Binary Reduction (ABR) and Binary Structure Randomization (BSR): Removes unused features from embedded device firmware and randomizes code layout and data at a binary level to minimize attack surface.
- Runtime Protection with Symbiotes: Continuously monitors for modifications to critical conditions of the device to prevent attacks that weaponize both known vulnerabilities and zero-days.
- Runtime Monitoring with Advanced Embedded Security Ops (AESOP): Utilizes a continuous flow of telemetry data to provide detailed visibility and analysis of attempted attacks.
- Security Consulting with Embedded Security Experts: Complements existing security personnel with consulting capabilities that include experienced and bespoke security support, as well as assistance developing new security protections customized to organizational needs.