So much of our emphasis on cybersecurity lies at the network, device, user, and application level, securing vulnerabilities that can give bad actors access to, well, everything. But – as any builder will tell you – the secret to a strong house is a strong foundation. For us, this means going back to basics, beneath our operating systems, to secure software and firmware.
“Firmware is an ideal, and oftentimes overlooked, launch pad to propagate malware at an ecosystem level,” says Craig Connors, vice president and CTO, Cisco Security Business Group. “In some cases, malware can remain undetected below the operating system for years.”
Malware attacks such as Jaguar Tooth, and CosmicStrand harnessed old, unpatched vulnerabilities in IT hardware to enable traffic manipulation, access control list bypass, corrupt traffic packets and perform infrastructure reconnaissance. State sponsored hackers are increasingly leveraging these device backdoors to pre-position themselves for future cyber takedowns.
We use market trends, like this, to help us discover the next generation of enterprise solutions. That includes Binarly, a recent addition to Cisco Investments’ portfolio. Binarly is a SaaS platform focused on binary risk intelligence that identifies and remediates vulnerabilities in the software and firmware supply chain.
Binary + Gnarly = Binarly
Founder and CEO, Alex Matrosov, spent two decades focused on vulnerability and advanced threat research below the operating system, most recently as the Chief Offensive Security Research at NVIDIA. As a software security engineer in the trenches, he found that, despite our best efforts as an industry, we just couldn’t keep up with the growing scale of the software and firmware security problems.
“All the program analysis tools were manual,” says Matrosov. “That requires a lot of attention from security teams that they could be spending elsewhere, and they’re having to do the same thing over and over again. It wasn’t scalable.”
That’s when he founded Binarly. An avid surfer, Matrosov combined his favorite slang from his hobby, with his passion, to make big waves in binary analysis.
“Most of the existing solutions on the market focused on source code analysis, specifically within programming languages like C/C++ or Java,” he explains. “There just weren’t any tools available to look at the binary itself to see exactly how the code is being executed.”
Automating the Process with AI
Matrosov and his team built the Binarly Transparency Platform, which uses an automated process to detect the vulnerabilities at the firmware and software level, and act on them, offering a black box understanding of what exists in the environment, and how to fix it.
Binarly does this through artificial intelligence, allowing it to use a basic understanding of malicious behaviors to more proactively identify unknown threats in firmware.
“We see most of the implantation of malicious code into the firmware through the same techniques. Once AI understands this, it can recognize the behaviors and detect them. This allows us to scale our detection and remediation efforts,” he explains.
Understanding Remediation
But identification is just half the battle. Knowing there is a problem only does so much. You need the proper context to know how to fix it.
“We can look inside the binary code and say, ‘Oh, it is 80% malicious.’ But that isn’t actionable,” Matrosov says. “You still need to understand why it is malicious if you’re going to get it fixed.”
Connors agrees.
“Right now, there is a major delay between identification and remediation. Firmware experts can reverse engineer the binary, understand the risk and create an actionable plan on what to do next,” he says. “But how many enterprises have a firmware expert as part of their incident response team? Not many. One solution to do it all for you offers a much stronger security posture. This is one of the reasons we are so excited about Binarly.”
What’s next
With a firm grasp on solving firmware security issues, Matrosov sees Binarly evolving to focus on the entire software supply chain ecosystem.
“Understanding the value of our existing products will help us grow,” he says. “We need to rethink how these products can help to broaden the scope of our customers. Right now, that means doubling down on what is working, using artificial intelligence to help enterprises recover from repeated failures in the software supply chain.”