ReFirm Labs goes deep in the supply chain to get ahead of IoT security issues - Baltimore


Apr. 25, 2019 11:29 am

ReFirm Labs goes deep in the supply chain to get ahead of IoT security issues

The Fulton, Md.-based company wants to help spot security vulnerabilities in connected devices before they reach the market.

A screenshot of ReFirm Labs' Centrifuge Platform.

(Courtesy image)

As the number of connected devices grows, the potential also exists that they could fall victim to a cyber attack.

As a company that focuses on Internet of Things (IoT) security, that’s a reality that members of the team at ReFirm Labs confronted first working at the National Security Agency, and now developing the Fulton, Md.-based company’s commercial product, called Centrifuge Platform.

The company’s own lifecycle to date shows a path through Maryland’s cybersecurity community: Members of the team honed experience inside NSA. Then they formed a company called Tactical Network Solutions. From that company’s work on the platform, ReFirm Labs spun out and received backing from DataTribe, a Fulton-based startup studio looking to support technologists who worked inside government agencies that are now building startups.

For his part, CEO Derick Naef, a two-decade veteran of leading startups in the region, joined the company in January. Cofounder Terry Dunlap, who was previously CEO, remains chief strategy officer.

While cybersecurity threats are often considered being directed toward a network or individual phones and computers, connected devices expand that realm to other things that are used in every day life. Naef sees awareness of the potential issues growing; there’s more media attention, for one. Yet the company is looking to address the issues in the place that’s further away from public gaze — in the factories and supply chains that produce the components for these devices to be made.

Putting together devices involves complex supply chains, so there could be vulnerabilities in a part that came from a manufacturer or another company — and that’s led to “a growing awareness that you need to look at not only the stuff you’re building, but also things you’re getting from suppliers,” Naef said. Ultimately, a security issue could lead to problems for the whole product, no matter where it came from.


The Centrifuge Platform is designed to help identify potential vulnerabilities by looking at images of the firmware that controls the devices to find potential vulnerabilities before attackers do.

ReFirm Labs looks to take a proactive approach: The Centrifuge Platform is designed to help identify potential vulnerabilities by looking at images of the firmware that controls the devices to find potential vulnerabilities before attackers do. The company is releasing a series of updates this spring, and among the new features is a malware and known exploits detector.

“As we identify exploits in different devices, we’re going to add that to our registry of exploits, and that will be something we’ll scan other firmware against to see if that’s present in other devices, as well,” Naef said.

Based out of the DataTribe, Naef said the eight-member team has also been adding customers. They’ve seen particular interest in the communication service provider market, which includes telecommunications companies, internet service providers, as well as cable and wireless companies, as well as from other industries.

“We’re seeing good customer uptake with the product,” Naef said.

These communication service companies send lots of devices out to customers, who use them to get internet and cable services in their homes, But the devices themselves are made by other suppliers who make and put together the component parts. So the firms want to know whether their could be potential security issues with a device like a router before it ends up in someone’s home.

ReFirm is also paying particular attention to malware known as LoJax, creating a tool to analyze the firmware which helps computer hardware communicate with software when a computer boots up known as UEFI.

Another sign that the company has been a leader is evident in an open source tool that was released before Centrifuge.

In 2010, principal reverse engineer Craig Heffner created an open source tool called Binwalk that’s designed to help researchers. It was designed as a resource, and Naef said said the tool has tens of thousands of users who are working on research to reverse engineer firmware images. The company wants to continue to support that community, and sees it as an “entry level tool.” So it’s continuing development with a new version called Binwalk Pro that has additional capabilities.

“It’s something we’ve built up to support the community, and we’d like to continue doing that,” Naef said.

Already a member? Sign in here


5 questions with Chris Jeschke: Inside the technical decision points that are taking Protenus to scale

Two tech tenants sign on for space at Columbia’s Merriweather District

Hungry Harvest merges with North Carolina-based ugly produce delivery company



Building a data acquisition system? Don’t make this mistake



Marketing Brand Ambassador

Apply Now


Sales Representative

Apply Now
Baltimore, MD 21201

14 West

Customer Success Associate

Apply Now

BlueRidge.AI raises $1.9M to bring machine learning to factory floors

With new Baltimore space and $5M Series A, Whitebox grows ecommerce tech platform

Minnowtech receives $225K grant to bring imaging platform to shrimp farmers



How SmartLogic accelerated these startups’ product growth trajectories

Baltimore, MD



Apply Now
Annapolis Junction, MD



Apply Now
Annapolis Junction, MD



Apply Now

Sign-up for daily news updates from Baltimore

Do NOT follow this link or you will be banned from the site!