About Us

Microsoft Made its Secured-core Certification Generally Available

Microsoft is making its Edge Secured-core program for Windows-based IoT devices generally available, addressing security concerns associated with the growing popularity of edge computing. Edge Secured core is a new certification added to the Azure Certified Device program for IoT devices running a full operating system, such as Windows 10 IoT or Linux. While Windows 10 IoT support is generally available, it is still in preview for Linux.

IoT devices at the network edge pose a significant security challenge. IoT device networks that transmit data back to enterprise systems for analysis have several flaws.

Charles Broadfoot, Senior Program Manager at Microsoft expressed, “citing an in-house study conducted in collaboration with Poneman Institute that about 65% of companies adopting IoT solutions mentioned edge security as their topmost priority. Devices that are targeted in IoT attacks can be bricked, held for ransom, or exploited to launch further attacks. The common attacks associated with the IoT devices include stolen IP, data theft, and compromised regulatory status.”

Microsoft initially unveiled the Secured-core concept in 2019 to compete with Apple’s monopoly over its hardware and operating systems. Microsoft collaborated with Windows PC manufacturers as part of this initiative to gain some control over hardware security and have a say in how devices could prevent attacks from exploiting firmware dominance over the Windows kernel.

Microsoft expanded the program later in 2021 to include Windows servers and Azure stack hyperconverged infrastructure (HCI) servers.

Secured core was not intended to be branded on PCs, but rather to certify security for non-Microsoft hardware running Windows. Microsoft has listed devices that are part of the program, including edge and non-edge machines, in its Azure Certified Device catalog.

Apart from validating a hardware device for specific security hardware technology, the certification will ensure users that they are running an operating system with built-in security and that continuous threat monitoring with IoT services such as Microsoft Defender for IoT is being used.

Edge Secured-core will provide IoT device makers with a simple, low-cost differentiator that will allow customers to identify high-security configurations on their devices.

Read more articles:

What is IoT Security?

SGT Capital acquired Utimaco, the global leader in cybersecurity solutions

SGT Capital, a worldwide alternative asset manager with offices in Germany and Singapore, announced that the EQT Mid Market Europe fund has come to an agreement to sell Utimaco Verwaltungs GmbH to SGT Capital.

Utimaco is a trusted company for cybersecurity and compliance solutions and services. For governed critical systems, the firm offers on-premises and cloud-based hardware security modules, as well as key management and data intelligence solutions. Utimaco employs over 470 people across the world. The firm’s emphasis on protecting data, identities, and essential infrastructures from cyber-crime makes it a vital force in trying to make the world a safer place.

“Utimaco is the clear market leader in global cybersecurity as well as data intelligence solutions and has executed an impressive innovation, growth and M&A strategy. We look forward to working with Stefan Auerbach and the entire Utimaco team as well as EQT Private Equity and Bain Capital Credit going forwards,” said Joseph Pacini, Co-Managing Partner of SGT Capital, said.

“Utimaco plays a crucial role in fighting cyber-crime making the world a safer place. We would like to thank all employees for this exciting journey – we are convinced that Utimaco will continue its successful path with its new majority owner and are happy to stay invested as a minority owner,” said Florian Funk, Partner within EQT Private Equity’s Advisory Team.

“We have been very impressed with the performance of Utimaco over the last few years. Bain Capital is delighted to support SGT Capital in their investment and to continue to work alongside this talented management team led by Stefan Auerbach,” said Tom Maughan, Head of Private Credit in Europe for Bain Capital Credit.

“In the last years, we have built a global platform leader for trusted cybersecurity solutions, providing the highest level of security and compliance to the world’s largest corporates and governments. We look forward to the next phase of growth together with SGT Capital,” said Stefan Auerbach, CEO of Utimaco.

“Utimaco clearly fits within the SGT Capital business model of investing in market leading business with excellent executives and significant future global growth potential – particularly into high growth regions such as Asia. We look forward to opening up doors of success together with the Utimaco team, EQT Private Equity and Bain Capital Credit,” said Carsten Geyer, Co-Managing Partner of SGT Capital.

Argon announces Integrity solution, the first software supply chain security solution in the industry that prevents supply chain attacks

Argon Security announced the introduction of its patent-pending IntegrityTM technology, which enables businesses to detect and prevent software supply chain cyberattacks such as the ones that hit SolarWinds and ClickStudios. Misconfigurations, vulnerabilities, and weak dependencies in the company’s CI/CD pipeline are also eliminated, reducing supply chain risks.

Argon IntegrityTM strengthens Argon’s position as a leader in software supply chain security for the modern paradigm of DevOps-led high-velocity software development and increased trust and confidence in businesses’ software releases.

Argon’s patent-pending solution monitors the development process and prevents source-code tampering or manipulation during the software development and release process. Together with the infrastructure hardening and process security, Argon is the only solution in the market that provides holistic, multi-layered prevention of supply chain threats.

“The SolarWinds’ breach highlighted the fact that the software supply chain is a new attack vector that organizations are not currently equipped to defend against. Our solution provides full visibility into the development environment and protects our customers from bad actors who seek to tamper with their code or native behavior and uptime of their applications,” said Eilon Elhadad, CEO, Argon.

“Defending against supply chain attacks is a difficult challenge. Argon is the first solution I’ve seen that can provide broad visibility and security across your software supply chain, detect and prevent risks from misconfigurations, vulnerabilities, and supply chain attacks. This is a quantum leap forward for the defending side,” said Stephen Davis, Chief Information Security Officer at Macmillan.

Cybercriminals are taking advantage of the high complexity and low security within new modern software development environments to exploit and cause massive damage, not only to the attacked corporation, but to their thousands of clients, in this new trend of software supply chain attacks that preyed on SolarWinds, Codecov, and thousands of other companies. Most firms that generate code have implemented continuous integration and delivery (CI/CD) techniques to automate their software development during the last few years, helping them to speed up product and feature releases while maintaining a competitive edge over their markets. As a result, they’ve become a target for supply chain attacks.

“Argon’s solution enables companies to secure their software supply chain against the risks of supply chain attacks effectively. Our unique and in-depth security technology allows us to cross-check and validate actions across the pipeline and prevent damage to the company’s infrastructure, code or application from supply chain attacks. Such consolidated multi-layer coverage is not available in the market today under a single solution,” said Eran Orzel, Argon’s chief revenue and customer officer.

CYE and OTORIO partners to offer a single-pane solution to tackle the rise of industrial ransomware

CYE, the industry leader in cybersecurity optimization platforms, announced a partnership with OTORIO, a company that provides next-generation OT cyber and digital risk management solutions, to offer an integrated solution to businesses with converged IT/OT/IOT environments looking for prompt ransomware protection. This collaboration intends to assist clients in turning more stringent US government laws for critical pipeline owners and operators into practical cybersecurity plans, as well as developing practical actions to improve their cyber hygiene and overall security postures.

Ransomware cyberattacks on industrial enterprise firms and essential infrastructure have increased significantly in recent months, notably the Colonial Pipeline attack, which created fuel shortages across the East Coast of the United States for almost a month and resulted in a $4.4 million ransom payment. Other essential industries, such as water utilities, hospitals, and financial organizations, have also been impacted by these accidents. In response, the US National Security Council released a report urging cyber leaders to help protect against the threat of ransomware, emphasizing the private sector’s unique role in supporting the federal government in securing critical assets against attack, and highlighting that no company, no matter how large, is immune to attack.

One of the most significant issues facing pipeline operators today is gaining a comprehensive awareness of network assets, including those who have access to their infrastructure. CYE and OTORIO give cyber visibility across all IT, OT, and IOT environments, assessing risks, identifying exposures, and developing long-term cybersecurity best practices, based on the principle that you can’t defend what you can’t see. The solution is fully automated, making compliance and risk management much easier. Furthermore, CYE and OTORIO enable enterprises to drastically minimize risks while lowering costs by proactively identifying exposure and potential attack vectors and fixing them before they become breaches.    

“The partnership with OTORIO comes at a time when we see a significant uptick in ransomware attacks on companies providing critical services to the public. CYE  aims to alleviate the burden on companies that can’t afford operational downtime, while giving them peace of mind that they are protected against any future need to pay a heavy ransom,” said Reuven Aronashvili, CEO and founder of CYE.

“Cybercriminals have become as powerful as nation-state adversaries, posing a real threat to operational continuity,” said Daniel Bren, CEO and co-founder of OTORIO. “Building on OTORIO’s extensive experience protecting industrial and mission-critical environments, our joint solution simplifies cybersecurity for converged IT/OT/IOT environments by adopting a proactive risk-reduction approach instead of traditional intrusion detection and response methods.” 

CrossBar Releases ReRAM, a New Hardware Security and Secure Computing Application

CrossBar Inc. world’s leading ReRAM technology company, introduced a new application of its Resistive RAM (ReRAM) technology for use as a physical unclonable function (PUF) in secure computing applications to create cryptographic keys.

CrossBar’s ReRAM technology, which was formerly used as a non-volatile semiconductor memory, is now launched for hardware security applications using its ReRAM-based cryptographic PUF keys, facilitating a more secure and cost-effective range of devices and systems.

“CrossBar is expanding the use cases of our Resistive RAM technology with a new class of secure computing. We believe the state-of-the-art use of our unique technology as PUF cryptographic keys will provide higher security for our customers’ products and open new markets for CrossBar’s technology,” said Mark Davis, President at CrossBar, Inc.

Computer, mobile phone, and infrastructure cyberattacks are on the rise. These attacks also put brand-name products in danger of counterfeiting. Devices are incorporating hidden cryptographic “keys” to provide secure communications and control in order to thwart such attacks. While there are a variety of technologies that can be used to create PUF keys, the most prevalent method relies on semiconductor static random access memory (SRAM). Unfortunately, there are a number of flaws in this technology that limit its security and usefulness. CrossBar’s latest ReRAM-based PUF cryptographic key technology has a higher level of randomness, lower bit error rate, is resistant to invasive attacks and can handle a variety of environmental variations without the use of fuzzy extractors, helper data, or heavy error correction code when compared to SRAM PUF.

The ReRAM keys are unique to each semiconductor integrated circuit (IC), taking advantage of the ReRAM technology’s inherent unpredictability. Identification, encryption/decryption, and authentication will all be done with these keys.

“After analyzing numerous PUF technologies, we believe CrossBar’s ReRAM has significant advantages for use as next generation physical unclonable function (PUF) keys. Due to its unique stochastic and electrical characteristics, CrossBar’s ReRAM PUF enables significantly more secure systems compared to incumbent PUF technologies,” said Dr. Bertrand Cambou, Professor of Nanotechnology and Cybersecurity at Northern Arizona University, and formerly a top executive at Gemplus and several other Silicon Valley technology companies.

CrossBar’s ReRAM PUF technology enables a new kind of safe computing by solving many of the shortcomings of other PUF implementations. ReRAM PUF is also an excellent choice for semiconductor applications that require both high security and embedded non-volatile memory (NVM), particularly in foundry nodes lower than 28nm, where embedded NVM is not widely available.

Sepio Systems released a New Index to assist businesses measure and understand Risk Exposure to Hardware-based Cyber Attacks

Sepio Systems announced the release of the Hardware Access Control Index (HACx), an objective assessment, based on a number of parameters that assists companies in determining their hardware security posture. As part of its HAC-1 solution, the firm offers a rogue hardware mitigation guarantee in collaboration with Munich Re Group (Munich Re), one of the world’s leading suppliers of reinsurance, primary insurance, and insurance-related risk solutions, under which Munich Re guarantees Sepio’s obligations. It is the only index of its kind to track these types of vulnerabilities across organizations and industries, backed by assurance.

Every year, a hardware security breach compromises a company. However, because this type of attack “lies” below the network layer, most cybersecurity mitigation techniques and tools that counter networking and software-based attacks are unaware of it. By providing CISOs with actionable intelligence that enables focused risk awareness, HACx bridges the information gap.

“Cybersecurity is not about achieving an absolute level of security – there is no 100% security level. It is about how your organization measures against other potential targets that cybercriminals are evaluating. CISOs need to verify that they are leading the pack and not following it, and to do that, they need to know how they measure up. As hardware-based attack campaigns are gaining more in popularity, HACx provides the required data for cross industry and cross vertical comparison,” said Bentsi Ben-atar, CMO and Co-founder, Sepio Systems.

HACx assesses a company’s cybersecurity posture in terms of Hardware Access Control in an objective and complete manner. Sepio Systems’ research team is leading the initiative, which is based on useful customer data and risk assessment scans.

“The HAC-1 solution fills an important gap in hardware security, like rogue device mitigation originating from internal abusers and supply chain attacks. By insuring Sepio’s guarantee for its rogue device mitigation service with our unique solution aiSure, we support a truly innovative company that is a pioneer in its field,” said Michael Berger, Head of AI Insurance at Munich Re.