The resulting cybersecurity technology more accurately detects exploitable vulnerabilities
CHANTILLY, Va., June 01, 2023 (GLOBE NEWSWIRE) — OPERATION[4]pioneer in automated firmware security, today announced that a new automated program analysis technique it has developed to find and fix exploitable vulnerabilities in Internet of Things (IoT) devices and embedded systems is far more effective than existing cyber security.
The findings have significant implications for the commercial IoT industry, which is growing at a rate that outpaces efforts to ensure sufficient security for billions of systems and devices.
Unlike existing technologies, the technique, which is based on the integration of static, dynamic and symbolic program analysis methodologies, is able to precisely identify, verify and distinguish between vulnerabilities that put a device at real risk of being compromised and benign problems that may exist in the software supply chain but are not actually exploitable. It also prioritizes verified vulnerabilities based on risk level, so development teams can focus resources on those most critical to security and compliance.
Competitors would have you believe that finding more vulnerabilities is better, OP noted[4] CEO and co-founder Irby Thompson. This is because their technology can’t actually distinguish between exploitable vulnerabilities and those that don’t affect the health and safety of your products. We created OP[4] to directly address this issue, so that development teams can efficiently focus resources on vulnerabilities that need to be fixed, and not waste time and money on those that don’t.
The company developed its technique under contract to DARPA and AFWERX and is currently delivering the resulting automated firmware security system to the US government. Over the past six months, it has adapted this system for the commercial sector and is now launching its first two products based on this pioneering approach.
The former is its key product, Attackera revolutionary program scan and fix tool that automatically detects, validates, prioritizes, and helps fix known N-Day vulnerabilities and new 0-Day vulnerabilities. Attacker analyzes third-party security risks during the product design phase to ensure quality before a product is built; find and fix software bugs during product development; and ensures a clean bill of health through validation prior to deployment.
The second product, built on Attacker technology and designed as a companion to Attackeris a subscription-based, real-time threat tracking engine called Interrogation, that provides ongoing analysis and alerts on emerging exploitable threats in products that have already been released. Together, the two products offer a holistic strategy for proactive cybersecurity support throughout the entire lifecycle of IoT products and embedded systems, from development and deployment through end-of-life.
The products were initially designed to serve the following industries:
-
Consumer electronics
-
Industrial IoT
-
Aerospace and Defense
-
Telecommunications
-
Medical/Healthcare
“Automated program analysis techniques have traditionally been the domain of academic research, well-known binary analysis expert and OP[4] CTO and co-founder Scott Lee, who oversees technology development for the company. When applied to real-world IoT and embedded systems, we have achieved a dramatic improvement in the accuracy of automated identification of exploitable software defects in commercial-sector products.”
About OP[4]
Founded in 2022 and headquartered in Chantilly, VA, OP[4] is a pioneer in automated firmware security. Using technology created through DARPA and manufactured under AFWERX for US national defense, OP[4]Microsoft’s automated platform simulates a running device to distinguish between active and inactive code, analyzing binary-level risk and filtering noise to detect, validate, prioritize, and remediate exploitable N-Day and 0-Day vulnerabilities. Join the firmware security revolution at https://op4.io
CONTACT: Media Contact: Meredith Schweitzer The Riotmind Agency meredith2@theriotmind.agency 1 [347] 698-9196
#automated #program #analysis #technique #drastically #improves #Internet #security #embedded #systems