Finite State, experts in product security for connected devices, has formed a new partnership with Veracode, the largest global provider of application security solutions, to offer comprehensive coverage of connected devices and embedded systems from the device firmware to the web applications, infrastructure, and cloud services they interact with. This new partnership presents the most complete picture of product security for manufacturers and users of connected products at a time when the Internet of Things (IoT) device market is undergoing exponential growth. Globally, the number of IoT devices is expected to reach 55.7 billion worldwide, according to IDC.
Advancements in 5G connectivity and accelerated digital transformation of business operations have increased adoption of internet connected devices. With it, however, comes heightened security risk and expanded attack surface for security and development teams to harden and protect. As the use of connected devices has proliferated, the devices themselves have become more complex. This has brought a huge gap in skill sets and tooling. Analyzing devices is challenging, because even relatively simple equipment relies on a patchwork of drivers, firmware, libraries, and operating systems covering multiple components. Each item in a device may contain standalone security flaws. Operating together, these components contain a high risk of dangerous misconfigurations and other security vulnerabilities such as hard-coded backdoor account credentials.
“We are seeing an increase in publicly reported security events targeting software supply chains. These continue to showcase the damage these incidents can inflict on even the most sophisticated organizations which is leading to mounting pressure on businesses to ensure that devices are securely developed and continuously reviewed for vulnerabilities and supply chain risks as part of their security program,” said Matt Wyckhouse, founder and CEO of Finite State. “Through our partnership with Veracode, we can deliver a comprehensive solution to help businesses extend their security program and scanning capabilities to cover the entire ecosystem of these critical, connected devices.”
“Manufacturers of connected devices and embedded systems are under increasing market pressure to create and deploy secure devices without compromising speed of development or user experience,” said Peter Ellis, Veracode’s Vice President of Corporate Development. “Finite State provides a holistic approach to analyzing these devices, and the supply chain that underpins them, in a single SaaS solution which helps customers quickly identify, prioritize and remediate product security risk. We are excited to form this partnership to further support our customers with shifting security left into the design and development of these innovative products.”
Finite State maintains the world’s largest repository of firmware, which it analyzes and uses to detect the presence of known and zero-day vulnerabilities, potential backdoors, supply chain threats, and other crucial information that affects the overall risk of each device. Up to 75 percent of the code in any given device was developed by third parties, making it difficult for companies to understand and mitigate risks on devices they own or make.
“This is an opportunity for device manufacturers and their customers to understand security from top to bottom so they can work together to mitigate risks,” Wyckhouse said. “That’s tremendously important to creating secure supply chains and ensuring safer networks.”
About Finite State
Finite State works with manufacturers and end-users to secure the connected devices that power our modern lives by illuminating the vulnerabilities and threats within their complex software supply chains. With backgrounds in the U.S. intelligence community, our team has an unparalleled perspective into the intricacies of hidden risks found in connected devices and embedded systems used by businesses, hospitals, utilities, and government entities. For more information, visit www.finitestate.io.