Transform 2021

Elevate your enterprise data technology and strategy.

July 12-16

Microsoft has acquired firmware security startup ReFirm Labs to boost its security capabilities for protecting Internet of Things and intelligent edge devices.

The intelligent edge — made up of cloud-connected devices capable of specialized tasks — have opened up a new attack surface, David Weston, Microsoft’s director of enterprise and operating system security, told VentureBeat. Attacks targeting sensitive information such as credentials and encryption keys stored in memory are on the rise, and Microsoft has spent the last few years “securing the operating system below the operating system,” he said.

“Microsoft believes that firmware is not a future threat, but an imperative to secure now as more devices flood the market and expand the available attack surface. We are committed to helping customers protect from these sophisticated threats now and in the future, which is why we’re announcing that we have acquired ReFirm Labs,” Weston wrote in a blog post on Tuesday. Microsoft declined to disclose the terms of the acquisition.

Microsoft has been focused on IoT security on multiple fronts, including Azure Defender for IoT, Azure Sentinel, and devices such as Edge Secured-core and Azure Sphere. The company has pledged to invest $5 billion in IoT by 2022. The acquisition of ReFirm Labs, with its expertise in firmware security and the Centrifuge firmware platform to analyze and detect security issues, is “a culmination of that [IoT] strategy,” Weston said, and will enhance the company’s “chip-to-cloud protection” capabilities.

“ReFirm allows us to assess all the code running on the device and provide a security rating before you connect the device,” Weston said. The tool is a “a key piece of the missing puzzle” to make it easier for organizations to feel comfortable about deploying IoT. “Today, you plug [the device] into the Internet and you say ‘YOLO, I hope everything’s cool.'”

“Patch Tuesday” for IoT

ReFirm Labs develops the open source Binwalk firmware security analysis tool, which has been used by more than 50,000 organizations around the world to analyze thousands of IoT and embedded devices to identify firmware security issues. System builders and device owners use the tool to assess device risk by looking for known vulnerabilities which have not yet been patched, uncovering exposed secrets (security keys, tokens, and passwords), flagging default passwords, and detecting other security problems.

ReFirm’s tool gives the end-users an easy way to determine the basic security posture of the device. The analyzer — Weston called it “essentially a drag and drop tool” — unpacks the device firmware and performs nested scans looking for security issues. The tool is capable of scanning all kinds of IoT and edge devices, regardless of who built it, such as smart light bulbs, cars, printers, smart refrigerators, or servers running edge applications. The tool returns an assessment report as well as a “software bill of materials” explaining what components were used.

Enterprises can use the assessment to understand whether the devices meet security and compliance requirements before they are deployed in the environment. Once the devices are connected, IT teams can monitor them with Azure Defender for IoT. And Azure Device Update, IoT’s version of Windows Update introduced six months ago, lets users apply patches.

“Now the customers have pretty much everything they need: They can assess the device, they can monitor it, and they can update it on Patch Tuesday, just as if it was a Windows device,” Weston said.

In the Windows world, IT teams rely on Qualys Cloud Platform or Tenable’s Nessus vulnerability scanner to assess the security of the network before applying all the Patch Tuesday updates. “Now you can do the same thing with IoT devices,” Weston said.

System builders — people building devices to sell — will be able to use the analyzer to show their devices are secure, which would boost buyer confidence in these devices.

Just the beginning

Microsoft has a vision of getting 50 billion intelligent edge devices connected to Azure empowering digital transformation and running AI applications on the edge. The security issues are just getting worse. A recent Microsoft survey of 1,000 security decision makers found that 83% had experienced some level of firmware security incident. The Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) called out an increase in the number of attacks against difficult-to-patch firmware at the RSA Conference just last month.

Integrating ReFirm’s technology into Azure Defender for IoT is just the first step, Weston said. It was important to give customers all the various capabilities but to keep complexity low. He envisioned a future where firmware scanning was available across the Microsoft portfolio. “We’re going to stitch it through everywhere it makes sense. We’re going to integrate it into all the products that we can where we think we can help the user,” Weston said.

Transform 2021

Elevate your enterprise data technology and strategy.

July 12-16

Presented by Western Digital

Automakers continue to roll out vehicles outfitted with advanced driver assistance systems (ADAS) to help cars become safer, smarter, and more enjoyable. Vehicle operations now largely involve electronic systems centered around processors or system on chips (SoCs). Because of this, digital storage has moved into a more important role that is ramping up next-generation vehicles. Simply put, today’s modern cars — electric, self-driving, hybrid, autonomous, you name it — work as they do because of storage.

Data demands are expanding

The automotive market is driving storage growth. According to the NAND Quarterly Market Monitor, Q1 2021, from Yole Développement (Yole), automotive data demand will skyrocket. The market research and strategy consulting company, Yole, estimates the NAND-based automotive storage demand will increase to 4EB in 2021, and should jump to 24EB by 2024, rising further to 78EB by 2027. Autonomous Level 5 vehicles will only be a small percentage of the vehicle shipments in 2027, so the NAND storage growth will be driven mainly by L2-L4 vehicles, which will represent roughly 85% of vehicles shipped. The feature-rich L2-L4 vehicles will provide advanced levels of safety, connectivity, and entertainment — all requiring higher capacity storage. Overall, the anticipation is a 270% CAGR from 2019 to 2027.

Vehicles today are using more data for over-the-air updates, rich mapping systems, high-quality infotainment applications, and advanced driver assist systems that detect roadway activity.

Here’s what automakers should consider when implementing vehicle data storage.

The right storage is important

In the past, vehicles relied on storage for their infotainment systems — mainly for storing the OS and map data. But today, the use cases are very different and the architectures are changing so the type of storage needs to be carefully considered.

Automotive-grade storage is a must. Automotive-grade devices can withstand wider temperature ranges from -40C to 105C and have gone through a more stringent testing flow at the manufacturer making them less susceptible to physical failures.

There are also SD, e.MMC, UFS, and PCIe interfaces available. Which one to choose is in part dictated by the SoC and the interfaces it supports. It also comes down to performance requirements. If high performance is not a requirement, e.MMC will likely be your best choice because you can avoid the challenges of routing and signal integrity that come with high-speed designs.

UFS is the next step up in performance and is gaining popularity as storage capacity points increase with shared storage applications. PCIe is on the horizon and will definitely be an interface used to support the high performance needed in domains and zonal architectures.

Know your workload

Selecting the right capacity and interface are fairly straight forward, but one thing that is often overlooked is how the device will be written to. When vehicle systems are being designed, it is critical to calculate data workload accurately. The endurance of the storage device depends on the amount of data written, measured in terabytes written (TBW), and varies based on the capacity of storage. Every device has a limit, so it is important to determine the data write requirements based on real system workloads.

The write amplification factor (WAF) is an important consideration that is sometimes forgotten when calculating the system workload and TBW.

WAF is the amount of data that is actually written to the NAND versus the amount of data sent to the NAND by the system. There are several factors that affect the WAF but the main one is that data is written in pages and erased in blocks. Simply put, if a lot of random data is sent to the storage device, the pages might not be completely full causing “empty” space that is not fillable unless the data is moved and combined to another page, thus causing additional writes to free up space. Think defragmenting a hard drive to make space and make the HDD perform better. Similarly, this can happen in flash where data may need to be rewritten to different areas to free up storage space. This causes additional writes as data is moved about to maximize storage area and increases the WAF.

Serial data will provide basically a WAF of 1 since it is fills each page completely. What this means is that if 50TBs of data are sent from the host and the WAF is 3.0, the actual TBW to the NAND is 150TB.

There are things that can be done on the host side to reduce this, but if you were to calculate your useful life based on a WAF of 1.0 but it really was 3.0, your actual useful life would only be 1/3 of that and may cause the system to fail unexpectedly. This is just one example of why it is important to understand how your system will be accessing the storage device and analyzing its impact on the life of the product. You may not even be aware of some writes the system is doing. Taking traces and analyzing them will help better understand your work loads.

Digital storage drives innovation

Vehicles today are essentially computers on wheels that will become servers on wheels in the future. With a range of built-in sensors, cameras, and internal networks, they will be able to seamlessly detect everything that’s happening on the road —  including cars, cyclists, pedestrians, and street signs.

As cars continue to be upgraded with more advanced features, they will have smarter functions and technology that will require more storage and generate even more data. This is why proper data storage and knowing your workload is so critical.

Improved vehicle intelligence can help drivers stay steady on the road. ADAS and other features require a lot of application and operating system software that must be stored on reliable storage devices. Additionally, over-the-air (OTA) software updates from manufacturers can be pushed to add new features and benefits, which will increase the need for storage even more. This means that manufacturers will need to plan long term for additional storage space to handle the increased lines of software code.

Next big step

As cars develop more autonomous features and more amounts of data are created, the need for storage capacity and performance to manage all these applications requires strategic planning, careful coordination, and smart execution. We are still in the beginning of the next chapter for the automotive revolution. Within that, data storage’s role in enhancing how people travel will continue to increase.

Russel Ruben is Global Automotive Segment Marketing Director at Western Digital.

Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact [email protected].