Finite State has released a search function for its platform that allows users to gain full visibility into their embedded devices and identify whether a known vulnerability is present.
Internet of Things (IoT) devices have been black boxes whose security is notoriously difficult to verify. Traditionally, large companies would need more than 30 days for various business units and product teams to confirm a vulnerability in one of those devices.
As we’ve seen demonstrated recently by Log4j, security teams can’t afford to wait to find exactly where they are impacted. This isn’t the only vulnerability either, it’s happened before with the likes of Treck IP Stack and DNSpooq.
Instead of relying on hundreds of individual product teams to manually search for a Common Vulnerabilities and Exposures (CVE) identifier, Finite State searches all embedded devices a company manufactures within seconds to find CVEs or affected software. This allows a mitigation plan to come together much faster so that companies can more quickly ensure product security.
“This is something our clients have been yearning for and now we’re able to make their security teams’ lives much simpler and involve far fewer people as they work to manage vulnerabilities on their products,” said Jeff Martin, VP of Product at Finite State.
Finite State’s enhanced search capability is unique because it not only reduces a month-long wait down to a single click, it also provides enhanced results with business and product context. Results are broken down not just by individual product, but also by product family and business unit.
In addition to finding vulnerabilities, the search function can also scan firmware for accounts. If a device manufacturer were to find a backdoor account that was missed during product testing, the search function can find the account name and all firmware versions that have used that account.