Binarly has released the Binarly Transparency Platform, delivering transparency for device supply chains enabling device manufacturers and endpoint protection products to analyze both firmware and hardware to identify vulnerabilities, misconfigurations, and malicious code implantation.
The Binarly Transparency Platform is designed to identify vulnerabilities and malicious threats in code, seamlessly integrating as a security component of an SDLC or CI-CD pipeline or further down the supply chain.
The platform takes security to the next level by adding dangerous misconfiguration checking at the device level, ensuring that organizations can effectively monitor and mitigate risks throughout the entire lifecycle of their devices.
At the core of the Transparency Platform is a Vulnerability Analysis engine that leverages deep code inspection to detect vulnerabilities within analyzed firmware images. This tool provides organizations with crucial insight into the existence of known vulnerabilities, allowing them to address potential threats before they can be exploited.
Binarly Transparency Platform capabilities:
- Firmware Similarity Analysis — Enables developers and security analysts to perform binary-level comparisons of firmware images, swiftly detecting any modifications, deletions, or potential threats caused by either unintentional errors or deliberate attacks.
- Deep Vulnerability Analysis — Uses deep code analysis and AI/ML to uncover previously unknown vulnerabilities within known classes. Identifies vulnerable code patterns in firmware binaries, exposing coding errors and improper service usage. Binarly Transparency Platform pinpoints firmware-specific vulnerabilities, offering risk scoring to help security teams prioritize and expedite security updates.
- SBOM and Dependency Analysis — The Binarly Transparency Platform takes a zero trust approach to SBOMs by thoroughly examining firmware images to reveal all components within the code. This allows the platform to construct a dependency graph and identify third-party dependencies, not solely relying on hashes but reconstructing the truth from the binary code.
“The capabilities built into the Binarly Transparency Platform are already helping customers reduce the number of security risks coming from threats below the operating system. Our technology is designed to proactively detect new threats and identify vulnerabilities and more importantly, make these discoveries actionable for defenders,” said Binarly CEO Alex Matrosov.
Over the past year, we have been working closely with our development partners and customers, who have already started to experience significant benefits from the platform’s capabilities.
“Binarly has a unique approach to securing firmware, built by some of the most innovative minds in the space. They have decades of experience in understanding and researching the problem from the hardware on up, paired with a modern and scalable approach to bringing the value of securing firmware to any organization. The visibility and control they offer is second to none,” said Ryan Permeh – Partner, Syn Ventures.
Tim Lewis – CTO, Insyde, added: “We value the work that Binarly is doing to help make firmware more secure and appreciate their professionalism while working with us to report these issues in a timely manner. Their AI-powered approach to identifying threats is proving to be a valuable tool to help provide stronger firmware security.”
“Binarly’s binary code analysis is extremely effective in finding vulnerabilities in upstream libraries, where source access may not be possible. When Binarly found unknown vulnerabilities in our BIOS, they provided detailed information including where the vulnerability was and the impact associated with it. They then worked directly with our BIOS vendor to fix the vulnerabilities upstream,” Kieran Levin – Lead System Architect, Framework Computer, continued.
“At AMI, we take firmware security seriously, which is why we’re excited to collaborate with Binarly on securing the supply chain. By working together, AMI is best positioned to ensure that our clients’ firmware is protected from potential threats, giving them peace of mind and the ability to focus on what they do best – creating innovative solutions that drive their business forward,” said Brian Mullen – Senior Manager of Software Security, AMI.