Red Balloon Security and Atredis Partners, two leading embedded device security companies, today announced a new strategic partnership to protect corporations, manufacturers and suppliers against hard to detect firmware-based threats.
The new collaboration will leverage both firms’ unique expertise and capabilities in critical areas of embedded device security. Red Balloon Security is a leading developer of firmware-based security solutions to protect embedded devices from a wide range of potential attacks. Atredis Partners provides advanced security testing, firmware analysis and assessment services for a full range of embedded device products and industries.
“We look forward to working with Atredis to deliver robust security solutions for embedded device manufacturers, developers and users,” said Dr. Ang Cui, CEO of Red Balloon Security. “The combined embedded security expertise of Red Balloon and Atredis will provide companies with advanced protection throughout their embedded systems.”
Red Balloon Security’s flagship product, Symbiote Defense, is the first universal embedded defense for all embedded devices and was originally developed in Columbia University’s Intrusion Detection Systems Lab. It is a platform-independent, OS-agnostic, real-time, host-based intrusion defense that is injected into the firmware of the device. It defends devices without requiring any code change from the vendor, any additional or upgraded hardware, and all without impacting the functionality of the device. Symbiote Defense is designed to protect any and all embedded devices, from printers to PLCs. It can be applied to any device regardless of OS, CPU type or hardware. The technology starts protecting the host the instant the host turns on, and will detect any unauthorized attempts to modify the firmware’s code or data within a fraction of a second, regardless of whether the device is in sleep mode, or busy servicing requests.
Atredis Partners provides a broad range of security testing and analysis services for embedded devices. The company takes a research-centric approach when evaluating complex hardware, firmware and embedded operating system targets. Atredis works closely with a company’s leadership, engineers and developers to achieve a sound understanding of the design, architecture and threat scenarios to model out in its assessments. Engagements begin with a complete tear-down of the device, mapping of circuits / hardware communication channels, identification of reachable attack surface and into reverse-engineering and instrumenting of firmware, bootloaders and monolithic software. Attack scenarios are then crafted, followed by development of proofs-of-concept demonstrating the risks and impact of identified issues, in order to deliver actionable, clearly-documented findings. Finally, Atredis works closely with clients to remediate these security issues and ship highly secure products to market.
About Red Balloon Security
Founded in 2011, Red Balloon Security (www.redballoonsecurity.com) is a leading cybersecurity provider and research firm that specializes in the protection of embedded devices across all industries. The company’s technology defends embedded systems with a suite of host-based firmware security solutions that provide continuous runtime protection of firmware and secure embedded systems against exploitation. Red Balloon Security’s pioneering R&D is led by a team of world-class academic researchers and developers who have published seminal research papers in the fields of embedded security and intrusion detection, led US Department of Defense-funded research activities, ethically disclosed vulnerabilities within hundreds of millions of ubiquitous embedded devices and worked as embedded security researchers within various intelligence agencies.
About Atredis Partners
Atredis Partners (www.atredis.com) is an industry-leading, research-driven consulting company, specializing in penetration testing, embedded device security assessment and risk management. Atredis was created by security industry veterans who wanted to prioritize offering quality and client needs over the pressure to grow rapidly at the expense of delivery and execution. A key part of that has been building a team of some of the most recognized and highly respected security researchers and consultants in the world. Distributed throughout the United States and Canada, the Atredis Partners team consists of security professionals of diverse backgrounds, including advanced degrees in computer science and numerous industry certifications and designations. Atredis team members have presented research over 50 times at conferences such as BlackHat, DEF CON, RSA, RECon, INFILTRATE, SummerCon, BSides, ShmooCon, S4 and PacSec/CanSec, among others, and have authored several books, including “The Android Hacker’s Handbook,” “The iOS Hacker’s Handbook,” “Wicked Cool Shell Scripts,” “Gray Hat C#,” and “Black Hat Go.”