Alan Grau

Sectigo®, a provider of automated digital identity management and web security solutions, releases multiple advancements to the company’s award-winning IoT Security & Identity Management Platform, making integration and management of secured connected devices even easier for OEMs and enterprises. The innovations include a PKI Client software development kit (SDK) for Sectigo IoT Manager and Secure Boot SDK, which eases development efforts and reduces time to market for manufacturers across industries. IoT security platform Sectigo’s all-in-one IoT security platform simplifies securing and authenticating connected devices, so that enterprises can protect their infrastructure in a way that is scalable, cost-effective, and easy to manage. “No other platform makes it as easy to ensure that connected devices are authenticated and to maintain reliable security from initial production on the assembly line, through installation and operation, until final decommissioning. The integrity of connected endpoints in healthcare, transportation, energy, financial services, and smart city sectors—our critical infrastructure—depend on it,” explained Alan Grau, VP of IoT/Embedded Solutions, Sectigo. Building secure devices Sectigo’s IoT Identity platform leverages the infrastructure used for issuing public certificates The Sectigo IoT Security Platform delivers end-to-end security services for every class of connected device, from manufacture through its lifecycle, enabling OEMs to build secure devices that are compliant with security standards and new IoT security regulations. Best-practice features, myriad technology integrations, and single pane of glass management empower enterprises to protect their IoT infrastructure in a way that is scalable, cost-effective, and easy-to-manage. In addition, Sectigo’s IoT Identity platform leverages the infrastructure used for issuing public certificates, providing IoT OEMs with the same high levels of security as public roots are provided. IoT manager advancements Multi-vendor Ecosystem Support – IoT Manager now provides greater configurability and customization of certificate profiles, enabling support for the unique requirements of emerging IoT ecosystems. Sectigo PKI Client for IoT Manager SDK – Making it easier for Sectigo customers to programmatically issue certificates from the Sectigo IoT Manager platform using the REST API interface. Sectigo EST PKI Client – A new client using the Enrollment over Secure Transport (EST) cryptographic protocol for PKI enables automated use of EST for customers using Sectigo Certificate Manager.  IoT device identity Embedded Firewall SDK – The latest release of Sectigo’s Embedded Firewall SDK includes support for Green Hills Software’s INTEGRITY RTOS microkernel architecture, designed for critical embedded systems that demand proven separation, security, and real-time determinism. The SDK enables device manufacturers to easily add firewall protection to enforce configurable packet filtering rules on connected devices. Secure Boot NetObjex Integration – Sectigo has integrated the company’s Secure Boot SDK with the NetObjex PiQube IoT development platform, providing manufacturers using the NetObjex platform with secure boot functionality, thereby ensuring authenticity of the firmware on their devices. WBA Ecosystem – Sectigo has been selected to provide PKI services for the Wireless Broadband Alliance OpenRoaming ecosystem. Monitoring digital assets “Sectigo’s Secure Boot SDK delivers code signing and validation tools, ensuring the firmware on our devices is protected from hackers. The easy to use SDK enabled us to quickly and easily add secure boot to our device,” said Raghu Bala, CEO, NetObjex, providers of an Intelligent Automation Platform for tracking, tracing, and monitoring digital assets using AI, Blockchain, and IoT. “The growth of edge devices has increased the risk of devastating data breaches. Offering Sectigo’s embedded device hardening technologies and purpose-built third-party certificate issuance and management provides our customers with assurance that their important data and devices are protected.”

Sectigo®, a provider of automated digital identity management, embedded security, and web security solutions, and Green Hills Software, the pioneer in high-assurance operating systems, have announced a global reseller agreement. The agreement enables Green Hills Software to offer Sectigo's Icon LabsTM Embedded Firewall, integrated and optimized for use with Green Hills Software’s INTEGRITY® real-time operating system (RTOS) and its embedded high-performance TCP/IP v4/v6 host and router networking stack. Internet-Connected platform The pairing strengthens Green Hills Software’s internet-connected platform solutions with the expanded networking security required in connected systems responsible for critical functions for automotive, industrial, medical, transportation and mil/aero industries. “Most cyberattacks on embedded systems remain undetected until it is too late. Early detection is critical as it maximizes the safety of products while helping to prevent the loss of IP, disruption of services, and attacks proliferating to other portions of the system or network,” explained Alan Grau, VP of IoT/Embedded Solutions, Sectigo. “Green Hills Software’s integration of our embedded firewall with their proven and mature INTEGRITY RTOS will provide customers worldwide with a powerful combination of experience and security technology that sounds the alarm, then stops the attack.” Critical embedded systems The INTEGRITY RTOS microkernel architecture is designed for critical embedded systems The INTEGRITY RTOS microkernel architecture is designed for critical embedded systems demanding proven separation, security, and real-time determinism. The operating system’s separation architecture helps manufacturers safely and securely partition software running at different levels of criticality. For critical functions, INTEGRITY assures secure and real-time execution by means of impenetrable partitions that deliver freedom-from-interference and guaranteed system resources. The Sectigo Icon Labs Embedded Firewall enjoys widespread global adoption, combining numerous powerful and configurable features to detect and contain cyberattacks. Disabling static filtering Configurable filtering policies — Uses configured filtering rules to control the filtering engine. The rules provide complete control over the type of filtering performed and the specific criteria used to filter packets. Rules can be configured for: Static filtering rules for IP address, MAC address, port number, and protocol number Block list and allow list filtering modes DPI filtering rules for message type, message contents, and message source Threshold-based filtering criteria Independently enabling and disabling static filtering, dynamic filtering, DPI filtering, and threshold-based filtering Replay attack protection EDSA Compliance support — Serves as an important building block for achieving EDSA compliance for embedded devices, providing support for many capabilities mandated by EDSA-311: Protocol fuzzing and replay attack protection Data flooding protection Denial of service protection Notification of attacks Disabling of unused ports Logging and alerting — Maintains a log of security events and policy violations, enabling command audits and forensic investigation to determine the source of an attack. Enabling remote management Management system integration — Incorporates an agent that enables remote management from an enterprise security manager system, or to other Security Information and Event Management (SIEM) systems. This integration provides: Centralized management of security policies Situational awareness and device status monitoring Event management and log file analysis Intrusion detection and prevention — Blocks all unused ports and protocols, limiting the attack surface hackers can exploit. Logging packets that violate configured filtering rules enables detection of unusual traffic patterns, traffic from unknown IP addresses, and other suspicious behavior. additional cybersecurity capability “Green Hills is pleased to be adding this additional cybersecurity capability to our portfolio of industry-leading foundational security offerings,” said Dan Mender, VP of Business Development, Green Hills Software. “Protecting critical internet-connected solutions is paramount for our customers, and Sectigo’s Icon Labs Embedded Firewall capability extends our customers’ ability to design purpose-built secure solutions in automotive, industrial, medical, transportation and mil/aero markets.” Green Hills Software’s internet-connected platforms are integrated and optimized with Sectigo’s embedded firewall and are available.

Sectigo, a renowned provider of automated digital identity management and web security solutions, has partnered with ReFirm Labs to help device original equipment manufacturers (OEMs) ensure security and compliance. Under the agreement, Sectigo’s customers will now have access to ReFirm Lab’s firmware scanning tools to analyze device firmware and detect known vulnerabilities, out-of-date open source components, hard-code encryption keys, expired certificates, and potential zero-day vulnerabilities. Device firmware presents a largely unprotected attack surface that hackers can use to gain access to - and move laterally within - corporate or critical infrastructure networks. End-to-end IoT security platform The explosion of connected devices has escalated this risk, leading industry groups, including the U.S. Cyberspace Solarium Commission, to recommend stronger regulatory enforcement and clearer baseline standards and guidance for IoT device manufacturers and their supply chains to combat attacks on device firmware. Sectigo’s IoT security platform was created to deliver end-to-end security for every connected device" ReFirm Labs’ Centrifuge Platform provides an automated platform to analyze IoT / embedded device firmware to identify potential cybersecurity vulnerabilities before OEMs release firmware updates, and before deployment onto device operators’ networks. Sectigo IoT Identity Platform is the industry’s first end-to-end IoT security platform, offering both embedded device identity and integrity technologies, as well as purpose-built certificate issuance and management. Embedded firewall technologies By combining the two platforms, OEMs using both Sectigo and ReFirm Labs platforms are able to: Create more secure embedded software Guarantee the integrity of device software and validity of certificates at boot, and in software updates Protect the device by operating through secure boot, secure storage, and embedded firewall technologies Detect hard-code encryption keys, expired certificates, and other security vulnerabilities Ensure compliance with a growing number of IoT security standards, such as NIST 8259, OWASP IoT Top 10, and ISA/IEC 62443 “Sectigo’s IoT security platform was created to deliver end-to-end security for every connected device, at the point of manufacture and throughout the entire lifecycle,” said Alan Grau, VP of IoT/Embedded Solutions, Sectigo. “By teaming with ReFirm Labs, we are enabling device OEMs to address security and compliance requirements using a comprehensive solution that works across every stage of the device lifecycle.” IoT device firmware “Our partnership with Sectigo is an important advancement in addressing the growing market and regulatory pressure that is forcing device OEMs to adopt best practices for developing secure IoT device firmware. Using ReFirm Labs’ Centrifuge Platform, our OEM customers are able to uncover the vulnerabilities in IoT devices." "They can then address those problems using Sectigo’s IoT Security platform, and ultimately implement higher levels of security and achieve compliance with new standards for device security,” explained Derick Naef, CEO, ReFirm Labs.

Sectigo, a provider of automated digital identity management and web security solutions, announced a video series on Sectigo’s YouTube Channel. The IoT video series offers security engineers, developers, product managers, and anyone using or developing connected components and devices valuable guidance, ranging from fundamental to advanced level, for securing IoT devices. Hosted by Alan Grau, Sectigo VP of IoT/Embedded Solutions, the initial “explainer” videos in the series include: IoT Security Challenges The first in the series, the IoT Security Challenges video encompasses a wide range of fundamental security topics including embedded security, secure boot, embedded firewall, secure firmware updates, secure key storage, IoT device identity, and PKI for IoT. Alan Grau addresses several specific issues, including: Common vulnerabilities found in IoT devices What security actually means for IoT devices, and which solutions actually work Which types of IoT security solutions actually work, and why Security claims vs. security realities for IoT devices Challenges of building security into IoT devices Secure Boot for IoT Devices The Secure Boot for IoT video covers IoT security, embedded security, secure Boot, and secure firmware updates. Grau provides both an overview and a deep dive into Secure Boot and how the functionality can greatly help secure IoT devices by ensuring that they are always running unmodified code from the OEM. He also discusses the various ways that hackers attack embedded devices, Root of Trust, code signing, and code validation. Embedded Firewall for IoT Devices In the video about Embedded Firewalls, Grau covers what embedded firewalls are and how they are different from other network and endpoint firewalls. He discusses the challenges of building security into IoT devices, why embedded firewalls are important (and essential features), as well as embedded use cases for automobile (ADAS) and aircraft control systems.

Sectigo, a provider of automated digital identity management and web security solutions, announces a partnership with Infineon Technologies AG to provide automated certificate provisioning for Infineon’s OPTIGA™ Trusted Platform Module (TPM) 2.0 using Sectigo IoT Identity Manager. The integration provides manufacturers with a complete certificate management solution, including issuance and renewal, starting right on the factory floor, with secure certificate creation and insertion using the OPTIGA™ TPM for private key storage. Strong authentication and secure communication “Including a TPM chip in an IoT device design is the first step in enabling strong authentication and secure communication for IoT devices,” explained Alan Grau, VP of IoT/Embedded Solutions at Sectigo. “Together, Sectigo and Infineon are enabling device manufactures to leverage strong authentication and secure communication for IoT devices during the manufacturing of the device itself. This integration not only automates the process of provisioning certificates for IoT devices, but also delivers a complete PKI solution leveraging Sectigo’s highly secure cloud infrastructure.” Device manufacturers across industries recognize the need to strengthen the security of their devices Device manufacturers across industries increasingly recognize the need to strengthen the security of their devices. The Sectigo-Infineon joint solution enables manufacturers to provide the enhanced levels of security required to protect their devices and to ensure compliance with ever-emerging and evolving IoT security standards and regulations across the globe. Device identity certificates For example, manufacturers are able to provision certificates into devices before they leave the factory, so that their connected IoT and IIoT products comply with the authentication requirements of the California IoT Security Law, along with other similar legislation. Device identity certificates enable strong authentication and the TPM—a specialized chip on an endpoint device—provides secure key storage to ensure keys are protected against attacks. The joint solution enables the insertion of certificates into the device during the manufacturing of the device, when the device is first provisioned into a network, or into the TPM chip itself before the chip is shipped to the manufacturer. By installing certificates into the TPM chip prior to manufacturing, manufacturers are able to track the component throughout the supply chain to protect against device counterfeiting, ensuring that only authentic devices are manufactured. Securing and authenticating connected devices Together with our partner Sectigo, we are now also able to offer automated factory provisioning" “Infineon’s audited and certified TPMs enable manufacturers of connected devices to achieve higher levels of security. Together with our partner Sectigo, we are now also able to offer automated factory provisioning. This gives our customers a proven path combining ease of integration with the benefits of higher security performance,” said Lars Wemme, Head of IoT Security at Infineon Technologies. The Sectigo IoT Identity Platform removes the complexity associated with securing and authenticating connected devices so that businesses can protect their infrastructure in an easy, scalable, cost-effective, way. The platform enables enterprises and OEMs to ensure the integrity and identity of their devices and maintain that security by managing certificates throughout the lifecycle of the device. Broad portfolio of security controllers Infineon’s OPTIGA™ security solutions, including the OPTIGA™ TPM, offer a broad portfolio of security controllers to protect the integrity and authenticity of embedded devices and systems. With a secure key store and support for a variety of encryption algorithms, the security chips provide robust protection for critical data and processes through their rich functionality—and are essential for strong device identity solutions because the crypto co-processor can securely store the private key of the device. Infineon’s proven key storage, coupled with Sectigo’s automated certificate issuance and management, delivers a robust, automated and easy-to-use PKI solution for device manufacturers.