In the IoT era, where connected devices are controlling more critical aspects of our lives, a new approach to security services is required to enable a safe and secure future.
At Finite State, we believe that cybersecurity should ultimately be viewed through the lens of risk management, and that increased transparency into IoT and connected devices is critical to achieving better security for everyone. We offer
Assess the fundamental risk factors affecting each of the IoT devices that you have deployed or are considering deploying. Annual subscriptions are available to make these services part of your standard procurement process.
The Finite State Supply Chain Risk Assessment is a robust risk analysis of IoT devices across your organization, which provides insights into vulnerabilities, hard-coded credentials, and other code hygiene issues.
Finite State analyzes firmware deep inside IoT devices, uncovering all of the software subcomponents and libraries which are installed. With this, we produce a comprehensive, accurate list of all of the vulnerabilities (CVEs) which exist within the device. While others promise visibility, Finite State deep dives into the underlying vulnerabilities lurking in the firmware.
Finite State provides insights into all of the credentials and crypto materials which are present in the firmware, including hard-coded passwords, SSH keys, authorized_keys files, host keys, and SSL certificates.
Most IT professionals are familiar with the Secure Software Development Life Cycle (S-SDLC), an overall development methodology for building more secure applications. Finite State analyzes the firmware inside your connected devices to discover if the manufacturer is properly applying security best practices. We examine the embedded binaries for multiple indicators of code hygiene, including memory corruptions, code complexity, and component age.
Intensive security assessment of select, high-impact devices, potentially uncovering backdoors and zero-days.
The Finite State Validated Security Assessment includes all aspects of the Supply Chain Risk Assessment, plus additional security analysis that may include explicit discovery of potential backdoor accounts, manual review for 0-day vulnerabilities, a detailed survey of static cryptographic materials, and expert commentary around these findings, including suggested mitigation steps.
Management of the vulnerability disclosure process with the manufacturer and ICS-CERT.
A deeper look into connected devices often turns up 0-day vulnerabilities. We will partner with you to disclose findings to device manufacturers, providing incentive for them to release software updates which fix the issues. Finite State will follow a responsible disclosure lifecycle, reporting each vulnerability to the manufacturer and to other relevant parties such as ICS-CERT.
Finite State offers managed security services to defend your entire network, including IoT and other connected devices — including medical, industrial and 5G networking gear — from increasingly sophisticated cyber threats. Our flexible approach to network, data, and device security means you can customize our offerings to meet your unique needs.
We’re proud to offer the following services & benefits:
Our services are purpose-built for organizations that are overwhelmed with managing their information security architecture to protect their data, their employees, and their customers.
Our program ensures that only the best technologies are chosen, proper training is deployed to employees, and operational processes are in place. We cover your entire environment, from traditional IT devices like laptops and servers to IoT devices like cameras and smart TVs to industry-specific connected devices.
We automatically identify what’s on your network, including what’s buried inside your IoT and connected devices, to truly understand the risk associated with your network.
With 24×7 Monitoring and change management we can continuously ensure systems are up and configured according to requirements.
With the latest technology and tools, we proactive monitor and hunt for threats on your network
Our team of experts does root-cause analysis and takes action to help keep your network secure.