Sectigo (formerly Comodo CA), which is said to be the world’s largest commercial Certificate Authority (CA) and a specialist in web security solutions, has acquired Icon Labs. Icon Labs is a provider of cross-platform security solutions for embedded original equipment manufacturers (OEMs) and Internet of Things (IoT) device manufacturers.
Sectigo’s expanded IoT Security Platform aims to provide device manufacturers, systems integrators, enterprises using connected IoT, and entire interoperable ecosystems, with the industry-first ability to use purpose-built IoT issuance from a trusted third-party CA. The platform will seamlessly harden device security with embedded tools to protect the integrity of data in transit and at rest, as well as ensure the integrity of all executed code by leveraging multi-phase secure boot.
IHS Markit forecasts that the IoT market will grow from an installed base of about 15 billion devices in 2015 to more than 75 billion in 2025. As the market grows, attacks rise and securing connected devices across the ecosystem becomes more imperative. SonicWall’s 2019 Cyber Threat Report found that the number of detected attacks against IoT devices and networks escalated to 32.7 million in 2018 – a 217% increase.
“Icon Labs has been growing and addressing this challenge by securing the device market for more than two decades. For the first time, embedded security technology is combined with device authentication and identity management to provide customers with a complete IoT security platform that solves many of the challenges presented by the rising number of threats,” said Bill Holtz, CEO, Sectigo.
Sectigo provides highly scalable and reliable certificate issuance for connected IoT devices used in many verticals. Sectigo IoT Manager, part of the company’s expanded IoT Security Platform, provides specialised management capability for trust interoperability, so that connected IoT device vendors, service integrators, or consortiums can securely build out, scale and manage their device ecosystems. The technology leverages automation via both open source and proprietary technologies to ensure secure provisioning and lifecycle management.
Sectigo IoT security platform
With the acquisition of Icon Labs, Sectigo is the first trusted third-party Certificate Authority to offer end-to-end security for every connected device from the point of manufacture and throughout the entire lifecycle. Icon Labs’ security modules can be used as point products to meet specific security requirements or as an integrated foundation for developing a secure device by securing the device itself rather than relying on security at the perimeter.
Benefits of the expanded Sectigo IoT Security Platform include:
- Secure boot – Provides embedded software APIs that ensure software integrity from the initial “power on” to application execution and enable developers to securely code sign boot loaders, microkernels, operating systems, application code, and data. Upon system startup, Sectigo verifies the integrity of code and data before execution and before permitting installation or updates. Sectigo also stores a secure audit log for system boot processing and other services.
- Embedded firewall – Works with Real Time Operating Systems (RTOS) and Linux to configure filtering rules and offers deep packet inspection for industrial protocols, including CAN bus.
- TPM integration – Offers certificate storage integration in Trusted Platform Module (TPM) compliant secure elements.
- Secure remote updates and alerts – Ensures security components have not been modified, offers authentication from the OEM, and issues alerts if firmware validation fails.
- On-Premise CA – Expands Sectigo cloud-based CA to also enable an on-premise CA, providing role-based user management, high-performance issuance on site, and remote device audits. This allows signed device manifests to be added during manufacturing, then remotely validated.
“By joining Sectigo, Icon Labs is contributing to a powerful advancement in connected device security. We are securing IoT devices and the convergence of traditional IT systems and Operational Technology (OT); that is, the hardware and software that detects or causes changes in physical processes through direct monitoring and/or control of physical devices,” said Alan Grau, founder of Icon Labs.
“With the addition of Icon Labs, Sectigo ensures overall system integrity by enabling complete visibility and control over each IoT device lifecycle and providing embedded technologies to further secure the integrity of the device, its identity, and its data,” explained Jason Soroko, CTO of IoT, Sectigo. “Now the experts in protecting digital identities are also the specialists in utilising and protecting digital identities in constrained embedded environments found in IoT devices used in every operational vertical, from automotive to healthcare, and from industrial control systems to smart cities.”
Icon Labs, which will maintain its own brand as a subsidiary of Sectigo, is the second company acquired by Sectigo as the company accelerates its growth and expands into new segments. In August 2018, Sectigo acquired CodeGuard, Inc., a global provider of website maintenance, backup, and disaster recovery. CodeGuard has since expanded internationally, achieving more than 45% YoY growth in 2018.