Sectigo acquires Icon Labs to boost IoT security
May 16, 2019
Web security firm Sectigo, a New Jersey-based commercial Certificate Authority (CA), has acquired Icon Labs, an Iowa-based provider of cross-platform security for embedded OEMs and IoT device manufacturers.
Sectigo’s expanded IoT security platform will provide device manufacturers, systems integrators, enterprises using connected IoT and entire interoperable ecosystems with the ability to use purpose-built IoT issuance from a third-party CA. The platform will seamlessly harden device security with embedded tools to protect the integrity of data in transit and at rest, as well as ensure the integrity of all executed code by leveraging multi-phase secure boot.
IHS Markit forecasts that the IoT market will grow from an installed base of about 15 billion devices in 2015 to more than 75 billion in 2025. As the market grows, attacks rise and securing connected devices across the ecosystem becomes more imperative. SonicWall’s 2019 Cyber Threat Report found that the number of detected attacks against IoT devices and networks escalated to 32.7 million in 2018, a 217 per cent increase.
“Icon Labs has been growing and addressing this challenge by securing the device market for more than two decades,” said Bill Holtz, CEO of Sectigo. “For the first time, embedded security technology is combined with device authentication and identity management to provide customers with a complete IoT security platform that solves many of the challenges presented by the rising number of threats.”
Sectigo, formerly Comodo CA, provides scalable certificate issuance for connected IoT devices used in many verticals. Sectigo IoT Manager, part of the company’s expanded IoT security platform, provides specialised management capability for trust interoperability, so that connected IoT device vendors, service integrators or consortiums can securely build out, scale and manage their device ecosystems. The technology leverages automation via open source and proprietary technologies to ensure secure provisioning and lifecycle management.
With the acquisition of Icon Labs, Sectigo says it is the first trusted third-party CA to offer end-to-end security for every connected device from the point of manufacture and throughout the entire lifecycle. Icon Labs’ security modules can be used as point products to meet specific security requirements or as an integrated foundation for developing a secure device by securing the device itself rather than relying on security at the perimeter.
Benefits of the IoT security platform include:
- Secure boot: Provides embedded software APIs that ensure software integrity from the initial power on to application execution and enable developers securely to code sign boot loaders, microkernals, operating systems, application code and data. Upon system start-up, Sectigo verifies the integrity of code and data before execution and before permitting installation or updates. Sectigo also stores a secure audit log for system boot processing and other services.
- Embedded firewall: Works with real-time operating systems and Linux to configure filtering rules and offers deep packet inspection for industrial protocols, including Can bus.
- TPM integration: Offers certificate storage integration in TPM trusted platform module compliant secure elements.
- Secure remote updates and alerts: Ensures security components have not been modified, offers authentication from the OEM and issues alerts if firmware validation fails.
- On-premise CA: Expands Sectigo cloud-based CA to enable an on-premise CA, providing role-based user management, high-performance issuance on site and remote device audits. This allows signed device manifests to be added during manufacturing, then remotely validated.
Icon Labs, which will maintain its own brand as a subsidiary of Sectigo, is the second company acquired by Sectigo as the company accelerates its growth and expands into new segments. In August 2018, Sectigo acquired CodeGuard, a web-site maintenance, backup, and disaster recovery company. CodeGuard has since expanded internationally, achieving more than 45% YoY growth in 2018.
“With the addition of Icon Labs, Sectigo ensures overall system integrity by enabling complete visibility and control over each IoT device lifecycle and providing embedded technologies to further secure the integrity of the device, its identity and its data,” said Jason Soroko, CTO of IoT at Sectigo. “Now the experts in protecting digital identities are also the specialists in utilising and protecting digital identities in constrained embedded environments found in IoT devices used in every operational vertical, from automotive to healthcare, and from industrial control systems to smart cities.”
Icon Labs provides cross-platform security for embedded OEMs and IoT device manufacturers, as well as professional services to assist users with production, integration, customisation and development. Founded in 1992 and based in Iowa, Icon Labs is privately held, with more than 100 customers worldwide using the company’s intelligent, secure, networked devices. Icon Labs products have been deployed in applications including communications infrastructure equipment, transportation systems, satellite communications and industrial control devices.
Sectigo provides web security products that help users protect, monitor, recover and manage their web presence and connected devices. As a commercial CA used by enterprises globally for more than 20 years, and more than 100 million SSL certificates issued in over 200 countries, Sectigo says it has the proven performance and experience to meet the growing needs of securing today’s digital landscape.