San Diego, CA — November 15, 2024 — ObjectSecurity, a leader in solving complex, evolving defense and industrial cybersecurity and supply chain risk challenges, today introduced BinLens™ 3.0 [1], the latest version of its binary vulnerability analysis tool. Designed to address gaps in traditional cybersecurity methods, BinLens automates the analysis of binary programs.

BinLens 3.0 is a bold evolution from ObjectSecurity OT.AI Platform™ 2.x. BinLens helps effortlessly uncover zero-day vulnerabilities in binaries with cutting-edge accuracy and minimal false positives – including those in IT and OT/ICS environments. BinLens automates key manual reverse engineering tasks like symbolic analysis, static analysis, disassembly, and decompilation. Unlike traditional tools, it doesn’t rely solely on known vulnerabilities and offers flexible deployment options.

Conventional cybersecurity for IT, mobile, and OT/ICS systems often relies on network scans, SBOMs, and source code reviews, which only detect known vulnerabilities and leave significant gaps. BinLens 3.0 takes a different approach by focusing on advanced (symbolic) binary-level analysis, excelling at detecting memory-safety violations and other undefined behaviors in binary programs, allowing it to identify hidden and unpublished vulnerabilities and delivering a dramatically lower false-positive rate than competing tools. Features include:

• Memory Safety Issues: Detects weak pointers, stack overflows, and heap overflows to identify unsafe writes and prevent data corruption, crashes, or unauthorized access.
• Control Flow Risks: Identifies vulnerabilities that could allow user-controlled instruction pointers, leading to arbitrary code execution.
• Array Index and String Violations: Highlights issues like out-of-bound array indices and externally controlled string vulnerabilities, ensuring systems are protected from data corruption and exposure of sensitive program data.
• Cryptographic Weaknesses: Evaluates encryption schemes, embedded keys, and entropy to identify potential flaws in cryptographic defenses.
• Unpublished and Published Vulnerabilities: While BinLens primarily does not rely on published vulnerability information, but is instead focused on finding unpublished vulnerabilities. Scans for over 18,000 CVEs specific to OT/ICS binaries and detects nearly 140 CWEs across 30 CPU architectures.
• Single pane of glass: Automates and combines many tasks typically requiring expert manual reverse engineering, such as disassembly, decompilation, and delta analysis.
• Compliance mapping: It also supports compliance with standards like NIST 800 and ISA/IEC 62443, making it a practical tool for organizations focused on security and regulatory requirements.
• Flexible on-prem & cloud: Because of its strong focus on DoD, Government and critical infrastructure, BinLens is designed to be deployed on-premises/offline (including Kubernetes clusters), in addition to cloud deployment options.

Its capabilities benefit a wide range of users, including:

• Red teams, reverse engineers, threat hunters, and vulnerability researchers: will speed up manual reverse engineering workflows and dive deeper faster.
• DevSecOps engineers, product security, QA testers, and software developers: will detect vulnerabilities that source code analysis and SAST miss – integrated into DevSecOps
• Operators, buyers/procurement: will reduce supply chain risks in your IT/OT/ICS environment, by requiring analysis in RFPs, analyzing during deployment/patching, and scanning legacy devices.

Availability
BinLens™ 3.0 is available starting today, November 15, 2024. It can be accessed directly from ObjectSecurity or through authorized partners.

About ObjectSecurity
ObjectSecurity LLC is a leader in solving complex, evolving defense and industrial cybersecurity and supply chain risk challenges that threaten national security and production downtime. The company specializes in cybersecurity solutions for IT and OT/ICS systems, with a focus on automating and streamlining security. By delivering advanced tools like BinLens™, the company helps organizations identify and address vulnerabilities effectively. Our novel research and development are applied to commercial solutions proactively addressing the core source of cyber vulnerabilities and risk – software code and data. Our holistic, proactive approach prevents cyber attacks and disruptive production downtime across industries that support global citizen communities, including military defense, municipal smart cities, public and private transportation, energy, wastewater treatment, power utilities, manufacturing, and the life sciences. For more than 20 years, ObjectSecurity has been delivering cybersecurity and supply chain risk management solutions, including to U.S. defense and federal government agencies. These advanced technologies are now commercially available for government and private sector use. ObjectSecurity is privately-held with headquarters in San Diego, CA, with global representation. [2]

More Information

1. BinLens website https://www.objectsecurity.com/binlens
2. ObjectSecurity https://www.objectsecurity.com

Media Contact:

• Dan Mathews
• 1 650 515 3391
• Contact https://objectsecurity.com/contact