This article discusses different vulnerability assessment fielding options. We will discuss the pros and cons of doing binary vulnerability analysis in a SaaS vs. on-premises vs. in-situ. Also, please check out ObjectSecurity’s BinLens™ (formerly ObjectSecurity OT.AI Platform), which is designed to support several different use cases.
Cloud
A cloud hosted subscription undoubtedly has several benefits over other fielding options, esp. no upfront cost hurdles, no maintenance costs, low overall cost, convenience, flexible scalability etc.
However, both our investor organization and trial users voiced obvious security concerns (your binaries are sent to the cloud), and concerns with being able to extract firmware from already-fielded (embedded) devices – including scenarios where internet connectivity is spotty or unavailable. While we at ObjectSecurity are taking security very seriously and have baked appropriate security feature into the cloud hosting and application, these concerns remain valid for some users (esp. for government users).
As a consequence, ObjectSecurity has in fact focused most of our recent development efforts on alternative fielding options to support those requirements, which are described further below.
Portability
Some users need to test devices in situ, especially embedded systems that cannot just be removed (e.g. from a vehicle/vessel/aircraft etc.) – and sometimes there is not even a power outlet that can be used, creating the need for battery power. This would require a portable device combo that a non-expert user can carry on site and connect to an already-deployed embedded system via common external and internal connectors. Such a system would then automatically assesses the embedded system, and the user can view a “traffic light” (or advanced) report. It would also be used as an automated network penetration tester on site. In practice this is extremely challenging to do, and usually requires reverse engineers in a lab. It is particularly impractical in offline/airgapped environments.
Offline
Organizations frequently do not want to use cloud for vulnerability analysis and prefer offline/airgapped deployments. In the portable device fielding option above, sometimes internet is spotty or unavailable, so such a device would need to be able to operate offline. This creates technical challenges because all the heavy processing needs to be carried out on the portable device itself, and advanced preloading and synchronization features need to be available.
ObjectSecurity’s BinLens™ (formerly ObjectSecurity OT.AI Platform) has been designed to support offline operation.
On-premises
Some users we have spoken to prefer to do vulnerability assessment on-premises, mostly for security reasons. While such deployments do not have to be portable, they in rare cases need to be offline (to avoid exfiltration).
ObjectSecurity’s BinLens™ (formerly ObjectSecurity OT.AI Platform) has been designed to be deployable as an on-premises server (physical or virtual), with optional offline operation.
In conclusion, there is no “better” or “worse” way of doing binary vulnerability assessments – it depends on your organization’s particular requirements. Please talk to us about your experiences and/or requirements in this area, and check out ObjectSecurity’s BinLens™ (formerly ObjectSecurity OT.AI Platform).