Meet Binarly

The most advanced firmware supply chain security platform

Detect and remediate known and unknown vulnerabilities at every step of the device and software supply chain.

The Binarly difference:

AI-powered identification of known and unknown vulnerabilities

Known vulnerabilities are just the tip of the iceberg in today's complex firmware and software supply chains. 

That's why, instead of merely mapping binaries to a list of known vulnerabilities, we go beneath the surface to understand how the code executes, enabling us to detect defects, not just the binaries. This approach allows Binarly to identify entire classes of defects, beyond just known issues, and to do so more rapidly with near-zero false positives.

Proactively Manage Vulnerabilities

-
Detect entire classes of not yet disclosed vulnerabilities in addition to known.

Identify Transitive Dependencies

-
Stop relying on SBOMs alone. Detect binary dependencies, including transitive ones.

Detect Malicious Code

-
Find firmware implants and other malicious code based on behavior analysis.

Resolve Vulnerabilities Quickly

-
Prescriptive and verified fixes make resolution painless.

Understand Release Changes

-
Instantly understand the difference between releases.

How does Binarly work?

LORMES
Binarly addresses critical gaps in firmware and software supply chain security by:
  • Providing visibility into the impact of firmware and software vulnerabilities.
  • Providing industry-leading firmware analysis including UEFI and more.
  • Identifying known and previously unknown vulnerabilities and malicious behavior – not just hashes or signature matching.
  • Extending insight beyond the CVE, showing which vulnerabilities exist at the binary level.
  • Reducing alert fatigue through the use of machine learning to achieve near zero  false positives .
  • Shortening the time to fix identified issues by proposing and validating fixes. 
Explore Binarly's Features
Arrow indicating link

A research driven product

The Binarly team has its roots in research with decades of experience uncovering and understanding advanced malware threats, firmware, and hardware vulnerabilities. The Binarly Lab has led the coordinated disclosure of nearly 500 vulnerabilities—including LogoFAIL, which affected billions of devices—utilizing the advanced analysis techniques now only available through the Binarly Transparency Platform.

How to get started with Binarly

TIERS
We’re here to assist in your selection process and customize a package to meet your needs.
Explore Product Packages
Arrow indicating link

Our latest

News

Binarly Releases Free Detection Tool for XZ Backdoor

Binarly, provider of an industry leading AI-powered firmware and software supply chain security platform, has created and released a free scanning tool to help defenders spot signs of the dangerous XZ backdoor (CVE-2024-3094).
Arrow indicating Link

Software Supply Chain Security Leader Binarly Closes $10.5 Million Financing Led by Two Bear Capital

Binarly, provider of an industry leading AI-powered firmware and software supply chain security platform, today announced the closing of a $10.5 million seed funding round.
Arrow indicating Link

Advisories

[BRLY-2024-002] OOB Read in Lighttpd 1.4.45 used in Intel M70KLP series firmware

BINARLY team has discovered a Heap Out-of-bounds Read vulnerability in the web server component of Intel BMC firmware, allowing a potential attacker to exfiltrate sensitive information from Lighttpd process memory.
Arrow indicating Link

[BRLY-2024-003] OOB Read in Lighttpd 1.4.35 used in Lenovo BMC firmware

BINARLY research team has discovered a Heap Out-of-bounds Read vulnerability in the web server component of Lenovo BMC firmware, allowing a potential attacker to exfiltrate sensitive information from Lighttpd process memory.
Arrow indicating Link

Articles

How an old bug in Lighttpd gained new life in AMI BMC, including Lenovo and Intel products

Binarly Research Team shows crucial risks that affect security of BMC firmware supply chain ecosystem. We’ve assigned three Binarly identifiers BRLY-2024-002, BRLY-2024-003, BRLY-2024-004
Arrow indicating Link

XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor

On March 29, right before Easter weekend, we received notifications about something unusual happening with the open-source project XZ Utils, which provides lossless data compression on virtually all Unix-like operating systems, including Linux.
Arrow indicating Link

Transform your software supply chain security strategy

Talk to our team to find out how Binarly can reduce your risk.
Let's start a conversation     
Arrow indicating link