VDOO Embedded Runtime Agent Brings Cloud-based Firmware Security Analysis to Connected Devices

January 23, 2019 Brandon Lewis

VDOO has released its Embedded Runtime Agent (ERA), a connected device security agent that analyzes device firmware binaries for security vulnerabilities. The VDOO agent pairs with the company’s Vision Analysis Platform to provide ongoing scanning of device binaries with minimal impact on system performance or functionality.

The VDOO Vision Analysis Platform is a web-based service that performs automatic analysis of device firmware, using industry standards like the Common Vulnerability Scoring System (CVSSv3) to detect known and unknown vulnerabilities. The ERA agent extends these capabilities to the device itself, providing a range of post-deployment protection mechanisms and enables users to implement “detect” or “block operation” modes.

VDOO ERA prevents:

  • Exploitation of zero-day vulnerabilities to execute unauthorized code on the device
  • Malicious modification, theft, and ransoming of user data, device configuration, and binaries
  • Lateral movement into the device’s network for attacks on users, other devices, and network components
  • Bricking of the device’s hardware and software
  • Abuse of the device resources to perform massive DDoS attacks as part of a botnet, mine Blockchain, or crack passwords hashes
  • Man-in-the-Middle network-based attacks throughout the device protocol stack
  • Reverse engineering of the device security mechanisms and IP

In addition to runtime protection against zero-days, malware, and known attack methods, VDOO ERA can also communicate with network security solutions like security information and event management (SIEM) software, firewalls, and network access control (NAC) programs to enhance IoT network security.

“While the VDOO analysis solution, Vision, provides the ultimate tools to properly implement security building blocks and mitigate threats on connected devices, attack methods always evolve and one must have evolving countermeasures that can deal with the unknown,” said Netanel Davidi, co-founder and co-CEO at VDOO. “For that we offer ERA, the first and only runtime security solution for IoT that takes in account each devices’ specific attributes and threat landscape.”

Once a device has been analyzed, the VDOO platform provides detailed remediation guidance on how to properly implement security features. Once implemented, the platform validates the device’s security and provides a digital certification.

VDOO offers a Certified Security Engineer (VCSE) Program to help engineers learn how security should be integrated into IoT device development. These formal, hands-on training sessions are designed to provide attendees with insight into security threats, implementation and testing methodologies, and the fundamentals of designing secure IoT devices.

More information on ERA, the Vision Analysis Platform, and VCSE program can be found at www.vdoo.com.

 

About the Author

Brandon Lewis

Brandon Lewis, Editor-in-Chief of Embedded Computing Design, is responsible for guiding the property's content strategy, editorial direction, and engineering community engagement, which includes IoT Design, Automotive Embedded Systems, the Power Page, Industrial AI & Machine Learning, and other publications. As an experienced technical journalist, editor, and reporter with an aptitude for identifying key technologies, products, and market trends in the embedded technology sector, he enjoys covering topics that range from development kits and tools to cyber security and technology business models. Brandon received a BA in English Literature from Arizona State University, where he graduated cum laude. He can be reached by email at brandon.lewis@opensysmedia.com.

Follow on Twitter Follow on Linkedin Visit Website More Content by Brandon Lewis
Previous Article
Modular gateway computer for DIN rail mounting
Modular gateway computer for DIN rail mounting

The MC50M is a modular gateway computer and part of the DIN rail family from MEN. The box is based on Intel...

Next Article
How to Establish an Effective Data Quality Policy for Your Business

By focusing on ad-hoc incident resolution, organizations struggle to identify and address recurring data qu...

How to Develop Cross-Industry IoT Interoperability

Multi-Part Series