Auto-generated agents control policies based on device-specific analysis of firmware and threat model
Israeli security vendor VDOO this week debuted its Embedded Runtime Agent (ERA), an automatically generated and configured security policy controller designed to protect IoT connected devices with minimal impact on device performance.
The Lowdown: ERA uses an analysis of IoT device firmware from VDOO’s Vision analysis platform to create a custom runtime agent that provides granular security controls to defend against threats such as unauthorized code execution; malicious modification, theft, and ransoming of user data; lateral movement into a device’s network; bricking of device hardware and software; abuse of resources for things like DDoS attacks and cryptocurrency mining; and reverse engineering of device security mechanisms and IP.
The Details: ERA can be configured to run in “protect” mode to actively thwart attacks, or in “alert only” mode with logs sent to a SIEM server or to an ELK Stack. Because the agent is custom-tuned to the device’s specific needs and firmware, it generally requires less than 1MB of storage space and consumes less than 1 percent of CPU capacity. The solution runs on all flavors of Linux and Android, with FreeRTOS support due soon, officials said.
The Impact: VDOO Vision and ERA are primarily designed for IoT device manufacturers and systems integrators for use in the initial stages of device development and deployment. However, the platform can also be used by systems administrators and managed service providers to scan and protect existing systems, company officials said.
The vendor this week also launched its VDOO Certified Security Engineer (VCSE) program with training sessions on threats, security implementation and testing methodologies, and hands-on lab experience to help manufacturers and integrators build security into the development and deployment of IoT devices.
Background: VDOO launched last year with $13 million in initial venture funding led by VC firm 83North (formerly Greylock IL) with participation by Dell Technology Capital and several individual investors, including former EMC chairman Joe Tucci and Linksys founder Victor Tsao.
The Buzz: “While the VDOO analysis solution, Vision, provides the ultimate tools to properly implement security building blocks and mitigate threats on connected devices, attack methods always evolve, and one must have evolving countermeasures that can deal with the unknown,” said Netanel Davidi, co-founder and co-CEO at VDOO in Tel Aviv. “For that, we offer ERA, the first and only runtime security solution for IoT that takes into account each device’s specific attributes and threat landscape.”