Securing IoT Devices

Guarding the IoT from attackers

What Is The Problem?

IoT merges the physical and IT worlds. Connected medical devices, printers, surveillance cameras, and smart factories, have no well-defined perimeter. Cloud, mobile and world-wide-web connectivity are punching holes in perimeter security, and enable hackers to gain access to those connected devices, jeopardizing data privacy and customer safety.

Product security standards such as NISTIR 8259, UL2900, US Executive Order 14028, and FDA endpoint directives require product manufacturers to protect their devices against cyberattacks, and assure supply-chain security. Applying those cybersecurity requirements have a significant toll on R&D processes -- hence time-to-market and revenue loss impact -- as well as on the device architecture.

How Karamba Secures IoT Devices

Automatically building security into the connected system is the foundation of Karamba Runtime Integrity technology for the automotive world. Addressing the broad IoT market, the XGuard suite provides unparalleled self-protection against device control loss. Buffer overflows can result in foreign malicious code or code-reuse attacks (such as return-oriented programming) which can be self-detected and self-blocked with Karamba XGuard.

After the attack is detected and blocked, XGuard provides a detailed report of the attack to the device manufacturer.

Automatically embedding cybersecurity into endpoints has always been a sought-after goal, but it has been hindered by performance restrictions. Karamba’s solution allows manufacturers to automatically apply this technology to seal systems during production. Furthermore, Karamba’s solution has proven to have negligible performance impacts in the resource constrained in-vehicle environment.

Enterprise Edge animation

Deterministic Security

Self-protection is a new paradigm in Security by Design, which aims to detect and prevent attacks in runtime. The factory settings of security policies are defined in the software build process, including the “known good” which the system needs to adhere to.

Any modification from the product’s automatically built security policy is detected as a violation that can be blocked by the device itself and reported for further investigation or other configurable auto-behavior.

Edge Devices

Zero-Day and Day-One attack prevention. The concept of sealing the device according to its known good enables the connected device to protect itself from cyberattacks.

Deviations from the device's known goods must not be allowed. They are deterministically detected and prevented. This approach enables users to detect and prevent new attacks and does not require security updates.

Trusted by

HP
Samsung
SolarEdge
APSystems
Stanley
Hitachi
LSE
HP
Samsung
SolarEdge
APSystems
Stanley
Hitachi
LSE
HP
Samsung
SolarEdge
APSystems
Stanley
Hitachi
LSE

Benefits

ECU Protects Itself

Self-Operating

No developer intervention or changes required, nor any alterations to current software tools and lifecycle. Karamba Runtime Integrity runs independently at all times – out of sight and out of mind.

Zero False Positives

Negligible Performance Impact

Karamba XGuard uses a patented method to integrate into your device and is capable of providing runtime integrity validation with minimal performance impact of less than 5% on CPU and 10% image size on disk.

Supports all ECUs

Designed For Embedded Systems

Karamba’s security solution was forged in the quality-oriented, heavily regulated automotive industry. It is easy to deploy, blocks highly sophisticated attacks and requires no additional manpower or equipment. With Karamba’s comprehensive solution, security is built-in.

Resources

Figure

White Paper

What is autonomous security and how does it provide superior runtime integrity protection? In this white paper, we explain how deterministic methods harden the runtime environment to prevent system hacking.

Figure

Supported Platforms

Karamba’s XGuard features CFI, whitelisting, on-premise or cloud-based management, customizable reporting and forensics. Plus it’s easy to deploy, and supports almost any platform, build environment, and architecture.

Figure

XGuard One Pager

XGuard is OS agnostic, and compatible with a wide range of platforms out-of-the-box. The platform includes both an embedded agent and cloud-based monitoring.

Contact us to discuss IoT Product Security

Loc

Israel

24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113

Loc

USA

41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA

Loc

Germany

Wasserburger
Landstr. 264, Munich
81827
Tel: +49 892 1547 7583