Securing The Enterprise Edge

Guarding the gateway between enterprise systems and attackers

What Is The Problem?

The modern network no longer has a well-defined perimeter. Cloud, mobile and now IoT are punching holes in perimeter security and providers of edge devices are prime targets for attack. By compromising an edge device, hackers can open multiple enterprise targets. Edge devices like printers and routers are major targets for Massive Remote Code Execution, and attract some of the fiercest attacks.

Take for example, the MFP (multi-function printer). A highly sophisticated, connected system that can print, copy, scan, email and fax over external and internal networks in an on-premise or managed service set-up. These devices have access to confidential company information and personally identifiable information and provide hackers with access to sensitive corporate assets. A compromised multi-function printer that opens a gateway for attackers is a nightmare scenario that could affect thousands of enterprises.

How Karamba Secures

Automatically building security into the connected system is the foundation of Karamba Runtime Integrity technology for the automotive world. Now, addressing the Enterprise Edge, the XGuard suite provides unparalleled self-protection against device control loss. Buffer overflows can result in foreign malicious code or code reuse (such as return-oriented programming) attacks which can be self-detected and self-blocked with Karamba XGuard.

After the attack is detected and blocked, XGuard provides a detailed report of the attack to the device manufacturer.

Automatically embedding cybersecurity into endpoints - including Enterprise Edge devices – has always been a sought-after goal, but it has been hindered by performance restrictions. Karamba’s solution allows manufacturers to automatically apply this technology to seal systems during production. Furthermore, Karamba’s solution has proven to have negligible performance impacts in the resource constrained in-vehicle environment.

Enterprise Edge animation

Deterministic Security

Self-protection is a new paradigm in Security by Design, which aims to detect and prevent attacks in runtime. The factory settings of security policies are defined in the software build process, including the “known good” which the system needs to adhere to.

Any modification from the product’s automatically-built security policy is detected as a violation that can be blocked by the device itself and reported for further investigation or other configurable auto-behavior.

Edge Devices

Zero-Day and Day-One attack prevention. The concept of sealing the device according to its known good enables the connected device to protect itself from cyberattacks.

Deviations from the device's known goods must not be allowed. They are deterministically detected and prevented. This approach enables users to detect and prevent new attacks and does not require security updates.

Benefits

ECU Protects Itself

Self-Operating

No developer intervention or changes required, nor any alterations to current software tools and lifecycle. Karamba Runtime Integrity runs independently at all times – out of sight and out of mind.

Zero False Positives

Negligible Performance Impact

Karamba XGuard uses a patented method to integrate into your device and is capable of providing runtime integrity validation with minimal performance impact of less than 5% on CPU and 10% image size on disk.

Supports all ECUs

Designed For Embedded Systems

Karamba’s security solution was forged in the quality-oriented, heavily-regulated automotive industry. It is easy to deploy, blocks highly-sophisticated attacks and requires no additional manpower or equipment. With Karamba’s comprehensive solution, security is built-in.

Resources

Figure

White Paper

What is autonomous security and how does it provide superior runtime integrity protection? In this white paper, we explain how deterministic methods harden the runtime environment to prevent system hacking.

Figure

Datasheet

Karamba’s platform features CFI, whitelisting, on-premise or cloud-based management, customizable reporting and forensics. Plus it’s easy to deploy, and supports almost any platform, build environment, and architecture.

Figure

Runtime Integrity at a Glance

How does Karamba prevent hacking attempts? See a diagram of connected systems cybersecurity. Learn how Karamba eliminates the risks of false positives, performance drag, and security gaps.

Want to Talk Enterprise Edge Security? Drop Us a Line

Want to learn more?

Contact Us
Loc

USA

41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 248-574-5171

Loc

Israel

24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113

Loc

Germany

Wasserburger
Landstr. 264, Munich
81827
Tel: +49 151 1471 6088