XGuard Suite

End-to-End Security for Connected Devices

Karamba Security’s XGuard Suite is a set of embedded software modules, catering to today’s and tomorrow’s IoT security risks. XGuard enables automotive OEMs and IoT device manufacturers to meet industry regulations, without delaying their product release schedules.

XGuard's' core value proposition is integration on the device firmware binary-level, without introducing changes to R&D, and with minimal performance impact of 1% to 5%, depending on the security modules applied.

XGuard is application agnostic. It supports 13 different operating systems and 7 microcontroller architectures.

XGuard Device Security

The embedded agent – seamlessly embedded or bolt-on to the device firmware – allows for a simple and fast deployment of various required security features, such as Allow List, anti-file tampering, and control-flow integrity. Integrated during the firmware build, or as a bolt-on to existing firmware version, XGuard does not interfere with development or release processes: hence, it does not delay product release schedules.

XGuard Onboard Security

Tailored to the automotive industry, XGuard Onboard Security provides underlying security enablers and a set of controls needed to protect automotive systems and communication. Modules include Secure Boot, HSM utilization, cryptographic libraries, secure storage and AUTOSAR SecOC.

XGuard for Containers and VMs

Preparing for the software-defined IoT era, XGuard extended its security modules to harden containers and virtual machines (VMs), assuring that the container/VM as a whole is instantiated from an image that was not tampered with, in addition to securing specific applications during runtime.

XGuard Monitor

Enables continuous monitoring of security indicators for automated anomaly detection, for both cybersecurity incidents and system health. The resulting data can be examined in the form of customizable dashboards, for individual devices and at the fleet level.

Attacks Addressed by XGuard® Suite

Attack types that XGuard protects against

Advantages of the XGuard Suite

End-to-End Product Security

From the Design stage, through Deployment, Maintenance, and End of Life, XGuard is an essential factor in the Product Security journey.

The embedded agent's CFI, allow-list and access control validations are integrated during the device's firmware build, while Onboard Security and SecOC extend protection to the system level. Event reporting allows for continuous monitoring and mitigation of weaknesses.

Seamless Integration

The XGuard agent is integrated as part of the firmware build toolchain. XGuard can be used in both off-the-shelf and proprietary build environments. Embedding of the validation code into the product binaries is automatic, so that no developer intervention is needed during the software development lifecycle. Verification and validation are likewise unchanged. The product software image is tested with XGuard embedded into it, so that no additional tests are needed for separate security controls.

Negligible Performance Overhead

XGuard technology is designed for restricted embedded systems, with low CPU and memory consumption, and all the way to Docker-based Linux systems. The agent takes up under 5% CPU overhead and memory size – often even less than 1% – and about 10% of the flash size. Optimized for connected automotive systems, this patented method enables runtime protection with no CAN network overhead.

A Broad Attack Spectrum

With a complete set of security controls, the XGuard platform deployed on each ECU provides the foundation for a secure connected vehicle.

Deterministic

The “known good” approach and encryption stack provides deterministic software integrity and secure communication across the device network, reducing risk and investigation time.

Deep Forensics

XGuard has the unique ability to record and report deep root-cause-analysis details to security forensics, shortening the cycle between security incidents and software updates to prevent 0-day and 1-day exploits.

Learn more about XGuard Suite Solutions

XGuard for Automotive

Read about the products of XGuard Suite and how they protect automotive systems and devices.

XGuard for IoT Device Security

Read about the products of XGuard Suite and how they protect IoT devices.

Application and Access Control

Learn more about XGuard’s file protection, application allow-list, and other anti-malware measures.

Contact us to discuss the XGuard Suite

Want to learn more?

Israel

24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113

USA

41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA

Germany

Wasserburger
Landstr. 264, Munich
81827
Tel: +49 892 1547 7583