By Eric Brown
Security startup VDOO has launched its ERA (Embedded Runtime Agent), which it claims is the first auto-generated runtime agent designed to offer security protections directly on Linux-based IoT devices. The ERA agent is claimed to offer more optimized and timely protection of IoT devices than is available from typical top-down enterprise security solutions. A runtime agent like ERA is better equipped for securing highly diversified IoT devices, says the Israel-based company.
As explained in this CRN story, VDOO secured $13 million from Dell and other investors a year ago to help produce a growing stable of security software. Its major offering is a Vision security analytics platform, which is integrated with ERA.
Vision is used to scan and analyze the firmware of the device to identify vulnerabilities and provide optimized security recommendations. Vision then auto-generates a security plan that enables the developer to tailor the ERA agent for the device to reduce unnecessary overhead and better protect against specific vulnerabilities.
Available for Linux and Android, with FreeRTOS support in beta, ERA supports Arm, x86, and MIPS devices. Its footprint is less than 1MB and it consumes less than 1 percent of CPU overhead, says VDOO.
The ERA agent can run in a “Prevent” mode that blocks attempted attacks before logging them, or in an “Alert Only” mode that sends alerts about attempted attacks, but without blocking them. VDOO is working on a “Learning” mode that analyzes device behavior in order to automatically suggest the most suitable protection policy.
ERA can protect against zero-day vulnerabilities, man-in-the-middle attacks, and bricking and reverse engineering schemes. The agent can block “malicious modification, theft, and ransoming of user data, device configuration, and binaries,” as well as massive DDoS attacks that use “a botnet, mine Blockchain, or crack passwords hashes,” says VDOO.
The agent can protect against lateral movement exploitation strategies that hijack devices in order to attack other networked devices, says VDOO. The agent has been successful in stopping recent malware including DirtyCOW, Mirai, VPNFilter, Torii, and Chalubo.
ERA is primarily aimed at OEM device manufacturers but can also be used by IT departments to protect existing IoT devices. The software can be added to existing firmware stacks as part of an update. Customers can send locally stored logs to a Syslog/SIEM server or an ELK Stack. They can also define custom whitelists or blacklists.
VDOO | www.vdoo.com