Product News Tech News

Runtime Security Agent Tailors Itself to Each Linux-based IoT Device

By Eric Brown

Security startup VDOO has launched its ERA (Embedded Runtime Agent), which it claims is the first auto-generated runtime agent designed to offer security protections directly on Linux-based IoT devices. The ERA agent is claimed to offer more optimized and timely protection of IoT devices than is available from typical top-down enterprise security solutions. A runtime agent like ERA is better equipped for securing highly diversified IoT devices, says the Israel-based company.

As explained in this CRN story, VDOO secured $13 million from Dell and other investors a year ago to help produce a growing stable of security software. Its major offering is a Vision security analytics platform, which is integrated with ERA.
Vision is used to scan and analyze the firmware of the device to identify vulnerabilities and provide optimized security recommendations. Vision then auto-generates a security plan that enables the developer to tailor the ERA agent for the device to reduce unnecessary overhead and better protect against specific vulnerabilities.

Available for Linux and Android, with FreeRTOS support in beta, ERA supports Arm, x86, and MIPS devices. Its footprint is less than 1MB and it consumes less than 1 percent of CPU overhead, says VDOO.

The ERA agent can run in a “Prevent” mode that blocks attempted attacks before logging them, or in an “Alert Only” mode that sends alerts about attempted attacks, but without blocking them. VDOO is working on a “Learning” mode that analyzes device behavior in order to automatically suggest the most suitable protection policy.

ERA can protect against zero-day vulnerabilities, man-in-the-middle attacks, and bricking and reverse engineering schemes. The agent can block “malicious modification, theft, and ransoming of user data, device configuration, and binaries,” as well as massive DDoS attacks that use “a botnet, mine Blockchain, or crack passwords hashes,” says VDOO.

The agent can protect against lateral movement exploitation strategies that hijack devices in order to attack other networked devices, says VDOO. The agent has been successful in stopping recent malware including DirtyCOW, Mirai, VPNFilter, Torii, and Chalubo.

ERA is primarily aimed at OEM device manufacturers but can also be used by IT departments to protect existing IoT devices. The software can be added to existing firmware stacks as part of an update. Customers can send locally stored logs to a Syslog/SIEM server or an ELK Stack. They can also define custom whitelists or blacklists.

Further information

The ERA agent is available now at an undisclosed price. More information may be found in VDOO’s ERA announcement and product page.

This article originally appeared on on January 22.


Keep up-to-date with our FREE Weekly Newsletter!

Don't miss out on upcoming issues of Circuit Cellar.

Note: We’ve made the Dec 2022 issue of Circuit Cellar available as a free sample issue. In it, you’ll find a rich variety of the kinds of articles and information that exemplify a typical issue of the current magazine.

Would you like to write for Circuit Cellar? We are always accepting articles/posts from the technical community. Get in touch with us and let's discuss your ideas.

Sponsor this Article
Website | + posts

Circuit Cellar's editorial team comprises professional engineers, technical editors, and digital media specialists. You can reach the Editorial Department at, @circuitcellar, and

Supporting Companies

Upcoming Events

Copyright © KCK Media Corp.
All Rights Reserved

Copyright © 2024 KCK Media Corp.

Runtime Security Agent Tailors Itself to Each Linux-based IoT Dev…

by Circuit Cellar Staff time to read: 2 min