Green Hills Software has signed a deal with Sectigo to offer Icon Labs Embedded Firewall integrated and optimised with Green Hills’ Integrity RTOS, and its embedded TCP/IP v4/v6 host and router networking stack.

Green-Hills-Sectigo-embedded-security

“Most cyber attacks on embedded systems remain undetected until it is too late,” according to Sectigo v-p Alan Grau. “Early detection is critical as it maximises the safety of products while helping to prevent the loss of IP, disruption of services, and attacks proliferating to other portions of the system or network. Green Hills Software’s integration of our embedded firewall with Integrity RTOS will provide security technology that sounds the alarm, then stops the attack.”

The RTOS microkernel architecture is designed for critical embedded systems that need separation, security and real-time determinism – with separation assisting secure partitioning of software running at different levels of criticality.

The embedded firewall offers configurable filtering policies where rules provide control over the type of filtering performed and the specific criteria used to filter packets.

Rules can be configured for:

• Static filtering rules for IP address, MAC address, port number, and protocol number
• Block list and allow list filtering modes
• DPI filtering rules for message type, message contents, and message source
• Threshold-based filtering criteria
• Independently enabling and disabling static filtering, dynamic filtering, DPI filtering, and threshold-based filtering

“It serves as a building block for achieving EDSA compliance for embedded devices, providing support for many capabilities mandated by EDSA-311,” according to Green Hills.

Some of these capabilities are:

• Protocol fuzzing and replay attack protection
• Data flooding protection
• Denial of service protection
• Notification of attacks
• Disabling of unused ports

A log of security events and policy violations is maintained for audits and investigation, and a remote monitoring capability is available for connection to an enterprise security manager system, or other SIEM (security information and event management) systems.