Today is becoming security day for me. I am still listening to a press conference live from Silicon Valley–Wind River and McAfee are partnering to put McAfee security on embedded devices powered by Wind River operating systems. McAfee is in the process of acquisition by Intel, a fact which has spurred it to be able to scale its application to the size required by embedded devices.
The companies’ executives see this as an opportunity for their OEM customers to achieve product differentiation through added security.
Meanwhile, I received a paper written by Torsten Rössel is the Director of Business Development for Innominate Security Technologies AG in Berlin. Innominate is a Phoenix Contact business that has a security device dubbed mGuard. It has been tested by a university and found to be effective against–among other things–the infamous Stuxnet. This is interesting and worth checking out.
From his whitepaper:
“Due to the difficulties of deploying antivirus software on industrial PCs and with the timely provision of malware signatures, alternative techniques of integrity assurance are gaining relevance and acceptance for the protection of industrial systems. The mGuard CIFS Integrity Monitoring method, for instance, provides monitoring of configurable sets of files on PCs for unexpected modifications of executable code (CIFS or Common Internet File System denoting the file sharing protocol used by Windows and other operating systems). When initialized, it computes a baseline of signatures for all monitored objects and then periodically checks them for any deviations. This process works without any external provision of virus signatures, without the risk of disrupting operations through “false positives,” without installation of software, and with moderate load on the monitored PCs, by utilizing the processing resources of an mGuard security appliance. In this way, suspect modifications are reliably discovered and promptly reported via SNMP and E-mail to network management systems or responsible administrators.
“In a test study performed at the University of East Westphalia-Lippe in Germany, researchers from the independent inIT Institute for Industrial IT (www.hs.owl.de/init/en/) have been able to verify that mGuard CIFS Integrity Monitoring recognized infections with Stuxnet and would have done so on day zero of its exploit. It would have unveiled the unexpected manipulations by the worm and warned asset operators about them long before any commercial antivirus product. Both the device drivers installed by Stuxnet as well as the modifications performed by the worm on the pivotal SIMATIC Manager DLL were immediately discovered in the process. And while antivirus products need frequent, continuous pattern updates – mGuard CIFS Integrity Monitoring does not need any patterns at all.”
