NXP Partner Webinar: Bringing Security and Device-level Insights to IoT Products

Transcript

1. Sternum: The only
   Runtime Security
   & Deep Observability NXP partner
   All attacks NXP
   crafted were
   prevented by the
   EIV technology…
   The CPU overhead
   was less than 3%
   “
   “
   Marc Vauclair,
   Senior Security System Architect,
   Fellow, NXP Semiconductors
   Supported Products
   • i.MX 6,7,8 series
   • LPC 1,5,8 series
   • And many more
   

   View Slide

2. About me
   Natali Tshuva
   CEO & Co-Founder
   Sternum
   Computer Science Student
   (age 14)
   Reverse Engineer,
   Unit 8200 (Israel NSA)
   Exploit Designer
   Sternum Founder
   Talking to you
   today!
   Forbes 30 under 30
   1. Top 10 VCs
   2. Track record includes Slack, Trello, JFrog,
   Fireblocks, Checkpoint, Twitter
   Working with Leaders
   Backed by Top Investors
   Best IoT Product Award
   

   View Slide

3. 1.5
   Billion
   IoT device breaches in 6
   months
   IoT devices connect to the
   internet every second
   Global IoT security
   spending by 2023
   $1.1
   Trillion
   Source: IoT Analytics, Gartner, Statista
   The Rise Of IoT
   127 New
   Devices
   

   View Slide

4. ENTERPRISE DEVICE MANUFACTURERS
   Core to Business
   Reputation Implications
   Financial Impact
   INFRASTRUCTURE
   Loss of control
   Physical harm
   The easiest entry point
   NOT SO SIMPLE.
   IOT DEVICES ARE THE MOST
   VULNERABLE & CONSEQUENTIAL ASSET
   

   View Slide

5. IOT Limitations
   ● Limited resources
   ● High diversity
   ● 3rd party & supply chain dependencies
   ● Relies on patching and perimeter defenses
   ● No on-device (EDR/XDR-like) solutions
   Implications
   ● Manufacturers caught in expensive “cat and
   mouse” game with security patches
   ● Devices have no proactive protection from
   zero-day threats as well as known vulnerabilities
   ● 3rd party software vulnerabilities open the door to
   supply chain attacks
   ● High overhead requirements force engineers to
   make tradeoffs between security and performance
   IoT Security Solutions are
   Falling Behind
   

   View Slide

6. LIMITED OPTIONS:
   REACT. PATCH.
   CVE-2022-20699
   STACK OVERFLOW
   VULNERABILITY
   Exploit publicly available
   Direct access from the
   Internet
   HACKER ON
   THE INTERNET
   FULL
   ENTERPRISE
   NETWORK
   EXPOSED
   CHANGE CONTROLS
   LATERAL MOVEMENT
   RANSOMWARE
   DISRUPT SERVICE
   Complete takeover on the
   VPN/Gateway
   ACCESSES THE NETWORK
   AND DEVICES
   CISCO RV340 BUSINESS CLASS ROUTER
   Exploitation Video: https://youtu.be/O1uK_b1Tmts
   Hacker View: Cisco Router
   No prevention on-device. No search for indicators of attack.
   

   View Slide

7. IOT Limitations
   ● Black box effect - no device-level
   visibility, once shipped
   ● No standardized observability or
   application monitoring solutions
   ● Lack of resources including bandwidth
   needs more accurate and effective
   solutions
   ● Massive amounts of logs makes it harder
   to generate insights
   Implications
   ● No visibility into performance, and security
   events in-field
   ● No way to proactively address emerging quality and
   security issues
   ● Partial data delays root cause analysis resulting
   in high MTTRs
   ● Remote debugging is difficult and resource intensive
   ● Lack of usage insights hinders data-driven innovation
   Limited Observability
   What You Can’t See CAN Hurt
   

   View Slide

8. Sternum Universal On-Device IoT Platform
   How we can help:
   Make devices secure by
   design and in real-time,
   and cut down on
   patching costs
   Full endpoint protection to all
   RTOS & Linux systems.
   Embedded
   Security
   Get granular
   device-level visibility
   and view of fleet-level
   trends and anomalies
   Portable, C-only lightweight SDK;
   Coupled with advanced cloud
   portal and AI.
   Real-time
   Observability
   Reduce MTTR by
   streamlining root cause
   analysis and speeding
   up debugging
   AI that flags bugs, malfunctioning
   and security alerts, works on user
   defined data.
   Understand
   Changes
   

   View Slide

9. SECURITY
   RASP-like security , purpose-built for IoT
   

   View Slide

10. • Agentless low-overhead solution
    • Mitigation of known and zero-day threats
    • Supply chain protection (3rd-party code
    and libraries)
    • Live attack information
    • Security for gated and isolated devices
    • Seamlessly works with both Linux &
    RTOS devices
    • CI/CD and IDE integration
    Embedded Runtime. Security Hooks Across Software
    “All attacks NXP crafted were prevented by the EIV technology”
    Marc Vauclair, Senior Security System Architect, Fellow, NXP Semiconductors
    

    View Slide

11. Exploitation Fingerprint™ Patented Technology
    Sternum Is Uniquely Able to Deliver Benefits of EPP/XDR & RASP
    How we do it
    Memory override
    (stack, heap, data)
    Manipulation of
    execution flow
    Memory
    corruption
    Injection of
    malicious code
    Information
    leak
    

    View Slide

12. CVE-2022-20699
    STACK OVERFLOW
    VULNERABILITY
    Exploit publicly available
    HACKER ON
    THE INTERNET
    NO REACTION REQUIRED
    NOTIFICATION SENT
    FORENSICS SHARED
    VISIBILITY INTO BIGGER PICTURE
    DEVICE INTEGRITY MAINTAINED
    Manufacturer View
    Power flips
    OPERATIONAL VISIBILITY
    ENRICHED DEVICE DATA
    WORKFLOW AUTOMATION
    (SIEM, XDR, SOAR, ITSM)
    API INTEGRATION
    Power flips + added services
    

    View Slide

13. OBSERVABILITY
    Seeing inside the “Black Box”
    

    View Slide

14. • Out-of-the-box efficiency, encryption
    and analytics for Linux, Android,
    baremetal OS, Zephyr, FreeRTOS,
    Micrium, VxWorks and more
    • All data automatically synchronized
    with Sternum cloud and anomaly
    detection is activated on them
    Sternum’s Observability SDK Initialization & Usage
    Observability SDK
    Customizable data collector
    (traces, metrics, logs)
    Sternum Platform
    Cloud-based advanced
    detection system
    Customized Analytics,
    Alerts & Anomaly
    Detection
    

    View Slide

15. ● User interaction with devices (button clicks, etc.)
    ● Errors, logs and debug information
    ● Battery health and charging status
    ● Resource consumption (e,g,m CPU or memory)
    ● Temperature or pressure levels
    ● Loop time(s) for critical functions
    ● Application inner operations - doses, functionalities,
    arguments, metrics
    ● Network/cellular connectivity status and usage,
    open ports, IP addresses
    ● Status of update requests and certificate validations
    ● Crash and reboot reports
    And more
    Granular Device-Level Visibility
    Collect any type of data and understand changes with ease
    

    View Slide

16. Above: Example of loss of communication spotted by AI, that - if
    not caught on time- could lead to security or performance issues
    OBSERVABILITY BENEFITS
    ● Preemptive detection of emerging
    quality issues
    ● Understanding of hidden
    dependencies
    Extra Set of Eyes
    Keeps you one step ahead
    Get to Root-Cause of issue quicker
    SECURITY BENEFITS
    ● Discovery of security blindspots
    ● Alerts about suspicious activity
    (e.g., DDoS or brute force)
    

    View Slide

17. DEVELOPMENT
    POST-MARKET
    Uncovered security flaws and code
    vulnerabilities early in the product life cycle.
    (Memory Leak found)
    Quickly resolved persistent BT disconnect issue
    Access to live device-level information helped quickly
    identify and troubleshoot devices in the field
    40-50%
    workload reduction
    thru less patchwork, freeing up
    resources
    Improved
    patient safety
    lower cyber-risks and improved
    product quality
    >$6m annual
    cost savings
    fewer CAPAs and test/certify/patch
    cycles
    Faster
    time-to-market
    sped regulatory approval saving
    millions in deferred revenues
    Use-Case: When it all comes together
    Security and Observability Magic
    Sternum’s solution saves us time, manpower and money. Being able to
    lean on Sternum for active mitigation is a game changer and the data
    insights help us build better products and make better decisions.
    “
    ”
    KYLE ERICKSON, PRODUCT SECURITY DIRECTOR AT MEDTRONIC
    

    View Slide

18. Improve Product Performance, Quality & Security
    at Every Step
    Build > Operate > Innovate >
    Spot security gaps with code
    and memory profiled in runtime,
    in development
    Use granular device-level
    insights to resolve issues faster
    and improve engineering
    velocity
    Make 3rd party libraries safe to
    use, allowing engineers innovate
    with confidence
    Simplify deployment and
    management with fleet-wide
    visibility
    Catch emerging issues with
    AI-powered anomaly detection
    Speed up remote debugging
    with continuous stream of live
    in-field data
    Focus on innovation by
    streamlining compliance and
    patch management
    Make device security and
    performance tangible for end
    users
    Leverage activity insights to
    inform future design choices
    

    View Slide

19. [email protected]
    

    View Slide

20. Demo with NXP LPC55S69 MCU
    Up Next
    

    View Slide