The market now offers numerous gateways and routers described as “secure” or “trusted”. These devices provide a wide range of technologies to protect against cyberthreats: antivirus scanners, network traffic checking, firewalls, etc. It’s important to understand that these technologies are designed to protect devices connected to the gateway, but no manufacturers are actually protecting the gateway itself. If it’s compromised, all the accompanying security technologies can be deactivated. So, if all those previous generation technologies are not enough, how do we secure the gateway?
Kaspersky’s offering – Kaspersky Secure Gateway – contains a range of technologies that allow you to take a qualitatively different approach to securing infrastructure for the industrial internet of things and smart home devices. And it can be done by using your existing hardware and your own custom firmware. Together with the best technologies for infrastructure security, it implements trusted technologies that guarantee the secure behavior of the gateway or router itself. We designed our solution to embed security modules and technologies in the device firmware so it can protect hardware with varying degrees of customization.
Kaspersky Secure Gateway provides you with the ability to implement the best security technologies and features listed below. Plus any other features or technologies that might be needed in your case.
This approach is based on a chain of trust. The initial point of trust is chosen depending on the level of guarantees required, and in the most extreme cases is set at the hardware level.
KasperskyOS is a secure operating system for embedded connected devices with specific cybersecurity requirements. KasperskyOS creates an environment where a vulnerability or bad code is no longer a big deal. Learn more about KasperskyOS
Kaspersky Security System (KSS) is a security policy verdict computation engine. It works in conjunction with KasperskyOS (or can be embedded into Linux-based firmware) that enforces KSS verdicts. Learn more about KSS for Linux
Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to processing cybersecurity-related data streams from millions of voluntary participants around the world. It delivers Kaspersky’s security intelligence to every partner or customer connected to the internet, ensuring the quickest reaction times and the lowest false positive rate, while maintaining the highest level of protection.
Secure Boot allows an IoT device to verify the integrity and authenticity of the firmware image before booting using cryptographic methods. It can utilize secure hardware key storage and detect whether the firmware image is damaged or altered. If signature or encryption checks fail, the image will not boot, and the device will automatically boot the previous “good” firmware or boot in maintenance mode. This means altered, modified, infected or damaged firmware will never start because it is not signed and encrypted with the authorized keys.
Secure Boot starts at the device boot stage before the operating system. Secure Boot checks the digital signature of the firmware to be booted. If the digital signature is correct (issued by a trusted source and the firmware is not modified), Secure Boot starts decrypting the firmware image. Successful decryption means the image was encrypted using the trusted key pair. If both steps were completed successfully, the firmware image will boot. If one of the steps fails, Secure Boot will try to boot the previous firmware image or switch to maintenance mode.
Secure Update allows the system to verify the integrity and authenticity of firmware updates using different cryptographic methods. The Secure Update feature works together with Secure Boot and ensures firmware is only updated from correctly signed and encrypted images from trusted sources.
It works as follows:
The secure update procedure is then complete.
Secure Audit is a Kaspersky OS feature called to recognize, record and store audit logs and provide guarantees that log entries cannot be altered. Secure Audit can utilize blockchain technology for distributed and secured log management.
To ensure customer networks are protected in the best possible way, we designed the Machine Learning (ML) protection mechanism, which can also be implemented on gateways or routers. ML is used to discover all network devices via passive and active analysis, understand their behavior, make a profile of each device and detect when something in the network is not functioning as intended. For example, ML can detect when a device has been hacked or is infected by malware and tries to send unusual data, or normal data to an unusual destination. ML technologies also make it possible to detect stealth malicious activity and data transfers concealed in normal traffic.
ML protection utilizes not only the gateway system resources but also uses Kaspersky Security Network Cloud ML to learn fast and make split-second decisions. The decisions are also based on the experience of other devices and services using Kaspersky products.
ML asset discovery
ML-based asset discovery technology can discover, categorize and organize all the assets in the protected network automatically. Using special fingerprint technology, our solution detects the type of device, maker’s name and model (and even firmware version) by simply analyzing specific parts (metadata) of the network traffic.
ML device behavior analysis
Once assets in the network are discovered and categorized, a specific profile is created describing the overall (healthy) network behavior of the asset. Such profiles describe how a specific device with the current firmware is behaving in the customer’s network.
ML anomaly detection
Based on ML asset discovery and device profiling, any anomaly in IoT (or IIoT) device behavior can be detected. ML anomaly detection can detect malware and botnet activity, use of your device in DDoS attacks, firmware exploitation, miners, device control interception by hackers, etc.
Before executing a new binary file, Application Control calculates its hash and connects to Kaspersky Security Network to receive the reputation trust level and security recommendations for the application. If the hash matches malicious code in KSN Database, Application Control will prevent the code from executing on the device. This technology can prevent infections of IoT devices with malware like Mirai or Bashlite.
IoT device scanner is a technology designed to discover all IoT devices in a customer’s network (e.g. IP cameras, TVs, media devices, etc.). After discovering devices, the solution scans them for vulnerabilities that can be exploited by malware or hackers. If vulnerabilities are found, special security recommendations are issued.
Depending on the purpose of your device, web filtering (for enterprise and industrial devices) or parental control (for consumer devices) technology can be applied to your firmware with the Kaspersky Secure Gateway SDK.
Kaspersky Web Filter is a technology which provides protection from phishing, malicious websites and inappropriate content.
With Kaspersky Web Filter you can classify websites according to dozens of pre-deﬁned categories, allowing you to:
With parental control installed, customers can monitor their kids’ online behavior, protect them from unwanted contacts, block their access to inappropriate content and games, manage app downloads, keep track of messages on social networks and prevent the family’s personal information from falling into the wrong hands.
US 7386885 B1, US 7730535 B1, US 8370918 B1, EP 2575318 A1, US 8522008 B2, US 20130333018 A1, US 8381282 B1, EP 2575317 A1, US 8370922 B1, EP 2575319 A1, US 9015797 B1, DE 202014104595 U1.