HomeEnterprise SecurityServicesKaspersky Smart Technologies and IoT Security Assessment

    product-icon

    Service

    Kaspersky Smart Technologies and IoT Security Assessment

    Enhancing security of embedded systems

    GET IN TOUCH

    Download Datasheet (3 Pages)

    Overview

    Embedded systems are becoming increasingly complex. Industry has made huge strides, from highly specialized microcontroller-based components to complex interconnected solutions built on third-party SoC platforms with real-time or Linux-based operating systems communicating with each other via dozens of different protocols. This kind of rapid evolution brings tremendous versatility, but it also comes at a price: the introduction of common computing platforms in embedded systems has brought its inherent threat landscape with it.

    Kaspersky Lab offers a set of proactive security assessment services for vendors of embedded systems who want to enhance their security operations and take a pre-emptive approach against advanced threats.

    • Embedded Devices Security Assessment

      Security-level evaluation of the hardware and software components of embedded devices to identify potential vulnerabilities, misconfigurations and design issues that could be used by malefactors to compromise normal operation of the platform

    • Application Security Assessment

      Detailed security analysis of applications used to control and monitor the operation of embedded systems, including static and dynamic analysis of the application’s source code and architecture

    • Penetration Testing

      Analysis of the security of IT infrastructure that enables the operation of embedded systems, attempting to bypass security controls on behalf of various types of intruders aiming to obtain maximum possible privileges in important systems

    • Comprehensive Reporting

      A summary report detailing all discovered vulnerabilities and security flaws, with actionable recommendations for immediate resolution

    Suitable for

    In Use

    • Identify security risks in embedded devices

      • Threat modelling according to business logic and use cases
      • Manual and automated identification of vulnerabilities
      • Firmware and application source code analysis using static, dynamic and interactive approaches
      • Assessment of underlying communication protocols and existing security controls
      • Radio channels security assessment
      • Configuration analysis for operating systems and application components
      • Evaluation of implemented security measures
      • Exploitation of the revealed vulnerabilities and attack demonstration

    • Remediate application vulnerabilities leading to

      • Gaining control over an application
      • Attacks against application clients
      • Denial of service of the entire application or partial denial of service (blocking access of an individual user)
      • Obtaining important information from the application
      • Influence on data integrity

    • Prevent unauthorized access to critical network components

      As a result of the penetration testing, the following vulnerabilities (among others) may be identified:

      • Vulnerable network architecture, insufficient network protection
      • Vulnerabilities leading to network traffic interception and redirection
      • Insufficient authentication and authorization
      • Weak user credentials
      • Configuration flaws, including excessive user privileges
      • Vulnerabilities caused by errors in applications’ code (code injections, path traversal, client-side vulnerabilities, etc.)

    Let’s Start the Conversation and talk to one of our experts about how True Cybersecurity could inform your corporate security strategy, please get in touch.

    GET IN TOUCH

    We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

    Accept and Close