SOLUTION BRIEF QUANTUM IOT PROTECT FIRMWARE Build secure-by-design IoT devices with the most complete end-to-end solution for all your firmware security needs. Assess risks, harden your firmware and manage policies at the device level.

GREATER CONNECTIVITY LEADS TO GREATER RISK CHECK POINT IOT PROTECT FIRMWARE

From connected medical devices through IP cameras, to Quantum IoT Protect Firmware provides embedded industrial robots, IoT devices are extremely vulnerable device manufacturers with a complete end-to-end and may be targeted to disrupt services and operations, solution for all their firmware security needs. yield financial gains (e.g. ) or as a way to gain a foothold into sensitive networks. From uncovering firmware security risks, to hardening their device with runtime protection, to managing The main reasons for these device vulnerabilities are: their devices with granular policies, IoT makers gain the visibility, security and controls they need to offer • Limited security expertise and knowhow among customers highly-secure connected products. device makers, as it relates to developing products that are secure by design By embedding security into devices and rs e vices, manufacturers of IoT devices can differentiate their • Direct-to-Internet connections make devices easily offering, manage device security and build user accessible over the web, often without any security confidence in an ever-evolving cyberphysical world. countermeasures in place and no control by device makers over their deployment

• Usage of vulnerable 3rd party supply chain componenets

• Devices are unmanaged and often can’t be updated for fixes

©2021 Check Point Software Technologies Ltd | All rights reserved 2. The assessment runs on the binary image DESIGN WITH SECURITY, DEPLOY WITH CONFIDENCE 3. A comprehensive report is generated with mitigation recommendations

Quantum IoT Protect Firmware empowers developers An API is available to include the process in CI/CD and manufacturers to secure smart devices in three pipelines. simple steps: Report Insights First, use the Quantum IoT Protect Firmware Risk Assessment service to evalu ate y our device The assessment provides the following insights: vulnerabilities and produce a hardened, more secured device for your customers. • Weak credentials: Easily brute-forced or publicly available credentials. Second, integrate the Quantum IoT Protect Nano Agent to protect workloads and provide • Known vulnerabilities: List of all CVEs classified customers with confidence in their ability to based on their severity and attack vector (network/ defend against cyber-attacks at the device level. physical attack). • Suspicious listed domains and IPs Third, define and enforce policies for devices secured • Hardcoded security flaws, such as by the IoT Protect Nano Agent from the Ini\finity Next cloud-based management portal, to control misconfiguration. device communications, set security practices and gain full alerting, logging and monitoring Read a sample report to get a preview of the scope of capabilities. information generated, or get started with free trial.

CHECK POINT IOT PROTECT FIRMWARE RISK ASSESSMENT Firmware Assessment Technical Specifications

• Binary firmware: no need for source code. Pre-emptive Discovery of IoT Device Vulnerabilities • OS: all linux flavors, including Android and Linux based Real-Time OS variants (that include a standard file Quantum IoT Firmware Risk Assessment lets you quickly system). run an automated security analysis for any device-specific • Platforms: binaries compiled for ARM32/64, x86, MIPS, firmware, to uncover security flaws and fix them ahead SPARC, PowerPC. of mass production. • Up to 1.5 GB size (not encrypted or compressed with The assessment generates a report that lays out key proprietary algorithms). security flaws associated with the device (including embedded third-party supply-chain components) along with practical recommendations to mitigate risks.

How It Works

The IoT Firmware Risk Assessment is completed in three simple steps:

1. The device’s binary image is uploaded, without exposing any source code

©2021 Check Point Software Technologies Ltd | All rights reserved • Minor impact on device performance CHECK POINT IOT PROTECT NANO AGENT CPU: < 10% Memory: < 10% Storage: 1-50 MB (depending on security policies Embedded Runtime Protection for IoT and OT devices installed)

With the Quantum IoT Protect Nano Agent, runtime Supported Technologies protection technology provides IoT and OT devices with • Linux over ARM32/ARM 64 built-in-security against zero-day attacks regardless • Additional OSs coming soon of where they are or how they are deployed, blocking attacks such as: Supported Environments

• Memory corruption • Internet connected or isolated devices • Shell injection • Cloud-based solution (Infinity NEXT platform) or • Import table hijacking on premises (fog architecture) • Control flow hijacking For a firsthand look at how Quantum IoT Protect These attacks are associated with some notorious Nano Agent works, sign up for a demo here. exploits such as EternalBlue, , Shellshock, Bluebourne, Ghost, Venom and ImageTragick.

Benefits • Runtime protection • Block known and unknown (zero-day) attacks • No need for source code (binary only) • 100% firmware coverage (including 3rd party components) • Minimal impact on device performance • Easy consolidated management, visibility and logging with Infinity NEXT

Technical Specifications - Simple implementation process

• No need for source code – Hardening requires only the firmware binary image file. • Lightweight and easy to embed - Nano-agent can DEVICE-LEVEL MANAGEMENT WITH INFINITY NEXT be streamlined into your existing development pipelines, one-step before mass production and release to the market. With the Infinity Next cloud-based management portal, • Device agnostic – Same solution for all devices. you can manage policies for devices secured by the • API – Open API supporting friendly DevOps methods IoT Protect Nano Agent.

©2021 Check Point Software Technologies Ltd | All rights reserved Management API PART OF CHECK POINT INFINITY • Open Management API available on swagger.io • Supports internet-connected devices and devices Check Point Solutions for IoT Cyber Security are part in air-gapped environments of Check Point Infinity, the only fully consolidated cyber security architecture that protects your business and Define and Enforce Policies IT infrastructure against Gen VI multi-vector ‘Nano’ cyber-attacks across networks, IoT devices, endpoint, • Control IoT network communications to and from cloud and mobile. the device • Set security practices for devices protected by the The architecture is designed to resolve the complexities Nano Agent of growing connectivity and inefficient security, and provides complete threat prevention, automated threat Monitor intelligence sharing across environments, and a unified security management for efficient security operations. • Full reporting, logging and alerting • Easily integrate with leading SIEMs Check Point Infinity delivers unprecedented protection • Unified console for IT and IoT device-level management against current and potential attacks—today and in

the future. Infinity Next is a cloud-based Gen VI security framework for protecting digital blueprints including Cloud, Network, Endpoint, Mobile and IoT. Its asset-centric approach lets you map your inventory of Nano Agent-protected IoT devices and their attributes, and apply specific security practices such as compliance, access control and threat prevention.

©2021 Check Point Software Technologies Ltd | All rights reserved