It is estimated that 20 percent of all industrial control systems have critical security issues. Embien, being a cyber security service provider has incorporated security as a part of its design process, right from requirement gathering to product deployment and on-field maintenance. Our engineers are trained to incorporate cyber security as a part of their thought process. While this is achieved with minimal effort in the product designs, we do, we also help customers improve the security quotient of the devices that they have already developed.
Embien believes Cyber-security for embedded IoT devices should be incorporated as a process in the product design methodology. We have helped numerous customers adopt security-centered development processes and performed security audits for their system. With rich experience in various cyber-security tools like Black Duck, we have helped identify vulnerabilities like Buffer overflow, input validation, argument handling etc. Apart from various embedded device OS hardening techniques, we employ compiler defenses mechanisms such as executable space protection, address space randomization, stack checks and code obfuscations to further protect the system.
Industry-standard security certifications - Common Criteria, FIPS 140, ISO/IEC 15408
Expertise on open source and commercial tools like SonarQube, Black Duck etc.
Image Signing, Code signing, Firewalls, ACLs, disk encryption, Secure Elements
Linux Security Modules like AppArmor and SELinux for Linux and Android systems
Our vulnerability assessment and penetration testing services help identify potential threats and vulnerabilities in the system. Our Security Audit team can methodologically analyze the product, its architecture and design, and identify vulnerabilities. We can help visualize the potential attack vectors for the device based on its interaction with the external world. With our out of box thought process, we can help secure against physical attacks and hacks as well.
We also have a rich partnership ecosystem where our partner labs can help in Cryptographic analysis, Environmental testing, Tamper-evident mechanisms testing, Side-channel analysis, Fault injection testing and Reverse engineering analysis. Our CISAs (Certified Information Systems Auditors) and consultants has rich experience in Cybersecurity risks and mitigation and help chalk out risk classification and mitigation strategies, disaster recovery mechanisms, leverage standard frameworks available and the Security Information and Event Management (SIEM).