April 2, 2014 - Icon Labs announced Intrusion Detection and Prevention, a suite of software that can provide an umbrella of protection for a wide range of RTOS-based devices found in military, utility, industrial, medical and consumer IoT applications. In addition to protecting from a wide range of cyber-attacks, the SIEM integration provides monitoring and reporting of attacks upon the network to enable managers to help identify and track the source of the attacks. Intrusion Detection and Prevention is provided through RTOS specific threat detection and advanced packet filtering. This set of solutions provides protection from both internal and external threats whether malicious or accidental. Capabilities include:
- Detection and reporting of authentication failures
- API that enables protection and monitoring of device specific attack vectors.
- Static/rules-based filtering of ports, protocols, IP addresses, etc.
- Stateful Packet Inspection that filters packets on the state of the connection
- Threshold-based filtering which monitors packet flows to block packet floods.
- Detection of port scans and probes, which frequently indicates an impending cyber-attack.
- Protocol specific deep packet inspection for industry specific application protocols.
Enterprise connection is provided through optional extensions to connect and manage RTOS devices from enterprise policy management systems such as the US Dept. of Defense, HBSS. Both security related and device specific events can be captured and logged for reporting to a variety of corporate SIEM (security information and event management) systems. For ease in integration and development, Icon Labs also provides professional services capabilities to facilitate unique implementation projects and product development. User interface from simple command line to web to corporate policy management systems can be customized to specific engineering design requirements.