嵌入式安全软件和解决方案

保护全球范围的嵌入式系统和设备的安全性

后续步骤:

概述

迈克菲嵌入式安全解决方案可帮助制造商保护自身的产品和设备,使它们免受网络犯罪的威胁和攻击。迈克菲嵌入式系统和设备安全解决方案涉及范围广泛的各种技术(包括应用程序白名单、病毒防护和恶意软件防护、设备管理和加密技术),并且所有技术均采用业内领先的 McAfee Global Threat Intelligence。我们的解决方案可进行量身定制,以满足制造商的嵌入式设备及其架构的特定设计要求。

通过采用迈克菲嵌入式设备解决方案,制造商便能够执行全套安全功能,包括:

  • 恶意软件防护 - 迈克菲应用程序白名单解决方案可防止恶意软件破坏和感染嵌入式设备。 
  • 全面威胁感知和分析 -- 迈克菲强大的全球威胁智能感知系统可在设备需要进行 Internet 访问和网络通信的任何位置提供防护,确保网络流量可供设备安全使用。
  • 强大的数据加密 -- 迈克菲嵌入式安全软件可在设备需要进行安全通信的情况下保护静态和动态数据。
  • 简化设备管理 -- 轻松监控、管理和维护大规模全球分散部署的嵌入式设备。
  • 遵守联邦和行业法规 -- 确保设备符合各项合规和监管框架。
  • 数据丢失防护 - 确保为设备敏感数据提供最高级别的保护。

Protect critical infrastructure and industrial controls

Read White Paper

Challenges and best practices for securing POS systems

Read Report

Security that’s built-in not bolted on

McAfee Embedded Control

Read White Paper

我们亟需解决的问题

  • 缺乏零日防护
    黑客和网络窃贼可创建并发行比以往任何时候都更加独特而致命的恶意软件,因此采用防止零日攻击的解决方案保护嵌入式系统势在必行。迈克菲白名单解决方案是一种应对嵌入式设备安全威胁的全新途径。
  • 未授权的生产设备软件更改
    未批准的各类嵌入式设备和装置更改不仅会产生代价高昂的系统关闭问题,还会暴露于数据丢失、设备意外失控,以及各种监管罚款和处罚威胁。应用程序白名单和更改控制有助于预防这些问题及提高设备安全性。
  • 与设备安全问题相关的高昂合作伙伴支持成本
    未授权设备更改可能会迫使制造商浪费资源解决系统错误和故障。强大的设备更改控制功能可帮助确保不必再将支援卡车运送到客户厂房。
  • 常见的昂贵操作系统补丁程序
    每天不断发现新的安全漏洞并将漏洞发布到 Internet。这就使制造商及其客户很难确保设备安全及保护设备免受最新攻击的威胁。通过采用应用程序白名单等嵌入式安全软件,制造商便能够锁定运行时环境,帮助避免昂贵的操作系统修补。
  • 与未授权更改相关的高昂现场维护成本
    当运行贵重设备(例如,CT 和 PET 扫描程序等大型医疗设备或自动化机械制造设备)的软件出现未授权更改时,便会对设备制造商和客户产生重大经济影响。对于制造商而言,向客户现场派遣技术人员解决问题不仅费用高昂,还可能会损害品牌信誉和产品声誉。迈克菲白名单和更改控制安全解决方案首先确保不发生这些代价昂贵的未授权更改。
  • 符合 PCI 合规要求
    用于处理客户交易的零售设备通常需要严格遵循一系列 PCI 要求。应用程序白名单和更改控制可帮助设备制造商以及在商店中使用这些设备的客户达到并保持 PCI 合规性。
  • 多项资源密集型设备安全合规解决方案
    企业往往部署来自多个安全供应商的多种安全防护产品,但更新和维护如此复杂的防御网络十分具有挑战性。调整企业嵌入式设备安全防护策略将大幅降低成本,同时还能改善企业的安全状况。采用白名单方法能够大幅减少企业的复杂安全系统,增强对恶意零日攻击的防护能力。
  • 由于未授权更改导致系统不可用
    由于未授权系统更改导致昂贵的制造设备、医疗设备和财务设备关闭,可能会对企业造成庞大的财产损失以及导致客户不满。设计将嵌入式系统安全防护程序置入制造商设备前端,将会为设备制造商及使用这些系统的客户带来极大的好处。

我们保护的设备

迈克菲技术支持的嵌入式设备数量越来越多,并且横跨多个行业。由于架构开放灵活,因而迈克菲嵌入式系统和设备安全解决方案可根据您的需求量身定制。

  • 航空/国防:安全通信系统、自动控制设备、引导系统、航空电子设备、目标和控制系统和无线网络设备。  
  • 汽车:保护传感器、机器人设备、系统间通信、远程信息处理、信息娱乐系统、无线通信和网络。
  • 数字生活:确保电视和家用联网设备远离恶意软件。
  • 游戏:保护手持式游戏设备和博彩站点。
  • 工业控制:保护测试值、传感器、显示器、机器人和机器人系统、通信系统以及网络系统。
  • 医疗:保护泵、显示器、通信、网络、诊断、测试和扫描系统。
  • 零售/销售点/数字标牌:保护自动取款机、寄存器、销售点系统、信息亭、网络设备、无线通信系统、数字显示器和照明设施。

 

支持的系统

架构

  • Intel
  • AMD
  • PC 支持

操作系统

  • Windows
  • Linux
  • Wind River Linux
  • Android

演示

演示

This demo details how McAfee Embedded Control helps protect ATMs, registers and other retail systems and devices protected with built-in application whitelisting, change control, and integrated security management.

This demo explains how McAfee Embedded Control helps keep devices secure and operational with built-in application whitelisting, change control, and integrated security management for various industries.

This demo explains how McAfee Antivirus SDK and McAfee Embedded Reputation SDK help keep the data flow within communication devices secure.

This demo explains how McAfee Embedded Control helps keeps office devices secure and operational with built-in application whitelisting, change control, and integrated security management.

视频

迈克菲、英特尔与 Wind River 合作开发物联网 物联网(Internet of Things,IoT)为几乎所有行业中各种规模的企业提供了新的机遇,可帮助其发展新的服务,提高工作效率,改进实时决策,解决关键问题,以及创造新的消费者体验。随着使用不同操作系统并且收集各种数据的新设备一天天相互连接起来,公司面临着解决碎片化、互操作性和智能化的边缘挑战。为了应对这些挑战,McAfee Embedded 团队正在与英特尔和 Wind River 合作,以提供一个全面的硬件和软件策略,从而通过网络将设备中的数据解锁到云。

2013 年度 Design West 大会的嵌入式安全会议安全架构师 Mike Cioffi 就为什么嵌入式安全至关重要进行了探讨,并介绍了迈克菲在该领域提供的解决方案。

医疗设备嵌入式安全解决方案了解迈克菲将安全嵌入到医疗设备的方案和实施策略。特色技术包括:Embedded Control 和 McAfee ePO Deep Command。

保护打印机抵御安全漏洞和数据威胁McAfee 和 Xerox 联合在最新的 Xerox 多功能打印机上实施迈克菲的 Embedded Control 技术,以确保打印机中的机密数据免受安全漏洞和威胁的侵扰。

保护零售业的嵌入式系统Mike Cioffi 在 2012 年度 IDF 上的专题报告。

医疗设备的网络安全Tony Magallanez 在 2012 年度 IDF 上的专题报告。

英特尔与迈克菲通力协作整合技术保护智能电网此视频旨在演示迈克菲与英特尔如何通过智能网络整合系统和技术无缝管理及保护智能电网,防止未经授权访问并在出现漏洞时及时实施故障转移功能。

迈克菲、英特尔和 Wind River 提供的医疗设备安全演示此演示源于 2011 年英特尔开发者论坛,它展示了如何综合利用来自英特尔、Wind River 和迈克菲的技术以保护医疗设备的安全。通过 McAfee Embedded Control(迈克菲白名单技术)为该设备提供保护。

促进堆栈安全
George Kurtz(迈克菲首席技术官)在 2011 RSA 大会上进行了主题演讲。

迈克菲 -- Wind River 合作伙伴
Ken Klein(Wind River 总裁)就主要合作内容与迈克菲进行了探讨。

客户案例

Amada (English)

Amada relies on McAfee Embedded Control to provide a stable environment for their customer sheet metal machinery.

产品特色
  • Protects Amada machinery and allows for long-term software use.

Grass Valley (English)

Grass Valley Secures Real-Time Broadcasting and Video Production with McAfee Embedded Control

产品特色
  • Protects against viruses and other known threats as well as zero-day and advanced persistent threats.
  • Provides robust protection in an environment in which performance without latency is critical.
  • Requires minimal to no administration, maintenance, or updates.

HelpSystems (English)

HelpSystems is a global provider of solutions that optimize IBM environments.

产品特色
  • Virus protection across all platforms.
  • McAfee Labs research enables global, real-time protection.
  • McAfee brand and reputation help sales efforts.

Ricoh (English)

Ricoh depends on McAfee Embedded control to protect business content displayed on networked whiteboards.

产品特色
  • Whitelist approach provides comprehensive security while facilitating rapid startup and use.
  • Whiteboards can be shipped with security pre-configured and without requiring later updates that might affect performance.
  • McAfee Embedded Control offers scalable security to support future product enhancements.

Sodick (English)

Sodick relies on McAfee Embedded Control to provide networked electric discharge machining (EDM) solutions that comply with customers’ internal security policies.

产品特色
  • Whitelist approach provides comprehensive security without affecting system performance.
  • EDM systems can be confidently installed in customer sites with compliance and IT approval.
  • Embedded security offers protection for today’s highly efficient networked manufacturing environments.

Sysmex (English)

Sysmex securely tests devices in a networked setting with McAfee Embedded Control

产品特色
  • Whitelist approach provides ideal solution for closed lab testing devices.
  • Market leadership based on ability to provide the industry’s most secure solutions.

Thecus Technology Corporation (English)

Thecus Technology Corporation is a leading multinational provider of high-performance digital storage systems, well-known among global customers for its network-attached storage (NAS) solutions.

产品特色
  • Provided simple and fast downloading and installation in minutes without requiring IT support.
  • Integrated seamless and easily with Linux OS.
  • Blocked malware with an impressive success rate of 99%.

产品

应用程序白名单

McAfee Embedded Control
McAfee Embedded Control

McAfee Embedded Control 重点解决因嵌入式系统中采用商业操作系统而导致的安全风险加剧这一问题。McAfee Embedded Control 解决方案占用空间少、日常开销低且独立于应用程序,并且可提供“即部署即忘”安全防护。

嵌入式设备管理

McAfee ePolicy Orchestrator
McAfee ePolicy Orchestrator

McAfee ePolicy Orchestrator (ePO) 是 McAfee Security Management 平台的关键组件,也是唯一能够提供终端、网络和数据安全统一管理的企业级软件。凭借可有效缩短事件响应时间的端到端监控和强大的自动化功能,McAfee ePO 软件能够显著加强对嵌入式设备的保护,并降低风险和安全管理的成本及复杂性。

Global Threat Intelligence

由 McAfee Global Threat Intelligence 提供支持的 McAfee GTI SDK
由 McAfee Global Threat Intelligence 提供支持的 McAfee GTI SDK

McAfee Global Threat Intelligence (GTI) 可提供目前市场上最全面的威胁情报。利用广阔的传感器网络,便于您监控所有威胁媒介(文件、Web、邮件和网络)。McAfee® GTI SDK 是一个软件库,提供 API 来获取电子邮件、IP 地址、网络连接和 URL 的可信度评级。嵌入式设备制造商通常可以将这些评级直接集成到他们的产品中,用来保护流经这些设备的数据。

新闻/活动

资源

产品简介

McAfee 5700 Scan Engine and .DATs

有关上面所列迈克菲产品的技术摘要,请查看产品简介。

McAfee Embedded Control

有关上面所列迈克菲产品的技术摘要,请查看产品简介。

McAfee 5600 Scan Engine and .DATs

有关上面所列迈克菲产品的技术摘要,请查看产品简介。

McAfee Embedded Reputation SDK (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control - Retail (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control for Aerospace and Defense (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control for Consumer and Home Networking (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control for Healthcare (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control for ICS (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

常见问题解答

Maintain Security for XP Systems (English)

Learn about how application whitelisting can maintain security for Microsoft Windows XP systems no longer supported by Microsoft.

Maintain PCI Retail Compliance for Systems No Longer Supported (English)

Learn about how to maintain PCI retail compliance for systems no longer supported.

技术蓝图

Securing ATMs (English)

McAfee has integrated application whitelisting with other important controls — file integrity monitoring and change management — into a single “deploy and forget” solution optimized for ATM devices. McAfee Embedded Control provides tight control over attempted changes, as well as broad visibility into changes to ensure that ATM devices remain up and running and free of malware.

报告

Store Systems Security: Preparing for the Paradigm Shift (English)

McAfee and IHL Group surveys retailers on their top concerns for POS System Security.

Retail Reputations: A Risky Business (English)

As a consumer, you can research products, find out about return policies, general pricing, or service issues, but there’s one important piece of information missing—can you trust the retailer’s security and how they protect your information?

Smarter Protection for the Smart Grid (English)

Learn how securing the energy grid requires action on three fronts: technical, cultural, and political.

Caution: Malware Ahead (English)

This report focuses on embedded systems in automobiles and is the first in a series of reports on embedded device security.

Embedded Security for an IP-Enabled World (English)

Forrester discusses how embedded security will be expected to secure data, devices, and networks.

白皮书

Strengthening Security, Control, and Compliance for Retail OEMs and Their Customers (English)

This white paper provides retail OEMs and their customers with insights into the technologies that are part of the McAfee embedded security solution, along with security, management, and compliance benefits made possible by shipping retail devices with security built in. You’ll learn how this integrated solution goes beyond device protection and extends security across the entire retail environment.

POS Security That Pays Its Own Way (English)

Adding McAfee Integrity Control to your POS solution simply makes your offering more appealing to your retailer customers.

McAfee Embedded Control (English)

Learn how McAfee Embedded Control enhances embedded device integrity, maximizing uptime, reducing support costs, and helping to ensure compliance throughout the lifecycle of your devices.

Taking Back Control in Today’s Complex Threat Landscape (English)

This document discusses the role that integrity control plays in defending networks against attack through a focus on two key areas — controlling what applications are allowed to run and how they are run, and protecting systems on the network from configuration changes and mistakes that can allow serious vulnerabilities to be exploited.

Increasing Medical Device Security with Mainstream IT Platforms and Technologies (English)

Although not typically the target of cyberattacks, medical equipment can become "collateral damage" in a malware outbreak, or even be the weak link that opens the door to a cyberattack.

解决方案简介

Securing the Internet of Things (English)

The Internet of Things (IoT, or Internet-connected smart devices) is rapidly changing the way we live and the way we do business. McAfee is working closely with OEMs to address the expanding security requirements of IoT devices for every layer—devices, connections, the cloud, and data centers.

Intel Gateway Solutions for the Internet of Things (English)

Discover the connectivity and interoperability benefits of intelligent gateways

McAfee Application Control Extends the Life of Legacy Microsoft Windows XP Systems (English)

McAfee Application Control provides an effective way to block unauthorized applications from running and will continue to support Windows XP systems even after Microsoft’s phase-out of support has taken effect.

Security for Military Grade Google Android Devices (English)

This solution brief looks at mobile device management and lockdown security from McAfee and Harris Corporation for Android tablets.

Security Consideration for Retail Systems OEMs (English)

Helping OEMs and retailers address a wide range of security challenges, Intel and McAfee have developed solutions that take advantage of leading-edge hardware and software technologies.

Increasing Utility Security, Multi-zone Protection, and Awareness of Industrial and Utility Infrastructure (English)

This combined solution uses Intel Core processor-based platforms, Intel vPro technology, and McAfee security solutions to unify situational awareness and multi-zone protection.

McAfee Embedded Control (English)

McAfee Embedded Control secures embedded systems and the sensitive information they contain while maximizing uptime, reducing support costs, and helping ensure compliance throughout the lifecycle of your systems.

社区

博客

  • How Much Are Your Assets Worth?
    Cybermum Australia - 九月 26, 2013

    Now, if your tax returns are up to date and you have a healthy relationship with a financial planner, I have no doubt you could answer this question in an instant. But what about your other assets? And I am not referring to your children because clearly they are priceless – most of the time!! […]

    The post How Much Are Your Assets Worth? appeared first on McAfee.

  • What is Encryption?
    Robert Siciliano - 九月 10, 2013

    Encryption is the science of encoding and decoding secret messages.  It began as cryptography—the ancient Greeks used it to protect sensitive information that might fall into the hands of their enemies. More recently, governments have used encryption for military purposes, but these days the term if often used in reference to online security. Encryption is […]

    The post What is Encryption? appeared first on McAfee.

  • Hesperus (Evening Star) Shines as Latest ‘Banker’ Trojan
    Vikas Taneja - 九月 6, 2013

    Hesperus, or Hesperbot, is a newly discovered banker malware that steals user information, mainly online banking credentials. In function it is similar to other “bankers” in the wild, especially Zbot. Hesperus means evening star in Greek. It is very active in Turkey and the Czech Republic and is slowly spreading across the globe. This sophisticated […]

    The post Hesperus (Evening Star) Shines as Latest ‘Banker’ Trojan appeared first on McAfee.

  • Cidox Trojan Spoofs HTTP Host Header to Avoid Detection
    Umesh Wanve - 九月 3, 2013

    Lately, we have seen a good number of samples generating some interesting network traffic through our automated framework. The HTTP network pattern generated contains a few interesting parameters, names like “&av” (for antivirus?) and “&vm=”(VMware?), The response received looked to be encrypted, which drew my attention. Also, all the network traffic contained the same host […]

    The post Cidox Trojan Spoofs HTTP Host Header to Avoid Detection appeared first on McAfee.

  • Five Website Security Do’s and Don’ts for Online Merchants
    McAfee - 八月 30, 2013

    As we get closer to the end of summer, most merchants are already in the midst of preparing for another busy fall/winter shopping season. However, amid the chaos, it’s important to take a look at your website’s current features—most importantly security—in order to assess what needs improvement before it’s too late. Aside from cosmetic and […]

    The post Five Website Security Do’s and Don’ts for Online Merchants appeared first on McAfee.