內嵌安全軟體及解決方案

保護全球的嵌入式系統及裝置

後續步驟:

概觀

McAfee 嵌入式安全性解決方案能夠協助製造商確保本身的產品和裝置免於遭受網路威脅和攻擊。 McAfee 內嵌系統及裝置安全解決方案涵蓋多樣化技術,包括應用程式白名單、防毒與防惡意軟體保護、裝置管理和加密,所有技術均採用業界領先的 McAfee Global Threat Intelligence。我們的解決方案都能彈性調整,以滿足製造商內嵌裝置及其架構的特定設計需求。

透過 McAfee 內嵌裝置解決方案,製造商能夠實作全系列的安全性功能,其中包括:

  • 防惡意軟體保護 - McAfee 的應用程式白名單解決方案可避免惡意軟體侵害和感染內嵌裝置。 
  • 全面性威脅感知與分析 - 只要裝置需要存取網際網路,並透過網路進行通訊,McAfee 強大的 Global Threat Intelligence 即可確保透過網路傳輸的流量可供裝置安全使用。
  • 強大的資料加密 - 裝置需要進行安全的通訊時,McAfee 內嵌安全軟體可保護儲存與傳輸中的資料。
  • 簡化的裝置管理 - 輕鬆監測、管理和維護大規模全球分散部署的內嵌裝置。
  • 符合美國聯邦與產業規範 - 確保裝置符合各種規範與法規架構。
  • 資料遺失防護 - 確保裝置上的機密資料得到最高程度的防護。

Protect critical infrastructure and industrial controls

Read White Paper

Challenges and best practices for securing POS systems

Read Report

Security that’s built-in not bolted on

McAfee Embedded Control

Read White Paper

我們解決的問題

  • 缺少零時差防護
    駭客及網路竊賊不斷製造和發佈比起以往更加特別且具有破壞力的惡意軟體,因此必須運用可防範零時差攻擊的解決方案保護內嵌系統安全。McAfee 的白名單解決方案是解決嵌入式裝置安全性威脅的全新方法。
  • 生產裝置上未經授權的軟體變更
    所有類型嵌入式裝置和設備若有未經核准的變更,會導致系統關閉而造成重大損失,並可能引發資料遺失、非預期地失去裝置的控制力,以及各種法規罰款與處分。 應用程式白名單及變更控制可避免這些問題並提升裝置安全。
  • 與裝置安全問題相關的高額合作夥伴支援成本
    未經授權的裝置變更會導致裝置製造商耗費資源,以解決系統錯誤及故障。 強大的裝置變更控制功能有助於避免這類情況發生,確保不需要將支援人員派遣至客戶的設備現場。
  • 經常進行且所費不貲的作業系統修補
    每天都有新的安全性弱點被發現並公佈於網際網路。 這表示製造商及其客戶難以確保裝置能安全且不受到最新的入侵攻擊。 透過應用程式白名單之類的內嵌安全軟體,製造商即可鎖定執行階段環境,而有助於避免所費不貲的作業系統修補過程。
  • 未經授權的變更會導致高昂的現場維護成本損失
    當昂貴設備 (例如,CT 與 PET 掃描器等大型醫療裝置或自動化機械式製造設備) 上執行的軟體出現未經授權的變更時,裝置製造商及客戶都會遭受重大的財務影響。 對於製造商而言,將技術人員派遣至客戶現場解決問題不僅所費不貲,而且可能損及公司品牌形象及產品信用評價。 McAfee 推出的白名單及變更控制安全解決方案,可確保這些高成本的未經授權變更永不發生。
  • 滿足 PCI 法規遵循需求
    處理客戶交易所用的零售裝置通常需要嚴格遵循一系列的 PCI 要求。 應用程式白名單及變更控制有助於裝置製造商以及在商店中使用這些裝置的客戶達到和維持 PCI 法規遵循的狀態。
  • 資源密集的多重安全裝置解決方案,可提供安全並有助於法規遵循作業
    公司通常部署來自多個安全性廠商的眾多系列防禦產品,但是更新和維護如此複雜的網路防禦產品極為不易。變更企業安全做法以採用內嵌裝置安全保護,能夠有效降低成本,同時改善公司的安全狀況。使用白名單的做法能夠大幅減少公司內部複雜的安全性系統,並強化惡意零時差攻擊的防範效果。
  • 未經授權的變更會導致無法使用系統
    若昂貴的製造、醫療和財務系統發生未經授權的系統變更而停止運作時,公司會蒙受重大的財務損失,並且讓客戶產生不滿情緒。 在製造商的裝置中設計內嵌系統安全保護,能夠造福裝置製造商以及使用這些系統的客戶。

我們防護的裝置

McAfee 技術支援的內嵌裝置數量日益增加,且跨越多種產業。適用於嵌入式系統及裝置的 McAfee 安全性解決方案可提供有彈性的開放式架構,讓您依照需求加以自訂。

  • 航太工業/軍事:防護通訊系統、機械控制、導引系統、航空設備、定位和控制系統,以及無線網路。  
  • 汽車:防護偵測器、機械、系統對系統、遠端資訊服務、資訊娛樂系統、無線通訊,以及網路。
  • 數位生活:確保電視和家用網路裝置完全不會遭受惡意軟體的攻擊。
  • 遊戲:防護掌上型遊戲裝置和博奕機台。
  • 產業控制:防護重要設備、偵測器、監視器、自動控制和機械系統、通訊系統及網路系統。
  • 醫療:防護泵浦、監視器、通訊、網路、診斷、檢驗及掃描系統。
  • 零售/銷售點/數位招牌:防護自動櫃員機、收銀機、銷售點系統、機台、網路連線裝置、無線通訊系統、數位顯示器及照明。

 

支援的系統

架構

  • Intel
  • AMD
  • Power PC

作業系統

  • Windows
  • Linux
  • Wind River Linux
  • Android

示範

示範

This demo details how McAfee Embedded Control helps protect ATMs, registers and other retail systems and devices protected with built-in application whitelisting, change control, and integrated security management.

This demo explains how McAfee Embedded Control helps keep devices secure and operational with built-in application whitelisting, change control, and integrated security management for various industries.

This demo explains how McAfee Antivirus SDK and McAfee Embedded Reputation SDK help keep the data flow within communication devices secure.

This demo explains how McAfee Embedded Control helps keeps office devices secure and operational with built-in application whitelisting, change control, and integrated security management.

影片

McAfee、Intel 與 WindRiver 在 IoT 上攜手合作物聯網 (The Internet of Things, IoT) 提供所有大小企業近乎橫跨所有產業的新商機,以發展新服務、提高產能、改善即時決策、解決重要問題,並創造新的消費者體驗。當每天都有新連線的裝置在使用各式作業系統並蒐集各種資料時,公司面臨的是如何解決分割、互通性與最新情報的挑戰。為了解決這些挑戰,McAfee Embedded 團隊與 Intel 和 Wind River 合作,提供全方位的硬體與軟體策略,將裝置中的資料透過網路解鎖至雲端。

Embedded Security at Design West Conference 2013安全性架構設計人員 Mike Cioffi 探討 Embedded Security 的重要性,以及 McAfee 在這個領域中所提供的解決方案。

適用於醫療裝置的內嵌安全性瞭解 McAfee 在醫療裝置上內嵌安全性的方法與實作策略。特色技術包括:Embedded Control 及 McAfee ePO Deep Command。

保護您的印表機不致產生安全性漏洞、避免資料受到威脅McAfee 與 Xerox 已合作,於最新款的 Xerox 多功能印表機上提供並啟用 McAfee 的 Embedded Control,保護您的印表機不致產生安全性漏洞、避免機密資料受到威脅。

保護零售業的內嵌式系統Mike Cioffi 主講 (IDF 2012)。

醫療裝置的網路安全Tony Magallanez 主講 (IDF 2012)。

Intel 和 McAfee 結合技術以保護智慧型電網此影片展示 McAfee 與 Intel 如何結合系統及技術,以便在智慧網路間毫無瑕疵地管理與保護智慧型電網,避免未經授權的存取,且允許在發生漏洞時有容錯移轉功能。

使用 McAfee、Intel 及 Wind River 的醫療裝置安全性示範這項示範取自於 2011 年 Intel 的開發人員論壇,影片中顯示 Intel、Wind River 及 McAfee 在保護醫療裝置的安全上如何合作。裝置會受到 McAfee Embedded Control 保護,此為 McAfee 的白名單技術。

防護堆疊的安全性
McAfee 技術長 George Kurtz 將於 2011 年 RSA 會議發表主題簡報。

McAfee 和 Wind River 的合作夥伴關係
Wind River 總裁 Ken Klein 探討 McAfee 值得成為合作夥伴的關鍵要素。

客戶案例

Grass Valley (English)

Grass Valley, a provider of broadcasting solutions, adds whitelisting and change control technology to its media servers to block malware, advanced persistent threats, and zero-day attacks.

重點功能
  • Protects against viruses and other known threats as well as zero-day and advanced persistent threats.
  • Provides robust protection in an environment in which performance without latency is critical.
  • Requires minimal to no administration, maintenance, or updates.

HelpSystems (English)

This provider of solutions that optimize IBM environments added McAfee Embedded Control scanning engine into its StandGuard antivirus product.

重點功能
  • Virus protection across all platforms.
  • McAfee Labs research enables global, real-time protection.
  • McAfee brand and reputation help sales efforts.

Ricoh (English)

This office equipment manufacturer trusts McAfee Embedded Control to secure business content displayed on interactive whiteboards.

重點功能
  • Whitelist approach provides comprehensive security while facilitating rapid startup and use.
  • Whiteboards can be shipped with security pre-configured and without requiring later updates that might affect performance.
  • McAfee Embedded Control offers scalable security to support future product enhancements.

Sodick (English)

McAfee embedded security allows Sodick to provide electric discharge machining tools to customers while meeting internal security policies.

重點功能
  • Whitelist approach provides comprehensive security without affecting system performance.
  • EDM systems can be confidently installed in customer sites with compliance and IT approval.
  • Embedded security offers protection for today’s highly efficient networked manufacturing environments.

Sysmex (English)

U.K. partner Sysec gains 30% year-over-year growth by selling the complete McAfee solution portfolio.

重點功能
  • Whitelist approach provides ideal solution for closed lab testing devices.
  • Market leadership based on ability to provide the industry’s most secure solutions.

Thecus Technology Corporation (English)

The McAfee and Thecus Technology partnership secures network-attached storage solutions, protecting sensitive customer data from malware.

重點功能
  • Provided simple and fast downloading and installation in minutes without requiring IT support.
  • Integrated seamless and easily with Linux OS.
  • Blocked malware with an impressive success rate of 99%.

產品

應用程式白名單

McAfee Embedded Control
McAfee Embedded Control

McAfee Embedded Control 著重在解決內嵌系統中採用商業作業系統所出現安全性風險增加的問題。Embedded Control 佔用空間低、低成本負荷、獨立於應用程式的解決方案,可提供「deploy-and-forget」(部署隨即忘記) 的安全性。

內嵌裝置管理

McAfee ePolicy Orchestrator
McAfee ePolicy Orchestrator

McAfee ePolicy Orchestrator (ePO) 是 McAfee Security Management 平台的主要元件之一,也是唯一可以統一管理端點、網路和資料安全的企業級軟體。McAfee ePO 軟體具備端對端可見度以及可以大幅縮短事件回應時間的強大自動化功能,能大幅強化內嵌裝置的防護,並且促進管理風險及安全的成本與複雜性降低。

Global Threat Intelligence

以 McAfee Global Threat Intelligence 為後盾的 McAfee GTI SDK
以 McAfee Global Threat Intelligence 為後盾的 McAfee GTI SDK

McAfee Global Threat Intelligence (GTI) 提供市場上最全方位的威脅情報。該產品使用多種偵測器,可充分掌握所有威脅媒介 (檔案、Web、訊息及網路)。McAfee® GTI SDK 為軟體檔案庫,提供 API 以便取得電子郵件、IP 位址、網路連線及 URL 的可信任度評等。這些評等可由內嵌裝置製造商直接整合入產品中,通常用來保護透過其裝置傳送的資料。

新聞 / 活動

資源

報告

Store Systems Security: Preparing for the Paradigm Shift (English)

McAfee and IHL Group surveys retailers on their top concerns for POS System Security.

Retail Reputations: A Risky Business (English)

As a consumer, you can research products, find out about return policies, general pricing, or service issues, but there’s one important piece of information missing—can you trust the retailer’s security and how they protect your information?

Smarter Protection for the Smart Grid (English)

Learn how securing the energy grid requires action on three fronts: technical, cultural, and political.

Caution: Malware Ahead (English)

This report focuses on embedded systems in automobiles and is the first in a series of reports on embedded device security.

Embedded Security for an IP-Enabled World (English)

Forrester discusses how embedded security will be expected to secure data, devices, and networks.

常見問題

Maintain Security for XP Systems (English)

Learn about how application whitelisting can maintain security for Microsoft Windows XP systems no longer supported by Microsoft.

Maintain PCI Retail Compliance for Systems No Longer Supported (English)

Learn about how to maintain PCI retail compliance for systems no longer supported.

技術藍圖

Securing ATMs (English)

McAfee has integrated application whitelisting with other important controls — file integrity monitoring and change management — into a single “deploy and forget” solution optimized for ATM devices. McAfee Embedded Control provides tight control over attempted changes, as well as broad visibility into changes to ensure that ATM devices remain up and running and free of malware.

白皮書

Strengthening Security, Control, and Compliance for Retail OEMs and Their Customers (English)

This white paper provides retail OEMs and their customers with insights into the technologies that are part of the McAfee embedded security solution, along with security, management, and compliance benefits made possible by shipping retail devices with security built in. You’ll learn how this integrated solution goes beyond device protection and extends security across the entire retail environment.

POS Security That Pays Its Own Way (English)

Adding McAfee Integrity Control to your POS solution simply makes your offering more appealing to your retailer customers.

McAfee Embedded Control (English)

Learn how McAfee Embedded Control enhances embedded device integrity, maximizing uptime, reducing support costs, and helping to ensure compliance throughout the lifecycle of your devices.

Taking Back Control in Today’s Complex Threat Landscape (English)

This document discusses the role that integrity control plays in defending networks against attack through a focus on two key areas — controlling what applications are allowed to run and how they are run, and protecting systems on the network from configuration changes and mistakes that can allow serious vulnerabilities to be exploited.

Increasing Medical Device Security with Mainstream IT Platforms and Technologies (English)

Although not typically the target of cyberattacks, medical equipment can become "collateral damage" in a malware outbreak, or even be the weak link that opens the door to a cyberattack.

解決方案概要

Securing the Internet of Things (English)

The Internet of Things (IoT, or Internet-connected smart devices) is rapidly changing the way we live and the way we do business. McAfee is working closely with OEMs to address the expanding security requirements of IoT devices for every layer—devices, connections, the cloud, and data centers.

Intel Security and Empathy Team up to Improve Retail payment Security (English)

Securing business-to-consumer retail transactions is an ongoing battle. Recent breaches at US retailers Home Depot and Target Stores highlight the serious risks, including the loss of consumer confidence, trust, and satisfaction. In addition to alienating customers, retailers that suffer a security breach may face tough scrutiny by the press, regulatory bodies, and investors. To date, most payment-system OEMs have relied on retailers—who often have limited IT and security resources—to secure their devices. Forward-thinking OEMs are seizing this opportunity and differentiating their products by designing advanced security capabilities into their devices. Discover how payment-system OEM Empathy has partnered with Intel Security to solve this pressing issue.

Intel Gateway Solutions for the Internet of Things (English)

Discover the connectivity and interoperability benefits of intelligent gateways

McAfee Application Control Extends the Life of Legacy Microsoft Windows XP Systems (English)

McAfee Application Control provides an effective way to block unauthorized applications from running and will continue to support Windows XP systems even after Microsoft’s phase-out of support has taken effect.

Security for Military Grade Google Android Devices (English)

This solution brief looks at mobile device management and lockdown security from McAfee and Harris Corporation for Android tablets.

Security Consideration for Retail Systems OEMs (English)

Helping OEMs and retailers address a wide range of security challenges, Intel and McAfee have developed solutions that take advantage of leading-edge hardware and software technologies.

McAfee Embedded Control (English)

McAfee Embedded Control secures embedded systems and the sensitive information they contain while maximizing uptime, reducing support costs, and helping ensure compliance throughout the lifecycle of your systems.

資料工作表

McAfee Endpoint Protection for OEMs (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee 5700 Scan Engine and .DATs

若需上述 McAfee 產品的技術摘要,請檢視產品資料工作表。

McAfee Embedded Control

若需上述 McAfee 產品的技術摘要,請檢視產品資料工作表。

McAfee Embedded Control for Healthcare (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control for ICS (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee 5600 Scan Engine and .DATs

若需上述 McAfee 產品的技術摘要,請檢視產品資料工作表。

McAfee Embedded Reputation SDK (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control for Aerospace and Defense (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control for Consumer and Home Networking (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control — Retail (English)

For a technical summary on the McAfee product listed above, please view the product data sheet.

社群

部落格

  • How Much Are Your Assets Worth?
    Cybermum Australia - 九月 26, 2013

    Now, if your tax returns are up to date and you have a healthy relationship with a financial planner, I have no doubt you could answer this question in an instant. But what about your other assets? And I am not referring to your children because clearly they are priceless – most of the time!! […]

    The post How Much Are Your Assets Worth? appeared first on McAfee.

  • What is Encryption?
    Robert Siciliano - 九月 10, 2013

    Encryption is the science of encoding and decoding secret messages.  It began as cryptography—the ancient Greeks used it to protect sensitive information that might fall into the hands of their enemies. More recently, governments have used encryption for military purposes, but these days the term if often used in reference to online security. Encryption is […]

    The post What is Encryption? appeared first on McAfee.

  • Hesperus (Evening Star) Shines as Latest ‘Banker’ Trojan
    Vikas Taneja - 九月 6, 2013

    Hesperus, or Hesperbot, is a newly discovered banker malware that steals user information, mainly online banking credentials. In function it is similar to other “bankers” in the wild, especially Zbot. Hesperus means evening star in Greek. It is very active in Turkey and the Czech Republic and is slowly spreading across the globe. This sophisticated […]

    The post Hesperus (Evening Star) Shines as Latest ‘Banker’ Trojan appeared first on McAfee.

  • Cidox Trojan Spoofs HTTP Host Header to Avoid Detection
    Umesh Wanve - 九月 3, 2013

    Lately, we have seen a good number of samples generating some interesting network traffic through our automated framework. The HTTP network pattern generated contains a few interesting parameters, names like “&av” (for antivirus?) and “&vm=”(VMware?), The response received looked to be encrypted, which drew my attention. Also, all the network traffic contained the same host […]

    The post Cidox Trojan Spoofs HTTP Host Header to Avoid Detection appeared first on McAfee.

  • Five Website Security Do’s and Don’ts for Online Merchants
    McAfee - 八月 30, 2013

    As we get closer to the end of summer, most merchants are already in the midst of preparing for another busy fall/winter shopping season. However, amid the chaos, it’s important to take a look at your website’s current features—most importantly security—in order to assess what needs improvement before it’s too late. Aside from cosmetic and […]

    The post Five Website Security Do’s and Don’ts for Online Merchants appeared first on McAfee.