Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin
Jump to solution

IoT Nano Agent TechTalk June 2023: Video, Slides, and Q&A

Video below.
Q&A will be added below soon.

(1)
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Q&A from the Session

How is the nano agent obtained?

We work with manufacturers to add the Nano agent into the devices to ensure full compatibility and smooth integration.

Can this be done for boot rom loaders?

The nano agent protects the firmware. for secure boot we can advise how to do it securely. in any integration project we work closely with the developers to ensure that all aspects are covered.

In offline mode is there a way to get telemetry and signals from the agent to a local system (like an on-prem SIEM) ?

We produce a local log file into the device, and have internal API to consume the events.

Nano agents mechanisms is based on analysis the indicators of compromise?

Given the limited memory/storage on IoT devices, the Nano Agent works on a whitelist approach, only allowing defined activities and blocking everything else.

The firmware assestment is done by the IoT vendor, or the end customer?

Usually, the IoT vendor. End user can do it if he has the permissions to scan it. The service is available in our Infinity Portal.

How much RAM/CPU/Storage does the Nano Agent consume on the IoT device?

We need a minimum of 1mb for the basic features and up to 20mb for all features.

What are the compatible devices where we can install the Nano Agent?

In needs to be any Linux OS, with these CPU's: ARM 32/64bit, X86 64bit, RISC-V, MIPS.

Infinity Portal > IoT > Profiles has a Discovery Source Type where you can choose External Asset Source. Can this source be a 3rd party IoT vendor such as Medigate?

Yes.

So a customer could utilize the API to retrieve the events themselves ?

Yes, through the agent API and Infinity Portal API.

What is integration options within existing Check Point security Infrastructure i.e Security Management servers?

It depends on what the vendor decides to do with the integration. Events can either be sent to a vendor-specific dashboard or the Infinity Portal.

How is the nano agent itself protected from a script executed by the hacker to disable it?

The nano agent cannot be disabled without strong authentication, and we protect against exploits that might allow modification of executable by the "file monitor" feature.

Do you think it is possible for an electric car charger to install malware into the car’s computer thru the charge if they are compromised?

It's entirely possible. For example, there are services called "Plug & Charge" where you don't need to start charging by card or app, but the car communicate via the charger to charge the user.

View solution in original post

2 Replies
PhoneBoy
Admin
Admin

Q&A from the Session

How is the nano agent obtained?

We work with manufacturers to add the Nano agent into the devices to ensure full compatibility and smooth integration.

Can this be done for boot rom loaders?

The nano agent protects the firmware. for secure boot we can advise how to do it securely. in any integration project we work closely with the developers to ensure that all aspects are covered.

In offline mode is there a way to get telemetry and signals from the agent to a local system (like an on-prem SIEM) ?

We produce a local log file into the device, and have internal API to consume the events.

Nano agents mechanisms is based on analysis the indicators of compromise?

Given the limited memory/storage on IoT devices, the Nano Agent works on a whitelist approach, only allowing defined activities and blocking everything else.

The firmware assestment is done by the IoT vendor, or the end customer?

Usually, the IoT vendor. End user can do it if he has the permissions to scan it. The service is available in our Infinity Portal.

How much RAM/CPU/Storage does the Nano Agent consume on the IoT device?

We need a minimum of 1mb for the basic features and up to 20mb for all features.

What are the compatible devices where we can install the Nano Agent?

In needs to be any Linux OS, with these CPU's: ARM 32/64bit, X86 64bit, RISC-V, MIPS.

Infinity Portal > IoT > Profiles has a Discovery Source Type where you can choose External Asset Source. Can this source be a 3rd party IoT vendor such as Medigate?

Yes.

So a customer could utilize the API to retrieve the events themselves ?

Yes, through the agent API and Infinity Portal API.

What is integration options within existing Check Point security Infrastructure i.e Security Management servers?

It depends on what the vendor decides to do with the integration. Events can either be sent to a vendor-specific dashboard or the Infinity Portal.

How is the nano agent itself protected from a script executed by the hacker to disable it?

The nano agent cannot be disabled without strong authentication, and we protect against exploits that might allow modification of executable by the "file monitor" feature.

Do you think it is possible for an electric car charger to install malware into the car’s computer thru the charge if they are compromised?

It's entirely possible. For example, there are services called "Plug & Charge" where you don't need to start charging by card or app, but the car communicate via the charger to charge the user.

Miri_Ofir
Employee
Employee

Visit our webpage:  https://www.checkpoint.com/quantum/iot-protect/iot-device-security/

For additional questions in regards to Check Point IoT Nano agent, feel free to contact me or send email to: iot-device-security@checkpoint.com 

Upcoming Events

    CheckMates Events