Overview

Floodgate™ Agent enables embedded devices to integrate with security management systems, allowing them to operate as trusted, managed network elements. The Floodgate Agent is designed specifically to run on RTOS-based systems and provide integration with Icon Labs Floodgate Manager, the McAfee ePO management system, or other management systems.

The Floodgate Agent supports policy management, event reporting, remote firmware updates and situational awareness for RTOS based devices. This enables IT/OT convergence as OT devices can now operate as standard, managed IT assets.

Features

The Floodgate Agent is written in portable C code, allowing it to be easily ported to any embedded OS.  The Floodgate Agent provides:

  • Integration with the McAfee ePO & SIEM
  • Integration with Icon Labs Floodgate Manager
  • Extensible to allow support for other management systems
  • Security policy management
  • Event notification
  • Event reporting API supports device and application specific events
  • Audit log support
  • Situational awareness
  • Secure remote firmware updates
  • Remote Key Management

ePO Management of Floodgate Defender

Secure remote firmware updates

The Floodgate Agent is integrated with the Floodgate Secure Boot and IDS modules to enable secure remote firmware updates.  The Floodgate Agent also supports TPM integration for key management and storage of validated firmware updates.

The Floodgate Agent secure firmware update module provides:

  • Remote firmware download/storage
  • Firmware validation
  • Writing validated firmware and signatures to secure flash
  • Device restart
  • Notification of attempts to install unauthorized firmware

This process insures that only firmware from the device OEM can be installed on the device.

Floodgate Security Framework Integration

The Floodgate Agent is a component of Icon Labs Floodgate Security Framework (FSF).  FSF provides key security building blocks for embedded devices, including secure boot, intrusion detection, secure remote firmware updates, and an embedded firewall.  The Floodgate Agent can be used as a standalone component or integrated with the FSF to provide security policy management, situational awareness, event reporting and command audit log support. 

Management System Integration with the Floodgate Agent

Floodgate VM architecture

The Floodgate Agent is a portable lightweight agent that is integrated into RTOS-based embedded endpoint. The Floodgate Agent integrates directly with management systems such as Icon Labs Security Manager. 

For security management systems  such as the McAfee ePO that require a larger, less portable agent, the Floodgate Proxy solution provides the necessary integration.  The McAfee Agent and Floodgate Proxy software run on the Floodgate VM and handle all ePO specific communication requirements.   This architecutre isolates the RTOS agent from any vendor specific requirements and enabling integration to  various management systems with the lightweight agent.