Floodgate™ Aware, a component of the Floodgate product family, provides situational awareness for endpoint device. Floodgate Aware enables endpoint devices to detect, record and report security and device events and information. Floodgate Aware also provides integration with Security Information and Event (SIEM) management systems, or other security management systems.
Floodgate Aware includes a GUI tool to specify the data items that are managed by Floodgate Aware. Once specified, Floodgate Aware generates code for management and reporting of the data items. This managed code for reporting data values and security events is generated for all specified data items. With Floodgate Agent this data can be reported to the corporate SIEM system of your choice.
Situational awareness is the ability of a device to maintain information about itself and report that information to a security management system or a Security Information and Event Manager (SIEM). This includes basic information such as system uptime, IP address, MAC address and device name, along with status information about the device. Device specific information should also be included. For example, if the device has GPS capabilities, the GPS location should be reported. Information on any attacks detected by the security layers protecting the device would also be reported. With Floodgate Agent this data can be reported to the corporate SIEM system of your choice.
Situationals Awareness data includes:
- Firewall rule violations.
- Failed login attempts.
- Packet Flood attacks.
- Protocol specific attacks such as TCP SYN Flood attacks.
- Device specific information such as IP address, MAC address, systems uptime, etc.
- User defined information.
- Detect and record security events.
- Built-in support for comment data and events.
- GUI tool automates exentding Floodgate Aware to support used defined information.
Situational Awareness for RTOS devices
SIEM systems provide the ability to detect and mitigate attacks across a broad range of devices. This creates the ability to react intelligently and proactively to threats on the network. However, RTOS device currently are not currently integrated with SIEM systems, creating a security loophole. Enterprises require the ability to view and manage all of the devices on their network, including RTOS based devices. With Floodgate Aware, RTOS based devices are visible to SIEM sytems.
Floodgate Aware Features
Floodgate Aware is a source code library allowing easy integration into embedded devices. Floodgate Aware is exensible, allowing the user to add new data items that are detected, recorded and reported.
- Reported events include:
- Firewall rule violations
- Invalid login attempts
- Packet Floods detected by threshold filtering
- Protocol specific attacks such as SYN Flood attacks
- User defined events and data
- Small footprint and efficient design for embedded systems.
- Portable source code for use with any embedded OS.
- Integrated with Floodgate Defender and Floodgate Agent.