Runtime
Protection
Secure your code and third-party libraries with agentless runtime security for IoT, powered by our patented EIV™ (embedded integrity verification) technology.
96.5%
Prevention in industry benchmark tests for memory vulnerabilities
Up to 60%
Less Patching with active mitigation of known and zero-day vulnerabilities
Only 1-3%
Overhead via agentless integration purpose-made for IoT devices
Adaptive On-device Protection
Our unique EIV™ technology(ies) are the first to introduce adaptive EDR/RASP-like protection for embedded devices. Leveraging binary instrumentation, it categorically prevents all code and memory manipulation attempts and assures system integrity at all times.
-
Integrity
Verification -
Agentless
Deployment -
Threat Detection
and Response
-
Integrity
VerificationEIV™ auto-profiles your firmware, including third-party components, and deploys verification checks across all exploitation paths it deterministically prevents all code and memory manipulation attempts.
-
Agentless
DeploymentEIV™ seamlessly integrates into your build, testing, and deployment process. Running as part of your code, it provides agentless security that has near-zero overhead and doesn’t rely on any external communication.
-
Threat Detection
and ResponseEIV’s self-protection is augmented by (XDR-like) threat detection capabilities of our Cloud platform, offering intelligence about indicators of exposure and compromise, ranging from unauthorized access to DDoS or brute force assaults.
Mitigation of Known and Future Threats
EIV™ provides blanket protection from all major threats, including MITRE’s ‘Top 25 Most Dangerous Software Weaknesses’ in scope for IoT – command injections, execution flow manipulations, buffer overflows, and more.
EIV’s deterministic security model makes it equally effective for keeping devices safe from future threats, 0-day and 1-day mitigation, and reducing cost of security patching.
Customer Story
Detect 0-day Vulnerabilities in Preproduction
Customer Story
A Fortune 500 engaged Sternum for POC, during which Sternum’s runtime protection was integrated into the development process.
Almost immediately, by profiling their firmware in runtime, the team was able to discover four security bugs, including potential memory information leaks and corruption vulnerabilities.
By addressing these bugs pre-market, the company was to resolve issues with relative ease, avoid patching in the field, and prevent future risks to device users.
Read the full case study
Detailed Attack Forensics
For each mitigated attack, our platform provides you with all of the contexts you need to conduct a detailed root cause analysis and address the issue at the source.
Access to this information also helps make security tangible for your end users, facilitating customer trust and acting as a unique differentiator for your product.
Software Supply Chain Protection
Software supply chain vulnerabilities are among the most common threat vectors. EIV technology(ies) eliminates this risk by securing all running code, including third-party libraries used for communication, encryption, authentication, OTA updates, and other device functions.
Continuous Security Monitoring
Sternum provides you with constant real-time information on cyber threats and intelligence on suspicious behaviors, security weak spots, and other indicators of attack and compromise (IoA and IoC). This security information is sourced to your SOC, SIEM or SOAR – or analyzed using Sternum’s own interactive dashboards.
“Sternum’s solution saves us time, manpower, and money. Being able to lean on Sternum as an active mitigation is a game changer and the data insights help us build better products and make better decisions.”
Kyle Erickson
Product Security Director at Medtronic
“Sternum enhances Zephyr’s built-in security features by providing embedded developers and device manufacturers with additional runtime protection and monitoring capabilities, which they can implement with minimal complexity and zero performance compromises.”
Kate Stewart
VP, Dependable Embedded Systems at the Linux Foundation
“All attacks NXP crafted were blocked by Sternum with CPU overhead of less than 3%. Sternum’s ability to successfully addresses runtime attacks is a valuable addition to many of NXP products.”
Marc Vauclair
Senior Security System Architect and Fellow at NXP Semiconductors
“We have long admired Sternum, for its unique ability to provide remote analysis of firmware runtime. Access to this technology improves our IoT offering and helps our partners deliver more reliable and competitive IoT products and services.”
Pavel Hübner
CEO and co-founder at HARDWARIO
“Seamless baked-in security with none of the added investment or complexity. Sternum alerts users to any attempt to compromise one of their deployed devices, providing early security intelligence.”
Dr. Mihai Voicu
CISO at Telit
Deterministic Protection for Deterministic Systems
The EIV deterministic runtime security model makes it a perfect fit for similarly deterministic embedded devices. This is how it measures against alternatives:
|
Sternum,
Iot Security |
SBOM Risk Management
|
Security by Design
|
Air Gapped Network
|
Security Patching
|
SAST or DAST
|
Compiler Flags / CFI
|
Cellular or Private Network
|
|
|---|---|---|---|---|---|---|---|---|
|
Runtime Exploit Prevention
|
|
Limited | Limited | |||||
|
Unknown, 0-day and 1-day Protection
|
|
Limited | ||||||
|
Software Attacks
|
|
Limited | ||||||
|
Memory Integrity / Corruption Protection
|
|
Limited | Limited | |||||
|
Threat Detection / Behaviour Awareness
|
|
Limited | ||||||
|
Supply Chain Protection
|
|
Limited | Limited | |||||
|
Communication Protocol Protection
|
|
Limited | Limited |
