Advantech's One-Stop Security Solution Builds a Comprehensive Device-to-Cloud IoT Protection Suite

As embedded devices in industrial control environments provide specific functions and run customized OS, they are not considered obvious targets for cyber-attacks and were, until recently, subject to lower IT security measures. Despite this, the emergence of 5G, IoT, and AI technologies, as well as the joining of OT and IT is threatening industrial control systems. Likewise, frequent media reports of ransomware attacks are increasing system security awareness.

Advantech developed a one-stop device-to-cloud security solution that covers SSD, firmware, OS, API, and data/applications in response. Clients that purchase Advantech IPC enjoy Windows OS, API, utilities, or firmware usability; and benefit from the safety created by a secure device-to-cloud environment.

Advantech’s extensive experience helps us meet varied customer needs. As such, Advantech offers customized products and security packages that correspond to different deployment phases and application scenarios. We are further willing to adapt these products/packages to our customer's needs.

Advantech accommodates the security and management needs of individual customers better than comparable one-size-fits-all solutions. For example, one customer used Advantech IPC for mobile maintenance trolleys in their factory. Advantech leverages its own SUSI API to customize “Case Open” function to prevent unauthorized access and data theft of the IPC. Advantech’s SUSI API also binds to IPC applications to ensure that software cannot run on any other unauthorized IPC, yielding a highly creative and practical security solution.

Reliable On-premises Security Protects SSD, Firmware, and OS

Advantech's security solution leaves nothing to chance — providing a mechanism for storage, security, and recovery. Advantech's SQFlash SSD provides a comprehensive suite of data protection capabilities. These include AES-256 based SSD self-encryption and OPAL-compliant data-security management mechanisms that support partition read-and-write protection and multi-user authentication. Integration with third-party McAfee antivirus software and Acronis backup and recovery software delivers additional prevention measures and enables data restoration.

McAfee antivirus supports application whitelisting to block unauthorized software, mitigating zero-day attacks. Acronis helps secure customer data by delivering backup features. It also uses unique ransomware protection technology to monitor changes made to files on the computer, detect suspicious activity, and warn customers.

Advantech's firmware team provides quality services tailored to individual customer's needs. These services accommodate highly customized security technology in IPC environments. Take embedded controllers for example: Advantech offers diverse hardware monitoring related services that help clients develop and integrate software — including sample code, documents, and SDKs. Advantech also offers Boot Guard in BIOS to fuse a security key within the chip itself, verifying the executed code’s integrity during initial BIOS boot up stages. Secure Boot extends to the OS level and verifies the integrity of the executed application — guaranteeing an untampered chain all the way from boot up to user applications.

Advantech’s Lockdown Utility for Windows 10 IoT Enterprise is proving very popular, especially among kiosk market. Self-service kiosks are often left unattended in public areas. This creates concerns about the USB port leaving the device open to sabotage and data theft. Despite this, locking the ports causes maintenance difficulties. In response, Advantech’s Lockdown Utility limits USB port access to pre-designated devices, preventing unauthorized access or tampering.

Secure Tunnel and Azure VPN Gateway Secures Cloud Resource Access

Advantech is also dedicated to the development of the WISE-PaaS/Secure Tunnel Reverse Proxy Service for enterprise security. This solution overcomes common customer problems. Businesses have to work in collaboration with a partner, but cannot give their partners access to company VPNs. This necessitates application for a second dedicated external connection; exposing their internal network to WAN. This is a security concern, and incurs extra costs. Deployment of Advantech’s Secure Tunnel and forwarding services to a proxy enables whitelisting and connection source limits. These features help partners on WAN secure access without compromising company security. In addition, WISE-PaaS/Secure Tunnel does not require software during installation on the client-end to function. Deploying a lightweight proxy software on the server and issuing a few command lines enables businesses to reduce problems related to complex VPN setups.

WISE-PaaS/Secure Tunnel works in conjunction with Azure VPN Gateway, yielding a high cost-to-performance solution package. Companies that adopt WISE-PaaS services like iFactory, WISE-Dashboard, or WISE-STACK are ready to implement WISE-PaaS/Secure Tunnel. This solution enables them to combine their client-end devices or horizontally integrate their services. If a company relies on native Azure services, and needs to allow these services access to resources on a self-hosted private cloud, they can leverage Azure VPN Gateway to establish a fast and secure tunnel that restricts resource access on the internal network to company Active Directory (AD) authenticated accounts. This procedure prevents most common cyber-attacks.

Advantech also offers McAfee and Acronis cloud versions used on Azure. McAfee cloud products can give suggestions to improve cloud platform security configurations and strategies. Similarly, Acronis cloud products enable users to quickly log-in and deploy backup files. Advantech became a Microsoft Azure Cloud Solution Provider in 2018, and is seeking more IT security software partners capable of creating future cloud-security solutions.

In conclusion, industrial control system owners using Advantech IPC enjoy a one-stop device-to-cloud security solution that covers SSD, firmware, OS, data/applications, and the cloud. These features are supported by WISE-PaaS/Secure Tunnel service, enabling partners on the external net to securely interact with the company's internal resources. In sum, Advantech provides a comprehensive suite of security solutions that protect diverse devices.