Researchers from Columbia University’s Intrusion Detection Systems Lab have concluded that embedded devices are over 20 times more vulnerable to Internet-based threats than Enterprise Networks. As network connectivity in embedded devices becomes commonplace and our reliance on these devices grows, so has the importance of protecting these devices from Internet-based threats.

In enterprise environments, firewalls, intrusion prevention systems and other security devices protect against Internet threats. In the embedded environment, devices such as medical instruments, industrial controls, mobile devices, consumer electronics, and transportation controls are built using smaller processors and without the defenses found in more sophisticated environments. As a result, embedded devices are vulnerable to DoS attacks, packet floods and other Internet attacks.

Icon Labs, a leading provider of embedded networking and security technology, developed the Floodgate Firewall with Stateful Packet Inspection (SPI). With the addition of Stateful Packet Inspection, Floodgate is the only embedded firewall providing complete protection against Internet-based attacks.

Floodgate Packet Filter is a complete embedded firewall providing a critical layer of security for networked devices. Floodgate provides static (rules-based) filtering, Stateful Packet Inspectin (SPI) and threshold-based filtering. Floodgate’s Lockdown Mode provides the highest level of security for systems where security is critical. Floodgate is the first embedded firewall to provide all three types of filtering to protect embedded devices from the growing number of Internet-based threats.

Floodgate provides protection from Internet-based threats by controlling what packets are the embedded device processes. Encryption and authentication may protect your device from a hacker trying to access your device, but Floodgate can prevent the hacker from even attempting to connect. Floodgate operates by blocking packets at the IP layer preventing unwanted packets from being processed by the device. Floodgate’s filtering engine can block denial of service attacks, packet floods, port scans, or other Intenet-based threats.

Floodgate’s threshold-based filtering protects against denial of service attacks, broadcast storms, and other conditions that result in a flood of unwanted packets. Rules-based filtering allows white-listing and black-listing based on criteria such as port number, protocol, or source IP address. Stateful Packet Inspection (SPI) provides dynamic packet filtering based on the state of a connection.