Mocana’s patent-pending new anti-malware product, NanoDefender, is a device-based application and firmware defense system that is designed to instantly detect and shut down malware or viruses before they have a chance to spread—and it does so while eliminating “false positives.” NanoDefender is the latest addition to the Device Security Framework, Mocana’s top-to-bottom architecture for planning, implementing and managing comprehensive device security across the enterprise.

How Mocana NanoDefender Works
When an application is compiled, NanoDefender performs a static analysis of the code to determine the call flow of the executable. Later, at link time, the executable is instrumented to track function calls. Result: first-class malware protection with no false positives.

The Mocana NanoDefender Difference
NanoDefender starts your device out on the right foot, by providing all the tools and firmware source you need to perform secure pre-boot verifications on your connected device. The solution uses strong cryptography to validate the BIOS, firmware, and boot loader images.

Once the device is up and running, NanoDefender approaches host-based intrusion detection in a completely different way. Unlike anti-malware products currently on the market that rely on attack databases for defense, NanoDefender tracks the function flow within the application.

Designed to prevent malicious code execution in the context of an existing application or process, NanoDefender is focused on recognizing previously unknown attacks, especially on handheld and wireless devices. It isn’t an add-on. It’s designed to be integrated into the device or application during the manufacturing process to prevent damage from attacks, known or unknown.

NanoDefender Advanced also lets your digitally sign your firmware and provision private keys for specific device/app combinations. It's perfect for memory constrained environments where other types of virus detection or code-signing is infeasible. NanoDefender requires less than 8KB uncompressed firmware space and less than 2KB of RAM.

NanoDefender advanced that combines NanoBoot, NanoSign and NanoDefender provides integrity of the device i.e. to establish root of trust, protect identity of the device and run time protection from known/unknown malware, all using FIPS certified cryptographic implementation.

Later in the device lifecycle, when you need to distribute code updates or patches to devices already out in the field, NanoDefender enables you to securely deliver digitally-signed firmware images (and other messages) automatically, eliminating the need for insecure manual methods, like email, TFTP, FTP, HTTP, or physical DVDs. Updates can be delivered even over sporadic or “lossy” connections. Any signed message (update) downloads that are disrupted during retrieval will cleanly resume without consequence.

How NanoDefender Stops Malware
In Mocana NanoDefender, every action an application takes is checked against a known “good behavior” model. Mocana NanoDefender maintains a database of behaviors and functions that are deemed “acceptable” for a given application, and if the function or behavior does not match the known “good behavior,” the application is terminated and the security breach is logged.

Mocana NanoDefender provides protection to function flow and especially system calls. For example, if an attacker takes advantage of a buffer overflow in glob() in glibc and subsequently attempts to overwrite system configuration files with fwrite(), the attack would be stopped immediately by NanoDefender because glob() does not call fwrite() in normal operation.

NanoDefender is basically a set of tools and code designed to “harden” executable images against arbitrary code execution. When a new application is compiled, NanoDefender performs a static analysis of the code to determine the call flow of the executable. In other words, NanoDefender determines which functions call which functions, and which functions make which system calls. Later, at link time, the executable is instrumented to track function calls. Finally, at runtime, NanoDefender runtime code and the (now specially modified) OS together enforce the proper call flow.
Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

NanoDefender™ Device Intrusion Detection Features

Common Code Protection
Applications that rely on general-purpose libraries like libc/glibc also inherit any vulnerability that may exist within those libraries. With NanoDefender, these general-purpose libraries can be “hardened” in advance, avoiding difficult and costly post-shipment library swap-outs.

Minimal Footprint and CPU Usage
NanoDefender delivers minimal impact at runtime with no hindrance to quality of performance. Instead of a large database that requires constant updating, It relies only on a small set of data describing the function flow and system calls within a given application. In an embedded or handheld environment where storage space is at a premium, this is an absolute necessity. NanoDefender is a comprehensive intrusion prevention that secures all aspects of a device: communications, identity, access, privilege, control and execution. It tracks the function flow within an application instead of relying on an “attack database” for defense. And better yet, it delivers complete security without time-consuming false positives.

Platform Independent
Like all of Mocana’s device security toolkits, NanoDefender is CPU-architecture and platform independent. Platforms supported include common platforms such as Linux and BSD, as well as real-time operating systems such as VxWorks. Other out-of-the-box supported platforms include Monta Vista Linux, OSE, Nucleus, Solaris, ThreadX, Windows, MacOS X, (ARC) MQX, pSOS, and Cygwin.

No Crypto Expertise Required
NanoDefender features an extremely powerful, but simple and easy-to-use API. That’s because we built it for ease-of-use and ease of installation from the ground up. You don’t need to be a crypto expert, because we hide all of the complexity of the cryptography. You can focus on your development project, and let us worry about the security. Plus Mocana’s developer support team is always available to answer your questions about our toolkits or embedded development in general.
Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

NanoDefender™ Device Intrusion Detection Benefits

Comprehensive Attack Protection
Designed to prevent malicious code execution in the context of an existing application or process, NanoDefender can shut down any exploit changing the function flow within running code before it has the chance to do any damage. NanoDefender even provides protection from remote and local stack-based overflows, format string attacks/string exploits, heap overflows, and return-to-libc integer overflows.

No False Positives
Because NanoDefender only acts if “disallowed” behavior is detected, false positives are impossible. Using a rules base of acceptable behavior for any applications running on the new device, NanoDefender only terminates an application it begins behaving erratically due to malware or some other security threat.

Truly Painless Integration
NanoDefender was built for ease-of-use and ease of installation from the ground up. It’s a snap to integrate into applications — just rebuild an application using a Mocana-provided code analyzer and linker. Absolutely no changes to your code are required. Plus Mocana’s developer support team is always available to answer your questions about security, our toolkits, or embedded development in general.

Extends Product Lifecycle
Because you can now deliver new features and functionality in software, your hardware platforms can enjoy a significantly longer lifetime out in the field. Significant code updates can create new revenue opportunities, too, without the need to redeploy expensive new hardware.

Greatly Improves Security, Lowers Support Costs
NanoDefender’s “NanoUpdate” modules mean that security patches can now be delivered remotely, automatically—no more wondering which devices have which version of the software. Fast, inventory-wide security updates mean your product line is significantly less vulnerable to zero-day attacks.

Protects Intellectual Property & Brand
By preventing hackers from tampering with your firmware and update images, NanoDefender protects your devices from being hijacked by malware or “imposter” updates, thereby protecting your customers and your brand.

Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

Which NanoDefender™ Edition is Right for You?


FEATURES	Regular AntiVirus Software	NanoDefender Basic	NanoDefender Advanced
Protects from legacy viruses
Works on embedded Systems
Works on 'Zero Day'
Protects third-party keying material
Prevents arbitrary code execution
Limited CPU impact
Works entirely in background
Works without giant signature database
Much lower cost-per-node
Secure remote update
Secure firmware boot
Firmware signing

Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

NanoDefender™ Device Intrusion Detection Architecture

NanoDefender is part of the Mocana Device Security Framework™, designed to secure all aspects of any connected device. All components of the Device Security Framework are built on a common architecture and share a common API and code base. As a device designer, you can choose only the components you need for your particular project... or standardize company-wide on the DSF, future-proofing your investment with this broad, cross platform, flexible and extensible security architecture.

Malware Intrusion Detections System Architecture

Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

Mocana products are built for developers, OEMs and ISVs. DSF for Android, NanoSSH and other products are not finished security applications usable by IT personnel or end users.
Please fill out the form below. All fields are required.
First Name
Last Name
Company
Job Title
Phone
State
Email	Your Privacy
Country
Embedded security code packages can only be delivered to valid business email addresses.
When is your project starting?
What is your target OS/CPU?

	I'd like to receive email updates and news from Mocana*

	I have read the Mocana Terms and Conditions
Form Source: Lead Source:

COST COMPARISON:
Mocana vs Open Source

Features & Benefits

Defends devices against malware and viruses, even Zero-Day

Secure preboot verification for firmware

Blocks unlicensed firmware upgrades

Prevents firmware image tampering

FIPS-validated cryptographic algorithms

Command line tools for Linux & Windows

Significantly enhances security and lowers support costs.

Extends device lifetime out in the field.

Creates new revenue opportunities for already-deployed hardware.