HOW IT WORKS...
aDolus offers a secure upgrade process that fits into daily operations without disrupting critical functionality.
So how exactly does the STA — Security Trust Anchor — solution work?
Well, we’ve kept it simple for you – because not everyone wants to focus on the technical complexities of firmware validation.
The short story…
Companies that develop software or manufacture products containing software subscribe to the aDolus service.
Companies that use these products can validate new software patches and upgrades before installing them in critical equipment.
Are you interested in a bit more detail?
Let’s break it down…
- Vendors certified by aDolus create digital fingerprints of their legitimate software and firmware via an automated agent within the secure perimeter of their software development process.
- This fingerprint is transferred over an encrypted link to the STA server.
- The STA system verifies the authenticity of the vendor and stores the digital fingerprint in a secure database, creating a repository of trusted artifacts. We call this the Trust Repository.
- The Trust Repository then sends the fingerprints to the analysis engine to understand the sub-components and determine if any contain vulnerabilities or malware.
- The asset owner's technical staff obtain firmware/software releases through their normal distribution channels (such as DVDs or vendor websites).
- Prior to installing the firmware/software, the staff use the STA web client or tool to generate their own digital fingerprint of the unverified firmware/software.
- The STA technology compares the fingerprint of the unverified content against the certified digital fingerprint stored in the aDolus Trust Repository.
- STA provides a confidence and security rating of the firmware/software and all its sub-components. Based on this score, owner management decide to approve (or reject) the firmware/software for use in your operations.
In the end...
- If the two digital fingerprints match and the STA rating is high, the asset owner is assured that the firmware/software is valid, authorized by the company, and secure.
- If the fingerprints don't match, then the asset owner has been alerted to non-compliant content before installing it in critical equipment.