Automotive Ethernet is on the rise. But an Ethernet-based E/E architecture calls for particularly powerful security functions. That’s why automotive firewalls will play a key role in monitoring and controlling electrical system communications in the future.
ESCRYPT CycurGATE automotive firewall offers protection against denial-of-service attacks and enforces permitted Ethernet communication throughout the domain structure.
Watch the webinar recording 'How to secure automotive Ethernet with a firewall solution', in which we introduce the development of Ethernet architecture, and show you how ESCRYPT CycurGATE ensures the vehicle cybersecurity in typical use cases.
Perfectly balanced hardware-software co-design
ESCRYPT CycurGATE is integrated directly into the Ethernet switch, where the entire packet flow is monitored and managed centrally – with no resulting interference with the host controller or ECUs. The firewall can be used on the switch either as a library or as a stand-alone solution.
Thanks to well-balanced hardware/software co-design, the firewall solution makes the most of the hardware acceleration on the switch. The switch hardware and software are algorithmically so interwoven that the firewall can process the vast majority of data packets at wire speed.
Security right in the switch
- Multiple use cases
Works equally well with central or distributed implementation (central firewall vs. distributed firewall).
Enforces the domain structure on all levels of the Ethernet and IP stack: packet filter, stateful packet inspection (SPI), deep packet inspection (DPI).
- Highly configurable
Communications policy can be customized, including whitelisting and blacklisting.
Anticipates expected developments in transmission standards and E/E architectures.
High-performance processing of data packets thanks to optimized hardware-software co-design.
Runs entirely on switch, which makes it easy to integrate into any ECU and easy to configure
Security strategy for the entire vehicle life cycle
Intrusion detection and protection calls for continuously effective, comprehensive security mechanisms. The ESCRYPT CycurIDS intrusion detection system monitors network traffic to detect and log anomalies and typical attack signatures. In addition, ETAS offers a cyber-defense center backend: ESCRYPT CycurGUARD. This evaluates notifications from IDS components, detects new attack trends, helps determine the causes of security incidents, and defines countermeasures for distribution throughout the vehicle fleet.