GUARD MACsec Toolkit enables developers to quickly add complete MACsec support in new and existing products such as switches, routers or hosts. it includes a full C source code implementation of the control plane, especially the MACsec Key Agreement (MKA) protocol, as well as the data plane.
GUARD TLS Toolkit (formerly MatrixSSL) is a modular implementation of TLS and DTLS ideally suited for IoT usage due to its minimum memory footprint (<50KB) and efficient RAM utilization (4KB per connection). It is delivered as a lean and well-documented C source code for easy integration.
GUARD TLS Tiny allows IoT devices such as garage door openers, light switch, medical sensors, to use very cheap microcontrollers while securely connecting over internet.
GUARD TLS Tiny is designed for 8-bit microcontrollers to 32-bit microcontrollers with extremely limited memory that use remote connections, and demand robust security. This proven and secure TLS stack is delivered in portable C source code.
GUARD IPsec Toolkit (previously QuickSec) is a complete software stack to build scalable IPsec VPN gateway or robust IPsec Client. Developed and maintained by security experts, it is widely used by tier 1 customers to accelerate time-to-market and reduce overall R&D costs.
Secure communication can be implemented at multiple levels depending on the needs:
- Application level: protocols such as SSL, TLS, DTLS which are designed to protect traffic for specific applications
- Network level: VPN protocols such as IPsec encapsulate all traffic within a secure tunnel, allowing all traffic from a device to be securely transmitted over the internet
- Data link level: security can often be used on the link level, for example to protect an Ethernet link (with MACsec protocol) or a WiFi Access
To select the right level of security, one need to think about what needs to be protected, and then apply the security at all necessary levels.
Sometimes, when a the data link cannot be trusted, security must be applied on the network level. For example, VPN are often used to protect devices from being attacked from the local untrusted WiFi network. Such attack may be due to another computer on the same WiFi, a compromised wireless routers (and hacking tools like Mirai have shown how vulnerable they are) or a rogue Access Point.
For high security, a VPN is used to force all traffic to and from your device through a security infrastructure such as the Intranet security or a SECaaS cloud. Such infrastructure would analyze all traffic to prevent malware to be accidently downloaded and to detect abnormal traffic patterns.
Application level protocols like TLS are great to protect traffic from e.g. a banking application to the banking server. But they do not protect data within the application, so technology to secure the application themselves are also needed (see application protection section). In addition, if the application uses the TLS implementation from the device, a compromised device may intercept or modify the data before transmitting it.
To reduce development cost and accelerate time-to-market, GUARD product family provides security software toolkits for every layer that are:
- Widely deployed software stacks used by major companies
- Highly portable well-documented ANSI C source code
- Interoperability tested, compliant to IETF and IEEE standards
- Available with a FIPS140-2 certified cryptographic module upon request.