The Road to embedded world '23: San Francisco, California, Exein

By Chad Cox

Associate Editor

Embedded Computing Design

March 07, 2023


Embedded security is always needed and at hall 4 booth 451 at embedded world 2023 visit Exein as they will have interactive demos for showing guests how Exein Runtime secures their IoT devices in real time.


Runtime is a new paradigm of intelligent IoT protection that leverages on-device machine learning to offer high performance, automated and up to date protection.

Pulsar is a powerful, blazing fast security observability framework designed specifically to address the challenges of embedded security of Linux devices.

Powered by eBPF and written in Rust, Pulsar is lightweight, safe by design and gives you full access to your devices security.


At its core, Pulsar is an event-driven framework for monitoring the activity of Linux devices. Pulsar allows you to collect runtime information about the system from the Linux kernel through its modules, enrich and transform this information into events and publish the events on a shared event bus.

Through the Pulsar rules engine, you can write and apply any rule to generate alerts when undesired system behaviour occurs (e.g. accessing certain areas of the filesystem or executing anomalous syscall).

Any event that matches one of the rules enforced by the rules engine is known as a threat event.


In general, the information collected by default from the kernel by the Pulsar modules through the eBPF probes can be grouped into 4 distinct categories:

  • File I/O: I/O operations on disk and memory.
  • Network: data from the network stack.
  • Processes: processes information, including file execution and file opening.
  • System Activity: device activity, including system calls.

Pulsar modular design makes it easy to adapt the core architecture to diverse use cases. In fact, if there isn't yet a module that does what you need, you can simply create one yourself and load it; all the events collected by the new module will be available on the event bus for further processing and threat analysis.

For more information, visit