Aunigma Security News…

“The worldwide cybersecurity market is expected to grow from $75 billion in 2015 to $170 billion by 2020. Juniper Research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.” – April 25, 2016

Steve Morgan

Contributor, Forbes.com

Current Industry Topic: Software Defined Perimeters

Aunigma Network Solutions: Future-proof Protection

CIOReview: 20 Most Promising Network Solutions Providers 2016

Security starts with authentication; you cannot have a secure environment without trusted authentication in place.” For Ken Garrard, it was this realization, coupled with the prospect of prevailing security norms running out of steam, which instigated him to co-found Aunigma Network Solutions in 2006. The stature of networking is undergoing a sea of change with the influx of virtualization, software- defined networking (SDN) architecture, and IoT. This translates into an increase in vulnerabilities for the network substratum at large. “We took a bold step in finding a core solution that would reinvent authentication and secure data transport,” affirms Ken Garrard, CEO, of Aunigma. The company has since kept a tight rein in the networking arena, throwing focus on network security and reliable connectivity.

Coca-Cola Looks to Secure Edge for Age of Cloud, Mobility

Coca-Cola Co. feeling the pressure to strengthen its digital security, is experimenting with a new approach that makes use of software virtualization, a concept that revolutionized computer servers during the last decade or so.

Learning about SDP via Google BeyondCorp

Google’s software-defined perimeter (SDP) architecture can act as a model that enterprise organizations can emulate and enhance over time.

Malicious Outsider

Accidental Loss

Malicious Insider

Hacktivit and State Sponsored

Source: BREACHLEVELINDEX.COM
January 2015 to December 2015

Aunigma [ah-nig-muh] ANS FabriX™ is an innovative network security solutions company that provides highly advanced and ultra-secure network communications.

We keep the bad guys out and let the good guys in!

Aunigma’s ANS FabriX is a future proof, lightweight nodal base security solution which doesn’t require you to change what you’re doing today.

ANS FabriX current suite of highly advanced technologies offer a blend of ultra-secure functional solutions:

ANS PacketLok™ – performs a stateless and transparent one-time pad filter (OTF) value technique that enables private and vector-less packet transport within the administration communications layer.
ANS Secure Frame Layer™ (SFL) – dynamically encrypt every packet with a symmetrical block one-time pad (OTP) for ultra-secure and unspoofable administration layer communications payload.
ANS Security Zones™ – are polymorphic domain topology agnostic, communication segments supporting current physical and future Software Defined (SD) architectures or concepts, which can be; nano, micro or macro segments dependent upon scope and scale deployed.
ANS Dynamic Adaptive Darknet™ – is internal zonal communications which uses ANS PacketLok dynamic whitelisting techniques to resist nearly all common attack vectors and provides the control/administration layer information Confidentiality, Integrity and Availability (CIA):
·       Maintains session Confidentiality within the zonal communication thread.

·       Establishes a private point-to-point communication session that’s immune to alteration, injection or obfuscation for true information Integrity.

·       Supports communications Availability with mitigation against flood or other disruptive attack methods.

To keep the bad guys out and let the good guys in, ANS FabriX:

Adds a lower-level layer of authentication, when combined with your current Access Control authentication system establishes a multi-layered authentication solution that hardens security within your current operation.
Secures your legacy systems, without requiring changes, to enable a planned transition to new architectures, platforms or systems.
Makes your protected communication invisible, if you can’t see it, you can’t hack it.
Mitigates network packet flood attacks (DoS, DDoS, & APDoS) and maintains sustained operational communication levels.
Establishes the highest level of security in the industry to significantly mitigate loss of Confidentiality, Integrity or Availability.
Applies highly advance and ultra-secure and dynamic polymorphic network segmentation not found in any other solution.
ANS FabriX authenticates access for specific communications between specific assets to provide the highest level of communication protection at unspoofable/wire-speed.
Current and future data encryptions are readily transported without alteration; minimizing deployment costs, resource time and is truly future proof.
Protects against most common known threats within cyber space.

Future proof network security, simplified deployment and automated operation which:

Enables a planned and paced technical transition investment.
Reduces cost/improves operation over time – bandwidth, resources, and operational agility.
Minimizes risk exposure – Security breaches, losing intellectual property or sensitive information, and brand protection.
Potential OPEX and CAPEX cost reduction:
- Co-exists with current infrastructure for low cost deployment.
- Mitigates Legacy applications/systems security while offering time/options for update/replacement investments.
- Automated operation minimizes skilled resources demand.
- On-demand sessions reduces bandwidth utilization and subsequent existing or future capacity requirements.
- Able to replace expensive dedicated pipes/architecture with lower cost Software Defined pipe/architecture.
- Improves risk management/regulatory compliance profile.
- Unimpeded operation/communication while under attack!

ANS FabriX technology suite provides innovative and future proof solutions.:

ANS Authentication™ – Node to Node (M2M) lower layer communication process which provides positive identification of all endpoints within the ANS Security Zone.
ANS SDN™ – VNF to secure SDDC, SDLAN, SDWAN and other SD (NFV) concepts or technologies.
ANS Appliance™ – Device administration communication security.
ANS Tap™ – Secure communications bridging enabling deep packet inspection within ANS Security Zones.
ANS Monitoring™ – Configurable secure ANS Agent™ nodal event detail for reduced false-positive SIEM or other event/alert reporting.

ANS Security Zones™

Polymorphic Network Segmentation (dynamically adaptive) which supports current and future topology or architectures.

Provides easily deployed and maintained polymorphic security zones that dynamically morph the zone’s shape and coverage as needed to meet any operational condition.

Nano Segmentation

Connecting two Nodes (devices) to establish direct private communications (e.g. NBI or SBI → 1-to-1)

Micro Segmentation

To connect a number of Nodes for specific communication requirements (e.g. SDLAN or SDDC → 1-to-many).

Macro Segmentation

Establishes specific communications across a large number of domain or topology agnostic Nodes (e.g. IoT or SDWAN → many-to-many).

The PacketLok product was deemed secure and, when put to the test, has lived up to the claims made by the product manufacturer in every reasonable respect. It has proven itself to be one of the more reliable products we have tested to date.

Hypersecurity Labs

From an attacker point of view, the client uses dynamic ports that cannot be guessed with usual network scanning tool…; this stealth property is very important for the endpoint security. Even if an attacker is able to eavesdrop the connection (and thus learn the dynamic ports) it cannot pass the filtering stage because the filter value changes at each frame in an unpredictable way for an eavesdropper…

France Telecom

Let me recap what was just presented… Packet-by-packet dynamic authentication at wire-speed… Well, that’s magic!

NSA Official

The only ‘possible’ attack we foresee on the system is from insider attackers where a large number of compromised endpoints (botnet) would send valid frame to the server. However, this attack remains theoretical because, since each endpoint is authenticated, it would be easy to block (at the network level) for each faulty endpoint.

Orange Labs

Sample Use Cases

ANS FabriX solution may be defined and configured to meet any operational / technical security requirements in support of any applied Use Case and delivered using combinations of the ANS FabriX suite of technology offerings.

ADMINISTRATION SECURITY SEGMENTATION

Use Case would establish an on-demand Administration layer style ANS Security Zone that locks out non-authenticated access while allowing only approved administrator or elevated privilege access.
Uses the ANS Security Zone construct for secure management of critical components such as; servers, firewalls, appliances, and datacenters remotely or within the same facility using Nano, Micro and/or Macro network segments.
Facilitates service provider or vendor access on-demand within a contained and secure communication segment.
Mitigates potential elevated access from external or internal threat actors and server/services hopping within a datacenter or other processing facility.
Meets/exceeds all common compliance requirements for Administration security while reducing overall OPEX.

MULTI-LAYERED SECURE AUTHENTICATION

Use Case would establish multi-layered authentication using the low level (L2) ANS Security Zone to secure user or application credential authentication in higher layered (L3 and above) federated or non-federated identity management communications within networked systems and/or applications.

Uses the ANS Security Zone construct to protect communications between endpoints and their authentication system to pass secure attribute based or common access control credentials across highly secure and available Nano, Micro and/or Macro network segments.
Establishes a multi-layered and highly secure authentication transport process which is invisible and impervious to internal and external threat actors.
Protects authentication systems from compromise while enabling cross domain secure access control.
Supports common Active Directory/LDAP user access control policy based solutions while capable of enhancing future attribute based granular role based access control systems or protocols.
Meets/exceeds all common compliance requirements for Access Control security while reducing overall OPEX.

MERGERS & ACQUISITION (M&A) OPERATIONAL SECURITY SEGMENTATION

Use Case would establish ANS Security Zones based on functional or operation requirements to rapidly integrate systems and/or collapse redundant processes.

Uses the ANS Security Zone construct for cross-domain or intra-domain highly security network communication using Micro and/or Macro network segments.
Facilitates connecting common functional requirements from M&A activities to swiftly change the resource utilization composition to gain faster consolidation of operations and the subsequent overhead cost reductions.
Mitigates potential loss of Confidentiality, Integrity and Availability of sensitive information within M&A and/or operational functions.
Enables an M&A quiet period segment to be established with highly restrictive and secure access requirements without CAPEX costs of physical/virtual systems, architectural planning or deployment requirements while reducing overall OPEX.

PAYMENT CARD INDUSTRY (PCI) SEGMENTATION

Use Case would establish ANS Security Zones based on PCI Card Holder Data (CHD) to carve out and segment the CHD from external or unauthorized access.

Uses the ANS Security Zone construct to limit access to the CHD to only those processes and authorized users that have the need to access for a specific functional purpose using Micro network segments.
Facilitates full CHD (PCI carve-out) protection through ANS Security Zone overlays from Point of Sale (POS) systems to payment processing demark and all the supplemental operational processes supporting CHD transactions.
ANS Security Zone segmentation secures the CHD from loss of Confidentiality, mitigates any potential loss of Integrity and enables operational Availability within extreme threat conditions.
Meets/exceeds all common PCI compliance requirements for CHD security while reducing overall OPEX.

APPLIANCE SECURITY SEGMENTATION

Use Case would establish an Appliance on-demand ANS Security Zone to restrict access allowing only approved administrator, elevated or appliance system privilege access.

Uses the ANS Security Zone construct for secure operation and management of appliance remotely or locally using Nano, Micro and/or Macro network segments.
Facilitates appliance process level access on-demand within a contained and secure communication segment to sensory or other appliance application touch points.
Enables cross domain private communication without changes to network.
Mitigates potential Confidentiality, Integrity and Availability of appliance Administration and its sensitive communication functions.

SECURITY EVENT AND INCIDENT MANAGEMENT (SEIM) SEGMENTATION

Use Case would establish an on-demand ANS Security Zone for SEIM tools, systems or functions to restrict access to approved administrator or system privileges.

Uses the ANS Security Zone construct for secure operation and management of SEIM systems remotely or locally using Nano, Micro and/or Macro network segments.
Facilitates SEIM process level access on-demand within a contained and secure communication segment to event information collection points.
Enables cross domain private communication without changes to network while reducing overall OPEX.
Mitigates potential Confidentiality, Integrity and Availability of SEIM administration and sensitive operational functions.

SOFTWARE DEFINED WIDE AREA NETWORK (SDWAN)

Use Case would setup high capacity and sustainable secure public SDWAN communication channels to replace existing dedicated point to point or broadcast pipes.

Uses the ANS Security Zone construct to protect a point to point high bandwidth private cross domain communication using Micro and/or Macro network segments.
Facilitates the creation of on-demand session based telco class communication channels over public networks (internet) to take advantage of a much lower cost structure than dedicated circuits (e.g. Dark Fiber, MPLS, Frame Relay, & Com-Sat).
Mitigates WAN spin up and spin down timeline and adds a level of security not found in traditional solutions to protect the Confidentiality, Integrity and Availability of sensitive information.
Enables extending LANs without CAPEX costs of physical/virtual systems, architectural planning or deployment requirements while reducing overall OPEX.
Applicable to SDLANs for localized communication requirements.

SOFTWARE DEFINED DATA CENTER (SDDC)

Use Case would establish highly secure communication segments between physical, logical or virtual Data Center devices, components or layers protected from external influence.

Uses the ANS Security Zone construct to protect communications between critical infrastructure within a physical or virtual data processing facility within the same domain or across domains using Micro and/or Macro network segments.
Establishes high capacity private sub-circuits which are not visible to other traffic within the same facility.
Protects against Loss of Confidentiality, Integrity, and Availability (CIA).
Provides high availability and mitigation against most threats e.g. network flood attacks (DoS, DDoS, APDoS), man-in-the-middle, service/server hopping and most other current day and zero day attacks.
Enables protected overlaid Administration layer to be established separate from operational data layer with same CIA benefits that conform to specific administrative requirements or resources.
Enables SDDC segmentation with minimal CAPEX costs of physical/virtual systems, architectural planning or deployment requirements while reducing overall OPEX.

CLOUD SERVICES SECURITY

Use Case would establish highly secure and authenticated communications within or from outside a Cloud Service solution.

Uses the ANS Security Zone construct to protect on-demand communications between cloud services and the respective endpoints with highly dynamic and autonomous polymorphic network segmentation using Nano, Micro and/or Macro segments.
Establishes highly efficient and secure on-demand session based communications irrespective to geographic location or connection methods as long as endpoints are deemed reachable.
Enables private communication not visible to others within or outside the same endpoint network segment.
Protects against external eaves-dropping, spoofing, or other common network attack types.
Facilitates secure communications within and between all interfaces (virtual or physical) including service, administration and user level ports.
Mitigates potential Confidentiality, Integrity and Availability of Cloud Services administration and sensitive service functions.
Enables Cloud Services and functional segmentation with minimal CAPEX costs of physical/virtual systems, architectural planning or deployment requirements while reducing overall OPEX.

INTERNET OF THINGS (ioT)