Security startup silences chatty networks to thwart attacks
The internet was never designed to be secure, a fact that has given information technology organizations fits for more than 20 years.
The Transmission Control Protocol/Internet Protocol behind the internet assumes a high level of trust for devices that are on an internal network and willingly shares information about other devices on the same subnet, including operating system versions and running applications. A cyberattacker can exploit this information to find unpatched software that can be exploited to take over additional machines. The problem is only made worse by the notoriously weak security of many “internet of things” devices and mobile phones.
As tactics to defend against attacks, the U.S. government has promoted Moving Target Cyber Defense and microsegmentation — approaches that limit lateral movement within a network by limiting information about other devices as well as constantly changing IP addresses. Rockville, Maryland-based startup Cryptonite LLC late last week emerged from stealth mode to bring MTCD to commercial markets.
The company’s CryptoniteNXT hardware appliance, which was developed out of projects funded by the U.S. Departments of Defense and Homeland Security, sits between the distribution and core switches on a network and constantly obfuscates network visibility so that the IP topology is invisible to edge devices. This “zero-trust” approach renders attempts to misuse credentials, escalate privileges and bypass network controls useless, said CEO Michael Simon.
“We provide a temporary IP address that’s only good for the duration of a session,” he said. “If the session is completed and another IP is requested, it’s going to be different.”
Microsegmentation creates policies at the directory based upon user, port and processes. Network topology information is rendered usable and CryptoniteNXT captures detailed information regarding the failed attempts and forwards that information to the security team.
The approach is particularly useful at stopping ransomware attacks, which thrive by spreading between vulnerable machines on the network. It also blocks the use of TCP port 445, a port used by Microsoft Directory Services that has long been a favorite route of entry to other network services.
Cryptonite is initially targeting manufacturing, healthcare and industrial control applications, all of which use a large number of embedded and outdated equipment. IoT devices such as medical pumps and even traffic lights are wired to send feedback over the internet to device manufacturers, making them potential points of entry.
Simon said CryptoniteNXT would have stopped the 2013 breach of Target Stores Inc., which originated with an infected laptop used by a contractor. One of the company’s early customers is a manufacturing facility that’s running 400 Windows XP-based systems. Like many users of embedded systems, the company has little choice but to work with the computers provided by its systems integrator. So, Simon said, “we’re going to hide those XP systems from the rest of the network so no one can see them.”
The company’s initial product provides 30 gigabits-per-second of total throughput, or 1 gigabit-per-second per port, which is good enough to support about 500 endpoint devices. The company plans to offer a cloud-based version in the future. Cryptonite has secured initial funding of $5 million and expects to raise “a significant round next year,” Simon said. Pricing wasn’t specified.
Image: Flickr CC
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.