Security startup silences chatty networks to thwart attacks
The internet was never designed to be secure, a fact that has given information technology organizations fits for more than 20 years.
The Transmission Control Protocol/Internet Protocol behind the internet assumes a high level of trust for devices that are on an internal network and willingly shares information about other devices on the same subnet, including operating system versions and running applications. A cyberattacker can exploit this information to find unpatched software that can be exploited to take over additional machines. The problem is only made worse by the notoriously weak security of many “internet of things” devices and mobile phones.
As tactics to defend against attacks, the U.S. government has promoted Moving Target Cyber Defense and microsegmentation — approaches that limit lateral movement within a network by limiting information about other devices as well as constantly changing IP addresses. Rockville, Maryland-based startup Cryptonite LLC late last week emerged from stealth mode to bring MTCD to commercial markets.
The company’s CryptoniteNXT hardware appliance, which was developed out of projects funded by the U.S. Departments of Defense and Homeland Security, sits between the distribution and core switches on a network and constantly obfuscates network visibility so that the IP topology is invisible to edge devices. This “zero-trust” approach renders attempts to misuse credentials, escalate privileges and bypass network controls useless, said CEO Michael Simon.
“We provide a temporary IP address that’s only good for the duration of a session,” he said. “If the session is completed and another IP is requested, it’s going to be different.”
Microsegmentation creates policies at the directory based upon user, port and processes. Network topology information is rendered usable and CryptoniteNXT captures detailed information regarding the failed attempts and forwards that information to the security team.
The approach is particularly useful at stopping ransomware attacks, which thrive by spreading between vulnerable machines on the network. It also blocks the use of TCP port 445, a port used by Microsoft Directory Services that has long been a favorite route of entry to other network services.
Cryptonite is initially targeting manufacturing, healthcare and industrial control applications, all of which use a large number of embedded and outdated equipment. IoT devices such as medical pumps and even traffic lights are wired to send feedback over the internet to device manufacturers, making them potential points of entry.
Simon said CryptoniteNXT would have stopped the 2013 breach of Target Stores Inc., which originated with an infected laptop used by a contractor. One of the company’s early customers is a manufacturing facility that’s running 400 Windows XP-based systems. Like many users of embedded systems, the company has little choice but to work with the computers provided by its systems integrator. So, Simon said, “we’re going to hide those XP systems from the rest of the network so no one can see them.”
The company’s initial product provides 30 gigabits-per-second of total throughput, or 1 gigabit-per-second per port, which is good enough to support about 500 endpoint devices. The company plans to offer a cloud-based version in the future. Cryptonite has secured initial funding of $5 million and expects to raise “a significant round next year,” Simon said. Pricing wasn’t specified.
Image: Flickr CC
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.