Product Overview Version 1.0. May 2018 Silent Circle Silent Circle. All Rights Reserved

Similar documents
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

The threat landscape is constantly

Securing Today s Mobile Workforce

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Securing Your Microsoft Azure Virtual Networks

Securing Your Amazon Web Services Virtual Networks

Cisco Advanced Malware Protection. May 2016

Symantec Endpoint Protection Family Feature Comparison

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Simple and Secure Micro-Segmentation for Internet of Things (IoT)

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

GUIDE. MetaDefender Kiosk Deployment Guide

The Top 6 WAF Essentials to Achieve Application Security Efficacy

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Privileged Account Security: A Balanced Approach to Securing Unix Environments

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

SoftLayer Security and Compliance:

AKAMAI CLOUD SECURITY SOLUTIONS

FIREWALL BEST PRACTICES TO BLOCK

Gladiator Incident Alert

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

NSG100 Nebula Cloud Managed Security Gateway

BUFFERZONE Advanced Endpoint Security

Datacenter Security: Protection Beyond OS LifeCycle

Aerohive and IntelliGO End-to-End Security for devices on your network

SaaS Flyer for Trend Micro

ENDPOINT SECURITY STORMSHIELD PROTECTION FOR WORKSTATIONS. Protection for workstations, servers, and terminal devices

Total Threat Protection. Whitepaper

Teradata and Protegrity High-Value Protection for High-Value Data

Software-Defined Secure Networks in Action

Juniper Vendor Security Requirements

ALIENVAULT USM FOR AWS SOLUTION GUIDE

EBOOK What attacks aren t you seeing? Why you should consider adding DNS-layer security as your first line of defense against threats

Features. HDX WAN optimization. QoS

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Cloud-Based Data Security

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

NSG50/100/200 Nebula Cloud Managed Security Gateway

Garrison Technology HOW SECURE REMOTE BROWSING DELIVERS HIGH SECURITY EVEN FOR MAINSTREAM COMMERCIAL ORGANISATIONS

SECURING DEVICES IN THE INTERNET OF THINGS

Changing face of endpoint security

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Cisco Network Admission Control (NAC) Solution

Security+ SY0-501 Study Guide Table of Contents

MaaS360 Secure Productivity Suite

Make security part of your client systems refresh

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

CYBERSECURITY RISK LOWERING CHECKLIST

M2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres

Security Enhancements

Secure Access for Microsoft Office 365 & SaaS Applications

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

Business Strategy Theatre

Enterprise Guest Access

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Securing Devices in the Internet of Things

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Transforming Security from Defense in Depth to Comprehensive Security Assurance

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

The Internet of Everything is changing Everything

Competitive Analysis. Version 1.0. February 2017

SECURING DEVICES IN THE INTERNET OF THINGS

SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON

Endpoint Security and Virtualization. Darren Niller Product Management Director May 2012

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

The Cognito automated threat detection and response platform

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

WHITE PAPER. Vericlave The Kemuri Water Company Hack

Securing the Software-Defined Data Center

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

BUFFERZONE Advanced Endpoint Security

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Everything visible. Everything secure.

Internet of Things Toolkit for Small and Medium Businesses

The Neutron Series Distributed Network Management Solution

Segmentation for Security

Delivering the Wireless Software-Defined Branch

Securing Your Most Sensitive Data

AT&T Endpoint Security

A Guide to Closing All Potential VDI Security Gaps

Cisco Start. IT solutions designed to propel your business

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

MEETING ISO STANDARDS

SYMANTEC DATA CENTER SECURITY

CLOUD WORKLOAD SECURITY

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

BETTER Mobile Threat Defense (BMTD)

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

PROTECTION SERVICE FOR BUSINESS. Datasheet

The Future of Threat Prevention

Carbon Black PCI Compliance Mapping Checklist

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Transcription:

Product Overview Version 1.0 May 2018 Silent Circle

The Problem Today s world is mobile. Employees use personal and company owned devices smartphones, laptops, tablets to access corporate data. Businesses rely on IP enabled devices - cameras, sensors, appliances, industrial controls over various networks from remote locations to operate. Combining the sum of the parts; the enterprise perimeter has expanded into a complex security paradigm. The threat landscape and the opportunities it represents for malicious activity is growing at alarming rates and will continue to increase. Silent Circle s secure communication products have been protecting sensitive data of all types since 2011. With the introduction of, Silent Circle s technology now addresses the enterprise s complex network perimeter. With the advantage of portability and technology, is now protecting critical assets for the following industries; U.S. Federal Government, State & Local Governments, utilities, oil & gas, finance, legal, telecommunications, healthcare and manufacturing.

About The Client is the first portable integrated firewall, Suite B Top Level Virtual Private Network (VPN), Wi-Fi and cloud analytics solution to secure remote IP devices. The Server and Silent Edge manage and terminate Client VPN connections. The solution provides protection from and visibility into threats that target your networks data, information and workforce when operating external to your networks and facilities. Most firewalls are expensive, cumbersome and single purpose. The Client provides all the features of a Next-Generation Firewall (NGFW) in a 2-inch hardened aluminum case with ultra-low power consumption and over the air capabilities for firmware patches and security feed updates. Typical NGFW devices are priced in the many thousands and limited to rackmounted installations. With a low-power mobile-first deployment, offers cutting edge network security for a mobile-iot-heavy world. Through the flexible backend deployment options of Server and Silent Edge, the security suite can easily be deployed both on premise or as a managed service. Selected Features Power Power your with any USB port or even a standard battery pack Secure Captive Portal Authentication Instantly protect user devices from malicious access points, such as Free Wi-Fi hotspots Next Generation Secure Access Easily secure user devices from network attacks by invisibly enforcing use of enterprise-controlled firewalls and quantum-resistant, Top-Secret certified IPsec VPN Edge Intelligence Prevent network intelligence gathering, such as OS detection or port scanning, stop cyberattacks before they begin Advanced Threat Protection Prevent phishing, malware delivery, and other advanced threats by blocking user network traffic to malicious Optimized User Experience Plug-and-play security appropriate for both technical and nontechnical users, no configuration required Application Visibility and Control Control thousands of different applications using applicationaware policy enforcement to ensure business resources are used appropriately

Granular Auditing and Logging Integrate with SIEM solutions to meet compliance goals and reduce overall operational workload Easy Deployment Deploy from the cloud or on-premises. Optional self-provisioning automatically applies enterprise policies to any new device. works with any IP-enabled device Deployment Methods Not only is Server easy to use, it s also flexible when considering end-point deployment options. Server offers multiple management backends to support a wide variety of deployment options the Server allows an enterprise to deploy on their platform of choice and provides a backed management console supporting up to 25 clients into a 2-inch form factor. Silent Edge provides a Silent Circle operated solution for enterprises looking to add security without operations or maintenance overhead. A single Client can be configured for multiple backends, so enterprises with complex needs are never limited. Edge For enterprises that do not want on-premise deployment or operational responsibilities, Silent Edge allows Client users to connect back to a server managed by Silent Circle on behalf of the enterprise. Users will receive the most critical security features of the client, including NGFW features, optimized security profiles and feed updates, and client Over the Air (OTA) firmware updates. Each user s Client will secure their connection to the Silent Edge cloud server, and Silent Circle will provide optimized security policies. All user network requests will be tunneled through the secure connection, bypassing any malicious attackers on the local network or the broader internet provider, and ensuring that remote systems are unable to determine the true IP address of the Client user (e.g. IP obfuscation or masking ).

Silent Edge Architecture Server With a Server, an Enterprise can provide secure access to resources that are behind their Enterprise firewall. Enterprises have the option of a physical Server device (useful for mobile-server scenarios or smaller fixed-location on-premise installations) or a virtual GSS 3000 device that can be run on local hypervisors or cloud services (useful for operational flexibility and vertical scaling to meet your use case). Remote Client users will be securely connected to the Server. The Client will provide local device security and will receive security feed updates and enterprise policy rules from the Server. Users will have full access to corporate resources.

Server Architecture

for IoT Most IoT devices stream data and information with repeatable frequency. Securing IoT traffic from various devices and network sensors can be overwhelming. assists in the detection and prevention of anomalous IoT device activity such as a remote modification of IoT software and configuration, or the exfiltration of sensor data to unauthorized destinations. All deployed sensor data can securely be tunneled and backhauled off site to a centralized operations center for analysis and fusion with other sensor and threat information. From Server s web-based console an enterprise can securely communicate with their enterprise IoT devices in the field, an ideal security solution for hard to reach assets. IoT Benefits Power Usage Energy consumption and battery capacity are key components of any IoT deployment. Requiring only 500 milliamps at 5 volts of power on boot and averaging 250 milliamps at 5 volts in normal use, is unmatched in performance per watt, a critical metric in IoT deployments. Form Factor Designed to be portable, all the functionality fits in a 2-inch cubed appliance comfortably fitting in the palm of your hand. Network Security An IoT endpoint s biggest threat is the network. provides next generation network security to any IP-enabled device including a stateful firewall, Suite B Top Secret level VPN, domain level traffic filtering, application specific traffic filtering, and even customer specific rule sets such as Snort signatures. Value Typical appliances with comparable functionality cost tens of thousands of dollars. Priced substantially less, was designed to accommodate highly scalable IoT deployments with thousands of nodes.

IoT Architecture

Customer Use Cases COMPROMISED BY YOUR SUPPLY CHAIN After several network breaches, an internal committee identified the enterprise supply chain as the biggest source of malicious network activity. The enterprise required multiple specialized subcontractors, and each subcontractor had (or did not have!) their own processes and procedures around IT security that were complicated by the extensive use of specialized equipment. For example, one subcontractor required Windows XP as a control system for large industrial milling equipment, another required special data processing and analytic software that was incompatible with some critical OS security patches, and a different contractor had multiple engineers who frequently travelled worldwide and exposed their devices to a wide range of hostile environments. The enterprise had previously tried to address this concern using compliance and robust security policies but found that even with a regularly scheduled review and compliance check of their security policies, windows of vulnerability existed with nearly every subcontractor. Once a vulnerability was exposed, it could be compromised extensively before the next security audit, and the enterprise was constantly battling attackers within its own networks. With deployment of the Client to all subcontractor facilities, and in some cases to every single user within the subcontractor, the enterprise was able to seamlessly upgrade its entire network security footprint without compromising daily business operations. Centralized control and policy enforcement were now also possible, and no subcontractors were required to update their legacy equipment. Today, the customer has implemented and restored the security of its supply chain. New threats have been halted and there is complete visibility into each individual subcontractor s internet data. YOUR SURVEILLANCE CAMERAS ARE SHARING TOO MUCH An enterprise with thousands of retail locations initiated a multi-year, multi-million-dollar video surveillance system upgrade. The end functionality was significantly better for surveillance capturing and management functionality, but there was a hidden cost - compromised network security. Unfortunately, many retail location camera installation contractors had purchased cameras using the provided video system specifications, but (unbeknown to them!) these cameras often included firmware and chipsets without a strong security posture. The enterprise found itself under attack by an organized Far East adversary who exploited firmware vulnerabilities in these camera systems, and rapidly compromised nearly every camera on the network. Without firmware updates being extracted from the different camera manufacturers and then painstakingly applied to every installed camera, the enterprise would have to consider a complete hardware and installation re-deployment with updated acceptable cameras. Even worse, the new secure cameras had much higher price points, so overall installation cost would be

significantly higher! Silent Circle was brought into to fix the problem and outlined how a client could support video requirements, had the network security features needed to lock out the adversary, and had low enough power requirements that there was no need to re-run new power cables to all systems. Today the customer has implemented and restored the security of its surveillance camera live streams. No new threats have been introduced and live streams and other information have ceased making its way to unknown adversaries. WHEN WI-FI IS FREE, YOUR PERSONAL INFORMATION MAY BE THE COST A Small and Medium Business (SMB) system detected multiple network compromises from remote employees, and an internal investigation found that those employees often connected their business smartphones and business laptops to Free Wi-Fi common in airports and coffee shops. In the most significant cases, these hotspots were determined to be malicious, and included features such as malicious authentication portals that attempted to steal user credentials, typically while the user clicks a Connect to Wi-Fi button. In multiple cases, it was determined that these hotspots simply valued functionality over security, and end users were being targeted by other hotspot users (e.g. hackers sitting at the same airport) or internet-based attackers who had gained external access to the hotspot network. Today, this customer has implemented a mandatory travel policy, and remote users simply connect their Client to the free Wi-Fi. If there is a captive portal, the Client will execute it directly on the Client within a sandbox, and absolutely no user credentials or data communications can be leaked. The travelling user is seamlessly protected from all other devices on the network and does not have to rely on the network administrator properly configuring a secure Wi-Fi experience. Even better, remote users report satisfaction that they no longer must connect multiple different devices to Wi-Fi portals, since their multiple devices are all connected to the client, authenticating the to any Wi- Fi instantly shares that connection with any laptops or mobile devices the user is carrying. Today the customer has implemented as a corporate policy when travelling, and no new threats have since entered the customer s network.

Tech Specs IPsec/VPN Throughput 60 Mbps Max Concurrent Devices(LAN) 5 RAM 1GB CPU ARM Quadcore 1.5 GHz Storage Capacity 8GB + MicroSD Interfaces (1) 2 x Ethernet 10/100/1000M (1USB) Form Factor Portable Weight 3 oz Power Input 5V @2A DC MicroUSB Dimensions 1 x 1.9 x 2.3 inches

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback