Product Overview Version 1.0 May 2018 Silent Circle
The Problem Today s world is mobile. Employees use personal and company owned devices smartphones, laptops, tablets to access corporate data. Businesses rely on IP enabled devices - cameras, sensors, appliances, industrial controls over various networks from remote locations to operate. Combining the sum of the parts; the enterprise perimeter has expanded into a complex security paradigm. The threat landscape and the opportunities it represents for malicious activity is growing at alarming rates and will continue to increase. Silent Circle s secure communication products have been protecting sensitive data of all types since 2011. With the introduction of, Silent Circle s technology now addresses the enterprise s complex network perimeter. With the advantage of portability and technology, is now protecting critical assets for the following industries; U.S. Federal Government, State & Local Governments, utilities, oil & gas, finance, legal, telecommunications, healthcare and manufacturing.
About The Client is the first portable integrated firewall, Suite B Top Level Virtual Private Network (VPN), Wi-Fi and cloud analytics solution to secure remote IP devices. The Server and Silent Edge manage and terminate Client VPN connections. The solution provides protection from and visibility into threats that target your networks data, information and workforce when operating external to your networks and facilities. Most firewalls are expensive, cumbersome and single purpose. The Client provides all the features of a Next-Generation Firewall (NGFW) in a 2-inch hardened aluminum case with ultra-low power consumption and over the air capabilities for firmware patches and security feed updates. Typical NGFW devices are priced in the many thousands and limited to rackmounted installations. With a low-power mobile-first deployment, offers cutting edge network security for a mobile-iot-heavy world. Through the flexible backend deployment options of Server and Silent Edge, the security suite can easily be deployed both on premise or as a managed service. Selected Features Power Power your with any USB port or even a standard battery pack Secure Captive Portal Authentication Instantly protect user devices from malicious access points, such as Free Wi-Fi hotspots Next Generation Secure Access Easily secure user devices from network attacks by invisibly enforcing use of enterprise-controlled firewalls and quantum-resistant, Top-Secret certified IPsec VPN Edge Intelligence Prevent network intelligence gathering, such as OS detection or port scanning, stop cyberattacks before they begin Advanced Threat Protection Prevent phishing, malware delivery, and other advanced threats by blocking user network traffic to malicious Optimized User Experience Plug-and-play security appropriate for both technical and nontechnical users, no configuration required Application Visibility and Control Control thousands of different applications using applicationaware policy enforcement to ensure business resources are used appropriately
Granular Auditing and Logging Integrate with SIEM solutions to meet compliance goals and reduce overall operational workload Easy Deployment Deploy from the cloud or on-premises. Optional self-provisioning automatically applies enterprise policies to any new device. works with any IP-enabled device Deployment Methods Not only is Server easy to use, it s also flexible when considering end-point deployment options. Server offers multiple management backends to support a wide variety of deployment options the Server allows an enterprise to deploy on their platform of choice and provides a backed management console supporting up to 25 clients into a 2-inch form factor. Silent Edge provides a Silent Circle operated solution for enterprises looking to add security without operations or maintenance overhead. A single Client can be configured for multiple backends, so enterprises with complex needs are never limited. Edge For enterprises that do not want on-premise deployment or operational responsibilities, Silent Edge allows Client users to connect back to a server managed by Silent Circle on behalf of the enterprise. Users will receive the most critical security features of the client, including NGFW features, optimized security profiles and feed updates, and client Over the Air (OTA) firmware updates. Each user s Client will secure their connection to the Silent Edge cloud server, and Silent Circle will provide optimized security policies. All user network requests will be tunneled through the secure connection, bypassing any malicious attackers on the local network or the broader internet provider, and ensuring that remote systems are unable to determine the true IP address of the Client user (e.g. IP obfuscation or masking ).
Silent Edge Architecture Server With a Server, an Enterprise can provide secure access to resources that are behind their Enterprise firewall. Enterprises have the option of a physical Server device (useful for mobile-server scenarios or smaller fixed-location on-premise installations) or a virtual GSS 3000 device that can be run on local hypervisors or cloud services (useful for operational flexibility and vertical scaling to meet your use case). Remote Client users will be securely connected to the Server. The Client will provide local device security and will receive security feed updates and enterprise policy rules from the Server. Users will have full access to corporate resources.
Server Architecture
for IoT Most IoT devices stream data and information with repeatable frequency. Securing IoT traffic from various devices and network sensors can be overwhelming. assists in the detection and prevention of anomalous IoT device activity such as a remote modification of IoT software and configuration, or the exfiltration of sensor data to unauthorized destinations. All deployed sensor data can securely be tunneled and backhauled off site to a centralized operations center for analysis and fusion with other sensor and threat information. From Server s web-based console an enterprise can securely communicate with their enterprise IoT devices in the field, an ideal security solution for hard to reach assets. IoT Benefits Power Usage Energy consumption and battery capacity are key components of any IoT deployment. Requiring only 500 milliamps at 5 volts of power on boot and averaging 250 milliamps at 5 volts in normal use, is unmatched in performance per watt, a critical metric in IoT deployments. Form Factor Designed to be portable, all the functionality fits in a 2-inch cubed appliance comfortably fitting in the palm of your hand. Network Security An IoT endpoint s biggest threat is the network. provides next generation network security to any IP-enabled device including a stateful firewall, Suite B Top Secret level VPN, domain level traffic filtering, application specific traffic filtering, and even customer specific rule sets such as Snort signatures. Value Typical appliances with comparable functionality cost tens of thousands of dollars. Priced substantially less, was designed to accommodate highly scalable IoT deployments with thousands of nodes.
IoT Architecture
Customer Use Cases COMPROMISED BY YOUR SUPPLY CHAIN After several network breaches, an internal committee identified the enterprise supply chain as the biggest source of malicious network activity. The enterprise required multiple specialized subcontractors, and each subcontractor had (or did not have!) their own processes and procedures around IT security that were complicated by the extensive use of specialized equipment. For example, one subcontractor required Windows XP as a control system for large industrial milling equipment, another required special data processing and analytic software that was incompatible with some critical OS security patches, and a different contractor had multiple engineers who frequently travelled worldwide and exposed their devices to a wide range of hostile environments. The enterprise had previously tried to address this concern using compliance and robust security policies but found that even with a regularly scheduled review and compliance check of their security policies, windows of vulnerability existed with nearly every subcontractor. Once a vulnerability was exposed, it could be compromised extensively before the next security audit, and the enterprise was constantly battling attackers within its own networks. With deployment of the Client to all subcontractor facilities, and in some cases to every single user within the subcontractor, the enterprise was able to seamlessly upgrade its entire network security footprint without compromising daily business operations. Centralized control and policy enforcement were now also possible, and no subcontractors were required to update their legacy equipment. Today, the customer has implemented and restored the security of its supply chain. New threats have been halted and there is complete visibility into each individual subcontractor s internet data. YOUR SURVEILLANCE CAMERAS ARE SHARING TOO MUCH An enterprise with thousands of retail locations initiated a multi-year, multi-million-dollar video surveillance system upgrade. The end functionality was significantly better for surveillance capturing and management functionality, but there was a hidden cost - compromised network security. Unfortunately, many retail location camera installation contractors had purchased cameras using the provided video system specifications, but (unbeknown to them!) these cameras often included firmware and chipsets without a strong security posture. The enterprise found itself under attack by an organized Far East adversary who exploited firmware vulnerabilities in these camera systems, and rapidly compromised nearly every camera on the network. Without firmware updates being extracted from the different camera manufacturers and then painstakingly applied to every installed camera, the enterprise would have to consider a complete hardware and installation re-deployment with updated acceptable cameras. Even worse, the new secure cameras had much higher price points, so overall installation cost would be
significantly higher! Silent Circle was brought into to fix the problem and outlined how a client could support video requirements, had the network security features needed to lock out the adversary, and had low enough power requirements that there was no need to re-run new power cables to all systems. Today the customer has implemented and restored the security of its surveillance camera live streams. No new threats have been introduced and live streams and other information have ceased making its way to unknown adversaries. WHEN WI-FI IS FREE, YOUR PERSONAL INFORMATION MAY BE THE COST A Small and Medium Business (SMB) system detected multiple network compromises from remote employees, and an internal investigation found that those employees often connected their business smartphones and business laptops to Free Wi-Fi common in airports and coffee shops. In the most significant cases, these hotspots were determined to be malicious, and included features such as malicious authentication portals that attempted to steal user credentials, typically while the user clicks a Connect to Wi-Fi button. In multiple cases, it was determined that these hotspots simply valued functionality over security, and end users were being targeted by other hotspot users (e.g. hackers sitting at the same airport) or internet-based attackers who had gained external access to the hotspot network. Today, this customer has implemented a mandatory travel policy, and remote users simply connect their Client to the free Wi-Fi. If there is a captive portal, the Client will execute it directly on the Client within a sandbox, and absolutely no user credentials or data communications can be leaked. The travelling user is seamlessly protected from all other devices on the network and does not have to rely on the network administrator properly configuring a secure Wi-Fi experience. Even better, remote users report satisfaction that they no longer must connect multiple different devices to Wi-Fi portals, since their multiple devices are all connected to the client, authenticating the to any Wi- Fi instantly shares that connection with any laptops or mobile devices the user is carrying. Today the customer has implemented as a corporate policy when travelling, and no new threats have since entered the customer s network.
Tech Specs IPsec/VPN Throughput 60 Mbps Max Concurrent Devices(LAN) 5 RAM 1GB CPU ARM Quadcore 1.5 GHz Storage Capacity 8GB + MicroSD Interfaces (1) 2 x Ethernet 10/100/1000M (1USB) Form Factor Portable Weight 3 oz Power Input 5V @2A DC MicroUSB Dimensions 1 x 1.9 x 2.3 inches