Skyport Systems
today announced availability of the SkySecure System, hyper-secured
infrastructure that gives organizations cost-effective and easy to
manage trusted computing and enables policy enforcement at the
application edge. This engineered system is based on patent-pending
application security technology which enforces policy on hosted
workloads without software agents or network changes. Organizations that
deploy SkySecure benefit from continuous full-stack monitoring of
policy and verification that their systems have not been modified by
outside entities.
Deploying
secure computing systems today requires assembling of over a dozen
point products that were not designed to work together -- resulting in
systems that are never properly protected. Incremental responses to this
trusted compute and policy enforcement dilemma, from function-specific
network security appliances to software agents that can easily be
disabled, have proven to be ineffective. A new approach is required -
one with an architecture built from the ground up with information
assurance at its core.
A recent report from Gartner, Inc., Designing an Adaptive Security Architecture for Protection From Advanced Attacks,
says, "Enterprises are overly dependent on blocking and prevention
mechanisms that are decreasingly effective against advanced attacks.
Comprehensive protection requires an adaptive protection process
integrating predictive, preventive, detective and response capabilities.
...Advanced targeted attacks are easily bypassing traditional firewalls
and signature-based prevention mechanisms. All organizations should now
assume that they are in a state of continuous compromise."
SkySecure
is designed for deployment at the most critical points of
infrastructure, including exposed DMZs, branch and remote environments,
high-value business applications and foundational IT control systems
such as Microsoft Active Directory, DNS servers and
virtualization/cloud/big data/SDN controllers. Deployment is turn-key --
no changes are required to networks, applications, or operating
systems.
"Our
silicon designs represent the core of our business and finding the
right platform to transfer them globally is essential," Mark Grimse,
vice president of information technology at Rambus. "SkySecure is the
only platform we've found that gives us the confidence that our designs
are going where they need to go in a secure, uncompromised manner."
The
SkySecure platform consists of three main components: on-premise
trusted computing systems, software-based/hardware-enforced compartments
that enforce policy around each hosted virtual machine and centralized
management and monitoring that centrally orchestrates security policy
and enables total application visibility.
SkySecure Server: On-Premise Trusted Computing
The
SkySecure Server reduces the threat surface by removing physical attack
vectors and implementing Intel Trusted Execution Technology. Hardware,
firmware and software components are validated at the point of
manufacture and continuously once deployed. After properly attesting,
the system boots a fully whitelisted Security Enhanced Linux (SELinux)
implementation. This is a server designed to catch and contain malware and rootkits.
SkySecure Compartment: Hardware-Enforced Dynamic Whitelisting
SkySecure
Compartments enable a dynamic whitelist and application-layer
protections around each workload deployed on a SkySecure Server, houses
them in a synthetic operating environment and assumes a zero-trust
posture regarding all network access. This is a security perimeter that developers and rootkits cannot bypass.
SkySecure Center: Secure Data Warehouse
SkySecure
Center provides verification of the integrity of SkySecure Servers, a
secure policy store, a tamper-resistant audit log, certificate
management system and visibility into all traffic flows and application
interactions across each workload. This is an audit, log, and traffic analytics data warehouse with full-stack visibility.
"Every
CIO we've talked to has deployed virtualization, single-sign on, cloud
and big data systems to automate processes and make IT more agile, but
this has resulted in critical control points in the infrastructure,"
said Douglas Gourlay, corporate vice president of Skyport Systems.
"Skyport Systems is delivering a system that is secure by default: from
the point of inception, not belated integration. We are building a
hyper-secured infrastructure foundation for mission-critical systems."
For More Information
Skyport
is hosting a webcast explaining the technical architecture of the
SkySecure system and presenting real-world use cases on Thursday, 21
May, at 9 a.m. Pacific Daylight Time. Register to learn more.
Pricing and Availability
SkySecure
will be generally available in June. SkySecure is priced as a
subscription based service that includes all on-premises equipment,
software and service components.