Nowadays, cyber-attacks are automated but still under human direction and control, and therefore cyber defenses must also be automated to have any chance of protecting cyber and digital assets from both the automated attacks and the human element behind those attacks.
Detecting and thwarting attacks and cleaning up the aftermath is a difficult task. Most cyber security systems are neither automated nor integrated. They operate as sets of individual tools which may have aspects of automation incorporated into them. For instance, automating the updating of signature catalogs is necessary but insufficient, as signature-based solutions are reactionary and are unable to detect zero-day and polymorphic attacks. An automated cyber defense system must provide better protection than this.
- First, to provide security prevention versus detection a solution must encompass a scheme that addresses an attack when the network session is established.
Any time later than that and the attacker will find a vulnerability in the defenses that have been put in place. BlackRidge TAC (Transport Access Control) authenticates a network packet at session establishment and therefore only allows legitimate connections to a protected resource such as a server, datacenter, a resource connected to a virtual machine or cloud services.
Cyber attackers don’t see the protected resource since BlackRidge TAC prevents responses to un-authenticated requests. In essence the resource is unapproachable from anyone who is not authorized to see or access the service. BlackRidge accomplishes this by inserting a cryptographic generated token in the session and the gateway or virtual gateway at the server or service checks for authentication.
- The second major capability offered by BlackRidge is a solution that can scale from IoT devices to large data centers. BlackRidge augments the TCP/IP software stack at the client or IoT device (i.e. the token insertion point) to insert a cryptographically secured identity token. At the server or services end of the TCP session (i.e. token recognition point), a BlackRidge TAC gateway is inserted between the server or service to authenticate every session.
The gateway only allows authenticated traffic to get through and the server or service responds to the TCP/IP traffic normally. The gateway operates using simple table lookups instead of performing computationally complex calculations, enabling it to scale from a single Ethernet connection to large data center connections with the same low, deterministic latency. The gateway can also redirect traffic for those packets that do not have a legitimate token. This allows the administrator to apply forensics to all traffic.
A BlackRidge adaptive trust platform can be easily connected to additional components to provide a dynamic cyber security solution that easily scales.
BlackRidge provides APIs to connect to identity management systems, interfaces to network analytics engines for real-time feedback, and a GUI interface for management systems. By adding these other components to the BlackRidge platform, a fully automated cyber security architecture can be achieved with near real-time response.
Read our whitepaper “A Next Generation Security Architecture for IoT and Blockchain Infrastructure” to find out more how BlackRidge is Defending Blockchains from Network Attacks.
To learn more about our cybersecurity solutions and products, check out our website.
This article was written by John Hayes, the co-founder of BlackRidge Technology and has served as its Chief Technology Officer since its inception. Mr. Hayes is a technology entrepreneur who specializes in cyber security, networking, I/O interface design, storage architecture, and communications protocols.