If operating systems, routers, firewalls, and bios can be hacked then one obvious solution is to remove all of those and isolate their software and firmware from the server.
Obviously you need software to run a server or appliance. What Skyport Secure, founded in 2013, has done is build a new business around the idea that software and all changes need to be vetted by a tamper-proof hardware component before being released to the server.
Their idea is to host operating systems, virtual networks, firewalls, and hypervisors on top of a hardware device. No traffic can pass through to those servers and devices without passing through the Skyport Secure appliance first.
[See Also: The Rise of MEAN for Application Development]
The only software allowed to pass through is that which has been whitelisted. This is not going to protect desktops, laptops, and mobile devices from hacking, but it will protect hackers from installing software onto servers which they can then hack.
This approach is called a hyper-secured server. Skyport has its advocates, who have invested $15 million in start-up funds.
Skyport’s founders make the point that operating systems are not built from the ground up with security in mind. Rather those are retrofit onto the system. Since they cannot change the OS, they isolate it from the outside world.
You can think of the Skyport Server as a kind of I/O controller, like a switch or a disk controller, but it is neither of those. It’s a device designed to stand guard in front of all other devices.
Skyport saves logs so that those cannot be tampered with. They take unheard of measures, in the name of security, such as photographing the device’s own motherboard to verify that has not been tampered.
The Sky Secure Center provides the dashboard for the security component. Skyport also functions as a firewall. The user can drill into the device to see what traffic it blocked or allowed and why. So the user can see what policy applied. It automatically blocks obvious attempts at mischief like malformed and spoofed packets. The dashboard supports a wide range of point and click filters and query tools that lets the security analyst drill into traffic by subnet, type, destination, or other metric to get a visual view of what network traffic is flowing in and out of the device and devices.
With a cloud environment or hypervisor, the usual practice is to configure subnets as virtual LANs. With Sky Secure those have to be configured on the Skyport device. Because all operations of the device are check summed there is no possibility that malware can modify VLAN definitions.
Now, Skyport begs the obvious question that if other hardware and software can be hacked, can’t Skyport be hacked as well? The company says that they have a “zero-trust architecture” that protects against the most common attack vectors, which they say is mistakes in configuration, insider threat, and patches that expose new weaknesses.
[See Also: iBeacon: New Era in Geofencing for iOS]
Since the device operates off whitelists, you would have to ask from where those whitelists come. They are not crowdsourced nor cloudsourced, like antispam and antivirus. Rather, they are administered by the administrator. That means there will be new barriers put up by those in the organization who want to install software.
This is dealt with in two ways. The user can choose which servers to protect. Development and test can be left off.
As for production, that would mean that DevOps is going to have to add an additional step to deploying software, which is to whitelist their change.
The founders of Skyport all come from a security, networking, and venture capital backgrounds. Two worked at Juniper Networks. Those two and one more came from Cisco as well. One could say that Cisco was the first to come up with this hyper-secured concept, but they did not call their Unified Computing System (UCS), launched 2009, by that name. It had server, virtualization, and switching all on one x86 box.
If could be that Cisco was too new to the game and too large of a company to make a splash in the market and world of cybersecurity. Maybe Skyport can do that.
Everything you need to know about outsourcing technology development Access a special Introduction Package with everything you want to know about outsourcing your technology development. How should you evaluate a partner? What components of your solution that are suitable to be handed off to a partner? These answers and more below.