SkySecure System Overview

Transcription

1 SKYSECURE SYSTEM COMPONENTS SKYSECURE SERVER Trusted compute platform based on locked-down firmware, signed immutable images, Intel Trusted Execution Technology and the SkySecure I/O Controller. Controller hardware enforces segmentation for every VM, enables wire speed network-flow policy and packet mirroring, and helps make evidentiary audit trails tamper-resistant. SKYSECURE COMPARTMENT A hardware facilitated security layer wrapped around each individual VM. It controls workload identity, protocol, I/O, file system and identity management access via a perworkload security policy. SKYSECURE CENTER Skyport Systems hosted cloud management and remote attestation service that verifies the integrity of the system and ensures configuration and patch best practices are followed. It deploys and orchestrates VMs, manages and monitors security policies, alerts on policy violations, and features built-in analytics to assist with audit and compliance requirements. Securely stores policy, audit logs, and credentials. SkySecure System Overview Introduction Skyport s SkySecure system is an onpremises hardened server platform with integrated security capabilities that is fully cloud managed. It is designed to simplify the complexity of securing critical and exposed workloads. The SkySecure solution is an implementation of hypersecured infrastructure, with a zero-trust architecture integrating compute, security, virtualization and policy in a preconfigured, turn-key managed infrastructure platform. SkySecure: * Delivers Skyport hosted cloud management of on-premises secure servers * Features a zero-trust architecture that actively monitors its servers to ensure there are no viruses, rootkits, or malware * Wraps hosted VMs and applications with dedicated hardware-based firewalls * Records transaction and operational activity in a tamper-resistant secure data warehouse * Provides turn-key operations for orchestration and securing VMs, activity monitoring and analytics, and on-going maintenance Validates system integrity with a hardware-based root of trust and validated supply-chain from the point of manufacture with a secure and remote attestation service * Requires no specialized skills to install, no network changes, and no software agents requiring VM requalification Why SkySecure Assembling, integrating, operating, and maintaining the collection of security tools needed to protect critical server infrastructure is simply too difficult, and attackers frequently evade network and software security protections. Current software and network security aftermarket tools are not integrated, require specialized skills to use, are costly and error-prone to maintain, and force IT to pursue a patch update treadmill to test and fix new vulnerabilities. SkySecure is designed to reduce the cost, time, and skill-set required to protect critical servers on an ongoing basis.

2 Benefits of SkySecure SkySecure is a server and operational environment with security built-in from the ground up and delivered in a Skyport hosted cloud managed solution that is easy to deploy and maintain, even in remote and hostile locations. It is an on-premises trusted compute server platform that continuously protects and manages each virtual machine it runs. SkySecure: Protects VMs from malware insertion, botnet, insider threats, credential theft, and hyperjacking Prevents lateral attacks with hardware enforced per-vm firewalling, isolation and whitelist policy Audits and stops data exfiltration of sensitive information within protected VMs Thwarts infrastructure attacks with a tamper-resistant server, reduced attack surface area, and known good verification Delivers out-of-box compliance through continuous monitoring and audit with a secure data warehouse Offers plug & play insertion with incremental deployment that requires no changes to the application, OS, or network Provides turn-key operations by streamlining the separation of duties between security, network, and application teams with cloud managed workflows in the cables, and the system does the rest. It does not require on-premises expertise to maintain since the server is fully-instrumented for lights-out management. Unlike a traditional general-purpose server platform, the SkySecure Server includes only power and network connectivity, and does not expose standard disk or USB ports on the x86 server subsystems. This reduces the attack surface area that is exposed by physical access or compromise of the system or environment in which it operates. The software stack further reduces the threat surface area by hardening the firmware, OS (whitelisted SELinux), hypervisor, and management plane. The server has two major subsystems: the x86 compute subsystem and the SkySecure I/O Controller. Both have embedded Trusted Platform Modules (TPM) and the former leverages Intel Trusted Execution Technology (TXT). Communication policy is enforced by the I/O controller, deliberately out of control of the x86 subsystem that houses the VM, and all external and inter-vm traffic has to pass through it due to SR-IOV with no local or virtual switching. SkySecure System Components SkySecure is an engineered system that delivers a turnkey operational experience and is comprised of SkySecure Server: an on-premise trusted compute platform which hosts and protects VMs SkySecure Compartment: a per-vm Firewall/DMZ perimeter with application layer protections that runs on the SkySecure Server SkySecure Center: a Skyport hosted central management, monitoring, and analytic system SkySecure Server, a Trusted Compute Platform The SkySecure Server is a physically hardened, tamperresistant x86 server platform that deploys quickly with minimal manual configuration. Just unpack, rack, and plug

3 Hardware, firmware, BIOS, and software images for the x86 and I/O subsystems are measured at the point of manufacture, and a measured launch environment guards the integrity of the lowest level components in the boot environment. They perform boot-time and run-time system attestation and validation to SkySecure Center to ensure system integrity has not been compromised. monitoring is covert and cannot be detected by the virtual machine within the compartment. It is also always-on and cannot be turned off due to administrative misconfiguration. Metadata from all administrative and operational activity is captured and securely sent to SkySecure Center for off-box secure data warehousing and analysis. During incident, breach, forensic, and troubleshooting situations packet mirroring can be turned on. Packet level traces can be sent for collection and analysis to storage systems while adhering to data sovereignty policies. Each compartment includes an application-layer firewall with a policy that is specific to the VM that strictly controls communications based on DNS and IP whitelists. These are easy to maintain and audit. VMs are protected from any point-of-attack, including lateral attacks from neighboring systems in the same network security zone and even VMs hosted on the same SkySecure Server. There are several application proxies that can be used: x86 subsystem communicates only through I/O controller SkySecure Compartment, a per-vm Firewall The SkySecure Compartment is a synthetic network environment designed to protected hosted VMs from external attack and contain threats from compromised VMs. Every VM is placed in a unique compartment, which isolates the VM and prevents direct layer 2 connectivity with external networks or other VMs on the same server. Unlike virtual firewalls, the segregation is opaque to the network and application teams and requires no network re-architecture. Unlike application firewalls, it requires no software agents in the VM and cannot be bypassed if the VM is compromised. Also, unlike micro segmentation, it is a full network security and analytics stack directly attached to each VM. The compartment monitors all the I/O to and from the VM. There is an observation mode so administrators can learn and easily visualize all of the traffic for each VM. The ShieldWeb: credential separation for web connections & ensuring SSL-TLS 1.2 communications security ShieldFS: file system separation, content control, audit ShieldADMIN: credential masking for SSH and block unwanted tunneling ShieldID: Active Directory / LDAP audit and protocol upgrade Compartments protect against situations where VMs are compromised by preventing data exfiltration and follow-on exploitation. They block the VM from snooping and attacking neighboring systems, even when sophisticated methods such as ARP and DNS poisoning are used. It can prevent command & control through multi-layer protocol inspection and preventing covert tunneling through legitimate protocols such as ICMP and DNS. Exfiltrating sensitive data or credentials is difficult due to the same safeguards, and in all cases the always-on I/O surveillance guarantees tamper-resistant audit trails are available.

4 SkySecure Center, the Cloud Delivered Management System and Secure Data Warehouse The SkySecure Center is the Skyport hosted, cloudbased administration for the entire system and features full management of SkySecure servers, remote hardware attestation, and VM and policy orchestration. An integrated audit and traffic analytics service with a lifetime secure data warehouse is included to assist meeting audit and compliance requirements. A browser is the management console, and there are secure RESTful APIs to enable customization with existing SIEM, policy, and workflow systems. Unlike traditional infrastructure and security solutions, SkySecure Center provides an easy way to guarantee systems are always up-to-date. Software and service updates are verified and supplied by Skyport so no independent system verification is needed. Deploying system patches can be scheduled and rolled-out easily as part of the ongoing SkySecure service. Policies are defined using templates and are associated with VMs before deployment. They are tailored to suit the organization s security policies, and allow fine-tuned controls appropriate for known applications such as file transfer servers, web servers, AD controllers, virtualization controllers, and DNS/DHCP systems. For applications and VMs with communication patterns that are not well-understood, built-in traffic observation can be used to develop policies over time. SkySecure Center offers secured remote console access to all hosted VMs, logging and audit of system and workload operations, as well as detailed traffic visualization and auditing to assist in remote troubleshooting and traffic forensics. All events of the system are stored in a secure data warehouse and they are signed and time stamped. This provides a tamperresistant audit and evidentiary trail for all events and I/O meta-data for each VM for its lifetime. Reduced Threat Surface Area Sophisticated attacks are often able to bypass security controls in traditional environments. SkySecure s unique approach provides protection against a range of attacks that usually succeed, such as: Undetected data exfiltration Reuse of stolen application or server credentials Identifying neighboring systems to exploit Exploiting known web crypto vulnerabilities Poisoning network services Hardware, BIOS, firmware, and hypervisor attacks SkySecure Detects & Stops Sophisticated Attacks DNS/ICMP/SSH tunneling Rogue FTP/SFTP/SCP I/O I/O to botnet-controllers Pass-the-ticket & hash Vulnerability scanning DNS/ICMP scanning Sniffing broadcast traffic Heartbleed, Poodle, Freak, Logjam DNS poisoning ARP & MAC spoofing Hyperjacking USB/console port attacks BIOS reset Undetected hardware changes Reducing the threat surface area is accomplished with a variety of protections that span the entire technology stack: Hardened hardware with no extraneous ports and a hardware-based visibility and network security stack Hardened firmware to address firmware compromise and provide secure remote management Hardened hypervisor & server OS to stop hypervisor break-out attacks and OS process level attacks Hardened VM environment that defends against credential compromise, data exfiltration, protocol level attacks, lateral attacks, and covert communication channel use Hardened management plane to reduce the risk of insider threat and mitigate against infrastructure attacks

5 Common Deployment Use-Cases SkySecure is well-suited to protect remote, exposed, critical, and high value applications and servers, such as: Servers in hostile and untrusted locations and branch offices with insecure physical controls, untrusted personnel access, and issues with a secure delivery chain. SkySecure servers have a locked-down chassis, hardware and software tamper detection, lights-out remote management, and they do not need on-site skilled staff to deploy. Exposed DMZ applications and gateways that are persistently under attack. SkySecure reduces the threat surface area, enforces application specific protections, prevents lateral attacks, has an observation mode, monitors and prevents exfiltration attempts, and prevents follow-on exploitation due to credential theft. Critical applications that manage the IT infrastructure are the keys-to-the-kingdom. SkySecure provides full visibility and real-time access control of communications to and from the VM, enforces whitelist access policy, and compartmentalizes critical credentials. High value electronic assets that use sensitive data while it is not encrypted. SkySecure protections span the entire platform and provide packet mirroring to obtain an evidentiary trail for incident and breach handling. Conclusion The threat landscape is changing and securing key applications and servers against sophisticated attacks is a priority for most organizations. However, it is challenging to be successful: the attack vectors continue to expand due to IT automation, aggressors constantly find new vulnerabilities to exploit, and assembling and maintaining the necessary technology stacks to protect systems is complex. SkySecure is a system designed to protect mission-critical applications while reducing operational complexity. It combines a secure server with per-vm protections that reduces the threat surface area, protects against attacks that bypass traditional safeguards, and is well suited for deployment in hostile locations. It is delivered as a cloud managed service with streamlined workflows to simplify installation and ongoing operations. On-premise 2-RU x68 server Server System Comparison Server System Capabilities OEM Rack Server Skyport Basic server software: BIOS, drivers, firmware, OS Virtualization software Event log storage, reporting, analytics, & audit Per-application firewall Managed-as-a-service Detects & prevents data and credential exfiltration Built-in integrity verification: HW, firmware, virtualization, software Sells-as-a-service: protects against obsolescence Skyport Systems 280 Hope Street Mountain View, CA info@skyportsystems.com Hardened chassis for hostile environments voids warranty