VALTX ABSOLUTE SECURITY

Transcription

1 VALTX ABSOLUTE SECURITY Technical Whitepaper Securing Endpoint Computers with Absolute Certainty - Combating Cyber Warfare, Cyber Crime, Cyber Espionage & Cyber Terrorism Dennis Meharchand CEO, Valt.X Technologies Inc.

2 Abstract The main technologies currently utilized to secure endpoint computers are: Signature based Anti-Virus; White listing of authorized Applications, Heuristics / File Behavior, Virtualization and Sandboxing. These technologies do not provide adequate security with failure rates often exceeding 50% in today s malware world of Advanced Persistent Threats (APT), which are designed to elude detection. Leading analyst group, Gartner, Inc., in its Magic Quadrant for Endpoint Protection Platforms, January 2012, report sums up the current state of Endpoint Protection: Endpoint protection platforms continue to struggle to block typical malware threats, and are even less effective with low-volume targeted attacks. Companies covered in the Gartner report include: Symantec, McAfee, Trend Micro, Microsoft, Kaspersky Labs, ESET, Check Point, IBM, LANDesk, Panda, GFI, Lumension, Total Defense, eeye Digital Security and SkyRecon Systems. Valt.X Technologies has developed software and semiconductor based products to secure and ensure that systems are malware free upon every system boot - eliminating all known malware, new Zero-Day Threats and APT malware. The technology also negates the need for frequent and time consuming patch updates while facilitating testing and rapid implementation of updates as needed with an Instant Bit-Level Rollback feature. The Valt.X technology provides an Absolute Defense against all malware types and threat vectors without degrading system performance. IT Administrators and computer owners and can be certain that their systems have not been compromised ensuring computers remain in a safe operating state in the event of Cyber Warfare, Cyber Crime and Cyber Terrorism attacks. Future Implementation: Panic Password Erase; Call Home; Military Command and Control. Principles behind creation and development The concept behind creation and development of Valt.X Absolute Security for Windows and The S Chip (Security Semiconductors) is as follows: The content of a computer systems hard disk drive, which contains the Operating Environment (Operating System, Applications, Registry and Scripts) is typically targeted for attack as malware purveyors seek to infect and take control of the computer system. The Operating Systems and Applications with the greatest global prevalence are most frequently targeted Microsoft Windows Operating System and applications such

3 as Internet Browsers, Adobe PDF and Microsoft Office Programs. Once a system is initially compromised the attackers can then deploy additional controlling malware in order to take complete control of the system and use it to launch attacks within an organization and externally. Key Criteria for an Effective Security/Protection System: 1. Lock down, secure and protect the Operating Environment without causing the system to break while facilitating authorized updates 2. Lock down, secure and protect Static Data from unauthorized modification and theft 3. Allow Dynamic Data to be changed by authorized users Hide Dynamic Data from general view for further protection 4. The Security Technology used must itself be immune/effectively resistant to attack and should not rely on Signatures, Heuristics, Whitelisting or Sandboxing as ~100,000 new pieces of malware are deployed daily, the majority being Zero-Day, APT s designed to avoid detection. The Security Technology also should not degrade system performance Valt.X Absolute Security Solution: Create a Secure Locked Storage area in which to store the authorized malware free base image of the C: Drive containing the Operating Environment (Operating System, Programs and Applications, Registry and Scripts) and Static Data. Create a Change Storage area to temporarily hold changes (Hard Drive writes) intended for the C: Drive Create Dynamic Data Storage areas as logical or primary hard disk drives (D:, E:, F: ) Move User Folders that normally hold Dynamic Data to the Data Drive(s) protect the System Desktop by keeping the Desktop Folder in the Secure Drive Deflect and keep track of any changes intended for the C: Drive to the Change Storage Area the Secure Drive area is never written to during normal operation Combine the Secure Storage Area and the Change Storage Area into one and present to the system as the C: Drive - Simply locking the system drive and discarding all changes would cause a system to break as applications request recently written information

4 When the system reboots automatically discard all changes to the Change Storage Area returning to a known, secure malware free base system image Dynamic Data Drives can be optionally hidden from the Operating System until needed opened via Password or Physical Key authentication To accommodate authorized updates, Valt.X Technologies solutions will allow authorized administrators and users to Keep Changes across system reboots for testing and Backing Up (making permanent) those changes by moving them to the Secure Storage Area. Valt.X Technologies has developed these solutions in both Software and Semiconductor based implementations. The Valt.x technology is applicable to any system which is based on a Computing Device and a Storage Device, be it Endpoint Computers, Electronic Mobile Devices such as Tablets and Smart Phones, Vehicles or Planes. Valt.X Technologies software based solutions will operate on and protect at all software layers Application, Device Driver, Kernel and Bus to prevent circumvention. Implementation will ensure Security System starts upon every system boot. Valt.X Technologies Hardware (Semiconductor) based solutions are physically implemented in front of the storage device(s), rendering system circumvention impossible. Valt.X Implementations Valt.X has both Software (Valt.X Absolute Security for Windows) and Hardware (The S Chip) solutions. The Valt.X Semiconductor can be implemented directly onto device motherboards or via add-on adapters. Edition Valt.X Absolute Security for Windows (Software) There are 4 editions of Valt.X Absolute Security for Windows: Secure Operating Environment Instant Patch Rollback Secure Hidden Data Drive Solid State and Analog Drive Implementation Optional Encryption Standard Professional Premium* Supreme* Premium and Supreme Editions are available with Password Authentication or Physical USB Key Authentication. Dual Multi-Factor Authentication (Password and Physical USB Key) are also options.

5 Functions can be invoked via Graphical Menu or Command Line Secure Operating Environment: The Valtx secured system drive is 100% protected from all Drive-By browser environment malware attacks (known or unknown) users may surf the internet and open any without fear of being infected with malware all writes to the Valtx protected system drive, including any attempted malware or unauthorized writes, are automatically deflected to a temporary change area and eliminated when the computer is restarted, ensuring the computer remains clean and secure. Not allowing any changes to the secure area while the computer is in normal operation provides an absolute defense rather than the failed traditional approaches of checking for incoming malware signatures, attempting to determine all bad behavior or white listing of good applications. During operation the Secure and Change areas are combined and presented to the system as if the changes were implemented / written to the secure area. Keeping all writes intended for the C: Drive in a separate Change area effectively quarantines all malware that may have attempted to attack the system C: Drive. Instant Patch Rollback: The Valt.X Absolute Security system can be instructed to keep all changes upon system reboots to allow testing of Patch / System updates. If for any reason an update fails, an opportunity is provided at system boot-up to discard the Changes deflected to the Change area returning the system to its known good state. Secure Hidden Data Drive: During Configuration a Secure Hidden Data Drive can be setup. The Drive is not visible even to the Operating System until a Password or USB Authentication Key is provided, which provides visibility to the Drive. The Secure Drive can be opened and closed (Hidden) at will. With the USB Authentication Key the Secure Drive is automatically opened when the key is inserted and closed (Hidden) when the Key is removed. Encryption: Optional Keyless Encryption can be applied to Data Drives and /or System Drives to provide protection in case the computer system becomes lost or stolen - Currently implemented on Secure Hidden Data Drive area. Panic Password (Future Implementation): When the Panic Password is supplied instructs the Security System to erase all information on the Disk Drive. Call Home (Future Implementation): System can be programmed to contact a home base with current IP address used to track stolen/lost systems. Command and Control (Future Implementation): Possible to build in a feature that allows Military Command and Control of Systems.

6

7 (Hardware - Semiconductor) The S Chip Security Semiconductor provides the same function as Valt.X Absolute Security for Windows securing endpoint computers with absolute certainty Server Desktop Laptop ValtX Software or Hardware Installed on OS Device(s) Device Hard Disk Drive(s) Partitions - All Encrypted by VASE at Kernel Level Protected Secure Boot C1: Change / Temporary C2: Data D: Invisible Secure Data K: - Visible w/ USB Key Implementations: Directly on Motherboard: The S Chip can be implemented directly on the motherboard of electronic devices positioned between the Storage Device and the

8 Storage Device Controller. Optionally the Security logic contained in the S Chip can be implemented in Storage Controllers such as the SATA controller in computers Plug in PCIe Cards: In Desktops & Servers - Connects to System Drive Bridge Adapters: In Desktops & Servers plugs onto back of system SATA Drive Secure Mirrored Raid: Mirrored Raid Subsystems incorporating The S Chip Notebook Upgrade Kit: Fits in CD-ROM/DVD Drive slot. The S Chip plus space for a 2.5 inch Analog or Solid State Drive Cyber Secure Notebooks and Panel PC s incorporating The S Chip on the motherboard under development Current, widely deployed technologies are not effective Leading analyst group, Gartner Inc., in its Magic Quadrant for Endpoint Protection Platforms, January 2012, report sums up the state of Endpoint protection: Endpoint protection platforms continue to struggle to block typical malware threats, and are even less effective with low-volume targeted attacks. Companies covered in the Gartner report include: Symantec, McAfee, Trend Micro, Microsoft, Kaspersky Labs, ESET, Check Point, IBM, LANDesk, Panda, GFI, Lumension, Total Defense, eeye Digital Security and SkyRecon Systems. Technologies used by companies covered in the Gartner report include: Anti-malware Anti-spyware Personal firewalls Host-based intrusion prevention Port and device control Full-disk and file encryption Endpoint data loss prevention (DLP) Application vulnerability management and application control White listing, & Sandboxing

9 Market Segment Application Valt.X Absolute Security software and hardware products are applicable to all computers in all market segments and geography. Governments around the world are urgently seeking solutions to secure the internet in the face of unprecedented levels of cyber attacks. The key considerations for securing the cyber space include: The security of cyber space is not an optional issue but an imperative need in view of its impact on national security, public safety and economic well-being. The issue of cyber security needs to move beyond traditional technological measures based primarily on malware detection first, then remediation, firewalls and the like. True security that deals effectively with today s threats, which are designed to be highly problematic to detect, must be proactive and prophylactic in nature and exhibit the necessary depth to prevent attacks in the first place. focus of these efforts would be: 1) To prevent cyber attacks on critical infrastructure 2) Reduce vulnerability of critical infrastructure to cyber attacks. 3) Enhancing the capability of critical infrastructure to resist cyber attacks 4) Minimize damage and recovery in a reasonable time frame time The primary focus of these efforts is to secure the information resources belonging to Government as well as those in the critical civilian sectors. The critical sectors include Defense, Finance, Energy, Transportation and Telecommunications. Applicability of Valt.X Absolute Security Technology: Attacks can either occur from external sources or sources within a country that have been compromised. Attacks occurring from outside a country may be mitigated by shutting off pipelines if one knows that such an attack is actually occurring in real time. In reality it is virtually impossible to know when attacks are occurring it could be years before an attack is even discovered. Attackers will attempt to infect and control endpoint computers closest to the target. It is therefore imperative that Computers in the Critical Infrastructure be protected. The Valt.X Absolute Security technology ensures that Critical Infrastructure computers remain operational and malware free. By

10 quarantining and eliminating all unauthorized changes the Valt.X Absolute Security technology ensures that any attacking malware has been eliminated contributing to all of the four focus efforts identified above. 1) To prevent cyber-attacks on critical infrastructure: Endpoint Computers secured with the Valt.X Absolute Security technology are immune to being compromised and used for attack purposes we recommend that all computers in a country, particularly those within critical infrastructure networks be secured with the Valt.X technology 2) Reduce vulnerability of critical infrastructure to cyber-attacks. Endpoint Computers protected by Valt.X Absolute Security for Windows are not vulnerable to being compromised by cyber attacks 3) Enhancing the capability of critical infrastructure to resist cyber attacks Endpoint Computers protected by Valt.X Absolute Security for Windows are not vulnerable to being compromised by cyber attacks 4) Minimize damage and recovery in a reasonable time frame time All attacks, Known, Zero Day or APT s are deflected and eliminated upon system reboot by the Valt.X Absolute Security technology Government Government may come under attack from foreign nations, cyber terrorists, hacktavists and cyber criminals. To keep systems operational it is necessary to ensure that government owned computers are malware free and operational. Defense Sector Given regional conflicts all Defence sectors, especially Air and Communication, need to be protected and kept operational. A prime tactic in any conflict is to try and knock out a country s Air Defense and Defense Communication ability. It is imperative that computers within these areas are not compromised by cyber attacks giving the enemy control or interruptive capability. The Valt.X Absolute Security technology provides this ensuring that these critical systems remain impervious to compromise. It is imperative that the computer systems be secured as soon as possible as all nations, regardless of size, can deploy cyber warfare capabilities. Civilian Sectors Besides the Defense Sector Civilian critical sectors of Finance, Energy, Transportation and Telecommunications all need to protected and remain operational. If their computer systems are compromised they could be rendered un-operational or data can be stolen resulting in significant losses. All computers within a country can be used to attack Government and Critical Infrastructure computers we recommend that all computers in a country deploy the Valt.X Absolute Security technology.

11 Standards and Requirements Software Implementations Valt.X Absolute Security for Windows is applicable to all Windows Operating Systems including Server editions; planned development includes multiple Non-Windows operating system versions. Hardware Implementations Valt.X Hardware (Semiconductor) based solutions are OS independent and have been successfully tested in Windows, Linux and UNIX implementations. Apple Lion and ios and Android OS based systems have not been tested, however there is no basis theoretically or technically that would preclude successful adaptation to those environments. Hardware solutions have both single boot and multi boot images. Requirements Free hard drive space equal to the size of the allocated secure drive space Contact: Valt.X Technologies Inc.