"We believe the Guardtime KSI solution set against insiders will become standard practice for most large enterprises concerned with protecting their electronic assets. Through our partnership with MTSI, we’ll be offering solutions that meet the most critical US Government needs against insiders across our markets. With professional training and certification focused on insiders, coupled to the Guardtime KSI tools and infrastructure, our approach goes well beyond integrating a specific technology, and instead delivers a new operational capability against insiders."
- Jim Blom, President of Guardtime USA
If the reporting instruments in your enterprise become subverted by someone/something that has authorized access, how can you ever trust the information these systems provide?
How would you ever know?
You can’t and the threat picture provided to your Security Operations Center (SOC) or Network Operations Center (NOC), auditor, and/or Incident Response Team is in fact a false one and detection/mitigation by these solutions therefore provides a false promise. The industry knows this as their own reporting applications can be subverted, covered up, deleted, or replaced with the picture the insider wants to provide. If there is a cryptographic secret or administrator relied upon, the enterprise can always be compromised to provide a false picture of the security and integrity environment.
Current ‘Insider Threat’ solutions provide little relevance to the day-to-day issues organizations must contend with and in fact only sacrifice capability for security and trust potentially compromised reporting systems.
Today, networks carrying mission-critical data must remain available, reliable (above all else) and yet at the same time secure and auditable. This problem is exponentially compounded with BYOD integration, enriched collaboration services, and external network/service integration (where the organization may not control the endpoints).
While each network user, administrator, or even auditor presents an opportunity for sensitive information leakage. Four main requirements are needed to combat this threat and stop data loss (Data Loss Prevention or DLP). Today, only Guardtime offers the technological components needed to assemble a responsive and comprehensive solution at scale.
- Make the network and all interactions with critical components attributable. With Guardtime’s Keyless Signature Infrastructure (KSI), truly attributable networks are now possible regardless of the digital asset. KSI signatures allow you to assign ‘state’ instrumentation to objects, files, firmware, VM images, configuration information, access, authorization, accounting, M2M, SDN, and/or OSS/BSS information and associated digital policies.
- Make all evidence of these interactions immutable. KSI signatures ensure all activities across the cyber landscape become immutable for mutual auditability. You no longer have to trust the service provider, the administrator, and/or auditor to validate the integrity of the evidence. Immutable evidence of authenticity, time, and identity can now be preserved for the lifecycle of literally any digital asset.
- Also critical: KSI signatures are portable. With the portability of immutable evidence afforded by KSI signatures across any closed, virtually closed, or open network; it is now possible to preserve, analyze, and report on Insider manipulation activities across these networks [and with the respective digital assets] – in real-time. Guardtime signatures provide time, authenticity, and identity information and work regardless of the scale required.
- Contextual Threat Intelligence to include authenticity, time, and identity. Collect, analyze, correlate, report, and respond in real-time to this new attribution and veracity information via a KSI-enabled NOC/SOC environment. With real-time evidence information that can be used to report manipulation or integrity changes across the networks, real-time mitigation is suddenly possible.
These four differentiators are essential to stop Insider Threat activities, prevent subversion, subjugation of resources, and stop data loss.
Guardtime offers the KSI solution portfolio specifically addressing the Insider Threat, which addresses urgent Information Assurance (IA), and Software Assurance (SA), and Supply Chain integrity requirements outlined by the Department of Defense, Intelligence Community (DoD/IC) and the National Institute of Standards.
Guardtime KSI solutions for Insider Threat
- Hardened logging solutions and applications enabled by KSI for storage servers, operating systems, email platforms, intrusion detection/prevention systems, webservers, databases, M2M infrastructure, and control (SCADA) systems
- Solutions for object, file, and firmware integrity and identity verification
- Real-time monitoring and verification solutions for the above
- Dedicated KSI appliances for deployment inside the enterprise
- Integrity in Infrastructure (as a Service) I²aaS and KSI signature escrow and reporting/response via a Guardtime SOC or local on-prem SOC architecture for collection, analysis, and reporting services
- SLAs that meet the 99.999% service and carrier-grade requirements for critical infrastructure
- KSI Insider Threat Roadmaps for mobility, cloud, control systems, software and hardware supply chain(s) and associated BSS digital services. KSI Solutions for Insider Threats represents one component of our National Security IA and SA Roadmap to address the pressing digital asset integrity and reliability needs of the Special Programs community in the DoD and IC.
- Professional KSI Training and Education series dedicated to comprehensive Insider Threat technology implementation and best practices (focus on NIST, CNSS, and Presidential Decision Directives on Insider Threat)
Guardtime provides the only capable Exabyte-scalable Insider Threat solution to detect and stop both malicious and inadvertent Insider Threats, incorporating strong elements of deterrence with rapid detection and with legally permissible forensic proof.
"MTSI and Guardtime recognize the unique potential for KSI solutions against critical components of the insider threat problem. KSI’s combination of transparency, timeliness, and evidence portability across large enterprises matches needs we’ve been hearing about regularly from our customers and partners. We’re confident that the application of KSI to both deter insiders, and react quickly and authoritatively when deterrence fails, will be of high value to our customers."
- Kevin Robinson, President of MTSI
Just as the KSI infrastructure itself is transparent, KSI monitoring capabilities against Insiders are fully transparent across an enterprise, and the organization can choose to develop real-time mitigation rules to investigate, respond, react or recover from malicious activities via the NOC/SOC. Coupled with focused training and certification on use of KSI to deter and mitigate insider threats, this combination also provides real opportunities for enterprises to dramatically reduce the number of Insiders events. With ubiquitous application of KSI across the enterprise and user/administrator education, irresponsible network behaviors change dramatically.
With KSI integrated into the enterprise, malicious insiders will know that they cannot cover their tracks, and that those tracks will be detected and communicated very quickly. The evidence of their activities can be immediately delivered for action without exposing the underlying content, or other expected activities in the enterprise. Meanwhile, the risks of unintentional threats are reduced dramatically, as detection and recovery timelines shrink. With training and education delivered appropriately to all levels of the organization, both malicious and inadvertent threat activities will be reduced – this represents the ultimate value of KSI.