Data-Centric Security 

Modern cybersecurity  solutions are based on the same core principle: search for vulnerabilities. Firewalls scanning traffic that enters the network, signature-based malware detection schemes, sandboxing or multi-vector virtual execution to run code inside a protected environment. Yet, despite of all the efforts, and hundreds of billions of dollars invested in cyber security, large scale cyber breaches continue to be everyday news.  

The problem is that the attackers always remain one step ahead of those who protect the networks, and it takes just one successful breach for an attacker to comprehensively succeed. Anything less than 100% success means defeat. And you’re protecting against the invisible enemy - because oftentimes, the threat didn’t exist before targeting you.  

Modern security is also largely useless against attacks that originate from inside the network - the insider threat.  As Edward Snowden has shown, when system administrators have unrestricted access and can modify/delete evidence of their activities, detecting the source of attacks is almost impossible using only perimeter defenses.

KSI: Real Time Situational Awareness.

KSI adds a new real-time capability for security professionals by focusing on the integrity of the assets that make up a network - the configuration of every switch and router, firmware, event logs, binaries etc can be verified independently and in real time.

For the first time, KSI enables any network to be attributed. In a KSI attributed network, one can guarantee the true state of any component within that network, meaning any unauthorized change in the state represents an attack, whether internal or external, and can be detected with 100% accuracy. It’s the difference between searching for needles in a haystack and having real-time certainty of the position and properties of every straw of hay.  

With Guardtime KSI the properties of important digital assets and network components (routers, switches, applications, virtual machines, configuration information, audit and event log systems, and associated network services) can be tagged, tracked and located. An organization’s Network Operations Center (NOC) or Security Operations Center (SOC) can simply adjudicate and trace any changes to signatures to determine the integrity state of their network or important archives via automated (or manual) reporting, analysis, and visualization.

With this real-time awareness regarding the integrity state of important digital asset components, organizations seeking to protect the integrity of their network can make real-time decisions in the event that the network and/or asset is compromised and quickly identify the cause and specific component(s) responsible for the loss of integrity. Subsequently, with this real-time awareness, real-time incident response, real-time data-loss prevention, investigation, and/or network resilience is now possible to detect and react to any misconfiguration, network and/or component/application failure.

KSI directly supports enhanced continuity of operations, data loss prevention (due to theft or maliciousness), and is a new form of Advanced Persistent Threat (APT) detection when malware infects a crucial network or system component. The changed state of the asset provides a real-time alert, which can then be investigated, audited, and/or behavior stopped. If an asset is affected by malware, the signature information changes, the asset can be ‘sandboxed’ or firewalled before further infection or transfer.

How it works

  1. KSI signatures baseline the state of your important digital assets – we call this concept a ‘Clean State Proof’, highlighting their authenticity, time, and identity. By collecting, analyzing, correlating and reporting this evidence one can build a real-time integrity picture of the network and/or important digital repositories and archives.
  2. ‘Active Integrity’ - with real-time awareness regarding the integrity state of important digital asset components, organizations seeking to protect the integrity of their network can make real-time decisions in the event that the network and/or asset is compromised and quickly identify the cause and specific component(s) responsible for the loss of integrity. 
  3. Subsequently, real-time incident response, real-time data-loss prevention, investigation, and/or network resilience is now possible to detect and react to any misconfiguration, network and/or component/application failure

How to Get KSI-based Enterprise Security Solution

All Guardtime's products and solutions can be purchased following our Design, Build, Operate, and Transfer (DBOT) model.  

We're always happy to discuss your concrete requirements, please register your interest. 

See also:

Critical Infrastructure Protection

Real-time situational awareness into infrastructure assets to support continuity of operations.

Learn more >

Enterprise Security

Detection of network state compromise with real-time tools for isolating compromised components.

Learn more >

Hadoop Big Data Lakes

Automated Big Data Archiving made simple, affordable and secure through KSI-based integrity instrumentation.

Learn more >

Data Breach Management

Solution provides tools to stay in control before, during and after the data breach incident.

Learn more >