Virtualization Technology News and Information
Skyport Systems Delivers Hyper-Secured Infrastructure to Protect Critical Applications
Skyport Systems today announced availability of the SkySecure System, hyper-secured infrastructure that gives organizations cost-effective and easy to manage trusted computing and enables policy enforcement at the application edge. This engineered system is based on patent-pending application security technology which enforces policy on hosted workloads without software agents or network changes. Organizations that deploy SkySecure benefit from continuous full-stack monitoring of policy and verification that their systems have not been modified by outside entities. 

Deploying secure computing systems today requires assembling of over a dozen point products that were not designed to work together -- resulting in systems that are never properly protected. Incremental responses to this trusted compute and policy enforcement dilemma, from function-specific network security appliances to software agents that can easily be disabled, have proven to be ineffective. A new approach is required - one with an architecture built from the ground up with information assurance at its core.

A recent report from Gartner, Inc., Designing an Adaptive Security Architecture for Protection From Advanced Attacks, says, "Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks. Comprehensive protection requires an adaptive protection process integrating predictive, preventive, detective and response capabilities. ...Advanced targeted attacks are easily bypassing traditional firewalls and signature-based prevention mechanisms. All organizations should now assume that they are in a state of continuous compromise."

SkySecure is designed for deployment at the most critical points of infrastructure, including exposed DMZs, branch and remote environments, high-value business applications and foundational IT control systems such as Microsoft Active Directory, DNS servers and virtualization/cloud/big data/SDN controllers. Deployment is turn-key -- no changes are required to networks, applications, or operating systems.

"Our silicon designs represent the core of our business and finding the right platform to transfer them globally is essential," Mark Grimse, vice president of information technology at Rambus. "SkySecure is the only platform we've found that gives us the confidence that our designs are going where they need to go in a secure, uncompromised manner."

The SkySecure platform consists of three main components: on-premise trusted computing systems, software-based/hardware-enforced compartments that enforce policy around each hosted virtual machine and centralized management and monitoring that centrally orchestrates security policy and enables total application visibility.

SkySecure Server: On-Premise Trusted Computing

The SkySecure Server reduces the threat surface by removing physical attack vectors and implementing Intel Trusted Execution Technology. Hardware, firmware and software components are validated at the point of manufacture and continuously once deployed. After properly attesting, the system boots a fully whitelisted Security Enhanced Linux (SELinux) implementation. This is a server designed to catch and contain malware and rootkits.

SkySecure Compartment: Hardware-Enforced Dynamic Whitelisting

SkySecure Compartments enable a dynamic whitelist and application-layer protections around each workload deployed on a SkySecure Server, houses them in a synthetic operating environment and assumes a zero-trust posture regarding all network access. This is a security perimeter that developers and rootkits cannot bypass.

SkySecure Center: Secure Data Warehouse

SkySecure Center provides verification of the integrity of SkySecure Servers, a secure policy store, a tamper-resistant audit log, certificate management system and visibility into all traffic flows and application interactions across each workload. This is an audit, log, and traffic analytics data warehouse with full-stack visibility.

"Every CIO we've talked to has deployed virtualization, single-sign on, cloud and big data systems to automate processes and make IT more agile, but this has resulted in critical control points in the infrastructure," said Douglas Gourlay, corporate vice president of Skyport Systems. "Skyport Systems is delivering a system that is secure by default: from the point of inception, not belated integration. We are building a hyper-secured infrastructure foundation for mission-critical systems."

For More Information

Skyport is hosting a webcast explaining the technical architecture of the SkySecure system and presenting real-world use cases on Thursday, 21 May, at 9 a.m. Pacific Daylight Time. Register to learn more.

Pricing and Availability

SkySecure will be generally available in June. SkySecure is priced as a subscription based service that includes all on-premises equipment, software and service components.

Published Tuesday, May 19, 2015 11:13 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2015>