Unisys upgrades Stealth with software-based security
- By Mark Pomerleau
- Sep 15, 2015
While security of government data and networks has always been paramount, recent breaches of highly sensitive networks have increased pressure on IT managers to protect and defend systems -- and to do so without significant additional investment.
To help address these needs, Unisys on Sept. 15 announced new software-based components of its Stealth security solution to deliver identity-based micro-segmentation across the range of environments global enterprises need to secure – data center, cloud and mobile. Stealth helps control who sees what on a network, letting managers authorize a group of people for access to certain information, applications or parts of a network that unauthorized users are unable to see, let alone access.
The upgrades can be immediately incorporated into customers’ security portfolios:
Stealth(Core): Secures data using micro-segmentation and cryptography to limit a user’s – or potential attacker’s – view of data and services to only a tiny segment of the enterprise. By virtualizing all network security, Unisys has reduced security deployment times and management complexity.
Stealth(Mobile): Enables authenticated and secure access to application processing environments in the data center from mobile applications by using application wrapping software to encrypt data-in-motion from the mobile app across the Internet.
Stealth(Cloud): Strengthens the privacy and security of virtual machines in private, public and hybrid cloud environments by orchestration software plug-ins that integrate and automate the deployment of Stealth(core) security capabilities into cloud infrastructures.
“We’ve gone from a proprietary hardware encryption to a globally universally open software standard solution for encryption,” Tom Patterson, Unisys’s vice president of security told GCN prior to the announcement. “So we now leverage the [IP security protocols] already deployed in every government stack in the world.” The new software components, he said, allow for faster installation, lower operating costs, easier deployability and easier management.
“We believe that the current way of doing security is really failing the government,” Patterson said. "This whole concept where you have to be perfect in order to be successful, we think is a failed concept."
The concept of micro-segmentation is a much smarter approach, he argued. Stealth allows “the security officer and the IT managers to segment all the employees into specific segments so they’re cryptographically locked into their world.”
“If an employee loses their laptop in the back of a taxi and has their password taped to the top of it…someone will still get into their segment. But what’s different with Stealth is they won’t be able to go from there and go take over the whole network and do much more serious damage,” Patterson said.
“And in fact, if it’s configured properly, they wouldn’t even be able to exfiltrate data.”
The software-based version of Stealth also addresses agencies’ move toward infrastructure convergence. It is based on a software design that eliminates operational costs associated with additional hardware, Unisys said in its announcement, and cuts deployment times by up to half, thanks to easier configuration, integration management.
Additionally, Patterson said, Stealth makes data center consolidation more cost effective because it “solves the security issues much more elegantly, cheaply and effortlessly than trying to converge all those firewalls and renumber everything."
Stealth is compatible on a variety of architectures, Patterson added. “We work at the packet level ... between layers two and three of the IP stack," he said. "So it doesn’t matter to us how convoluted your application is – we’re still going to protect it – we don’t even have to get into it. All we’re doing is making sure that bad packets never get to that application, and all the good packets do.”
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.