Stealth can protect networks by making parts invisible

Featured eBooks
Whole-of-State Cybersecurity
The State of Trust in Government
Cybersecurity in State and Local Government
By Paul McCloskey
 

Connecting state and local government leaders

By Paul McCloskey

|

Unisys has high hopes for government uses of the software tool that controls who sees what on a network.

“You can’t hack what you can’t see.”

The phrase has lately become a mantra at Unisys Corp., which is hoping government customers will embrace the logic of a software-based approach to network security that makes network assets and workgroups “invisible” to hackers.

The application, called Stealth, helps control who sees what on a network, by letting managers authorize a group of people for access to certain information, applications or parts of a network that those operating outside of a designated workgroup are unable to see.

“If I’m not a member of that community of interest, I don’t even know it exists,” said Unisys Chief Executive Officer Edward Coleman at a recent customer conference in Chicago.

Based originally on requirements from a Defense Department project, Unisys has been developing Stealth for several years. The company now  believes the time is right for customers to embrace the technology, as firewalls and other fixed security tools become more limited in scope, and advanced, analytics-based security is still emerging. It could be effective against hackers trying to probe a network or insider threats.

“I think everyone has concluded that a traditional perimeter defense no longer works,” Coleman said. “In trying to defend different elements of the network by building new firewalls inside the perimeter, change management has become a nightmare.”

Stealth works by loading a software agent at a network endpoint – a  designated PC, a server or virtual machine in a cloud, for instance. The software agent takes control of the IP header of that address, then encrypts and authenticates it.

“That essentially darkens the endpoint,” said Rodney Sapp, vice president of products and technology portfolio management at Unisys. “Now no one can see that IP header unless they are authorized into that device, the application.”

Authorizations are set up from Microsoft Active Directory or LDAP, the Lightweight Directory Access Protocol for managing directories over IP. Stealth then creates encryption keys to provide workgroups access to specific devices and applications.

To handle data in motion between endpoints, Stealth encrypts a message bearing the data; the information is then split into pieces, transmitted over the Internet and reassembled at the endpoints. “If someone is able to hack into that transmission they are only getting partial information – it’s going to be meaningless,” Sapp said.

Because it operates underneath existing topologies, Unisys executives believe the technology is a good fit for large enterprises whose network security perimeters may have become balkanized and where security maintenance may be irregular.

“I’m not here to say it will replace everything,” Sapp said. “But it can help minimize the number of physical networks,” which tend to proliferate when network managers want to add new user groups.

Unisys believes that’s especially true in government, where they see potential for the technology.

“A typical public-sector environment has multiple agencies – police, human services – all on separate physical networks because they believe their data is too sensitive to put on a shared infrastructure,” Sapp said. “With Stealth you bring all those agencies into a shared infrastructure or community cloud so that health and human services can maintain their separateness from state police and vice versa.”

Unisys envisions a number of ways organizations can use Stealth, including those hesitant to store sensitive data in a public cloud. Recently it announced a deal with Amazon Web Services that provides for “Stealth enabling” virtual services in the Amazon cloud.

In using the service, an agency could extend a virtual machine or other service from its data center to the cloud, where it would also be covered by Stealth. “No one else on the Amazon cloud would see your virtual machine is even there – not even Amazon,” Coleman said.

Crystal Cooper, Unisys’s vice president for public sector, said Stealth is an especially useful tool for government, where, once a contract is written, hundreds of consultants are often using their own laptops to access sensitive information. Because Stealth is based on segmenting  networks across such communities, third-party access to project files and databases can be more easily secured and managed, she said.

Other potential applications for Stealth include secure data center segmentation, supply chain management and assistance for managing networks of remote workers and branch offices. 

The company  also is expected to announce an enhancement that would Stealth-enable the mobile enterprise. Mobility brings the dimension of space and time to the network, so future applications might involve ways to restrict access to the network to members of a community at certain locations or times of the day, according to Unisys officials.

Overall, the firm is optimistic about uptake of the technology, in government and other parts of the enterprise market. “This idea of being able to use software to make something effectively dark on the network we think is pretty disruptive in the marketplace,” said Coleman.

NEXT STORY: Could agencies avoid disaster in a Nirvanix-like cloud shutdown?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.