Mil-spec infosec spinout Cryptonite reveals its network-scrambling tech

Budding firm funded by US defence departments

bouncer

Security startup Cryptonite dropped out of stealth ​late last week with a micro-segmentation-based technology designed to prevent​ ​hacker​ ​reconnaissance​ ​and​ ​lateral​ ​movement.

CryptoniteNXT​, the firm's network​ ​appliance​, sits between an organisation's perimeter firewall and internal networks, blocking​ ​malicious​ ​activities​ ​while​ ​at​ ​the​ ​same​ ​time​ ​preserving​ network ​performance​ ​and​ ​usability​. The appliance is designed to confound hackers and malware by obfuscating network topology.

"By preventing reconnaissance, CryptoniteNXT is automatically stopping the spread of an attack," said Mike Simon, president and chief exec of Cryptonite. "This is done by having each endpoint have its own unique view of the network that is managed by our security platform.

"The endpoints view is session based and connects to the network via a temporary token which is a randomly generated IP address. Endpoints are restricted from maliciously scanning the network and seeing the network topology beyond their endpoint and our platform."

The technology changes a static network into a dynamic moving target. Even if hackers gain a foothold on targeted networks they can't go anywhere because they have no visibility or ability to run scans. The same approach works against insider threats, according to Cryptonite.

Policy-based control determines what a device or user is allowed to talk to and what resources are permitted to be accessed. Cryptonite's micro-segmentation is placed inline to all enclave traffic. This form of segmentation assigns policy based on user, port and process. This approach prevents attacks such as ransomware from spreading throughout organisations.

Obscuring IP topology helps to prevent attacks on legacy or unpatched systems by thwarting any attempts by hackers to map exploitable vulnerabilities on a targeted network. CryptoniteNXT Net Guard, a key component of the technology, maps from an obfuscated network onto the real network.

Justin​ ​Yackoski,​ ​Cryptonite CTO, explained:​ ​"The​ ​network​ ​has​ ​become​ ​an​ ​easily​ ​infiltrated​ ​space​ ​that​ ​cannot​ ​be​ ​completely locked​ ​down.​ ​With​ ​CryptoniteNXT,​ we​ ​take​ ​away​ ​the​ ​attackers​ ​ability​ ​to​ ​'see' ​within​ ​the network,​ ​making​ ​network​ ​attacks​ ​or​ ​data​ ​exfiltration​ ​attempts​ ​significantly​ ​more​ ​difficult​ ​and expensive​ ​for​ ​attackers."

Simon PG Edwards, director of SE Labs and chair of the Anti-Malware Testing Standards Organization, said that remapping a network adds processor cycles and is bound to have a performance impact one way or another. "The claim that it can limit the network without any performance issues is one that needs testing," he said.

Edwards spotted caveats about the technology within Cryptonite's white paper.

"CryptoniteNXT Micro Shield Segmentation significantly reduces attack surfaces accessible via lateral movement. Users only have visibility to the servers and other devices necessary to support their daily work," the firm said. This, Edwards pointed out, meant that it's not fully a Zero Trust network because users can connect to servers.

Military industrial spinout

CryptoniteNXT is device and architecturally independent so it doesn't require an upgrade in switching equipment. No software or server software agent is required for the technology to work. Deception-based technology from the likes of Illusive Networks and others as well as network-based intrusion prevention technology aims to combat similar threats. The closest comparable kit might be TrustSec, Cisco's software-defined segmentation tech. Cryptonite claims it has no peers. "At this time, we have not engaged with competition for our network-based Moving Target Cyber Defense (MTD) offering," it said.

Research​ ​and​ ​development​ ​into​ ​Cryptonite's​ technology​ ​started​ ​with funding​ ​from​ the US ​Department of Defense​ ​and​ Department of Homeland Security.​ ​​​Spun​ ​out​ ​of​ ​a​ ​Maryland​ ​defence​ ​contractor,​ ​Intelligent​ ​Automation, Cryptonite​ ​is​ ​​backed​ ​by​ ​cybersecurity​ ​investors,​ ​including Ron​ ​Gula,​ ​founder​ ​of​ ​Tenable.

"I​ ​invested​ ​in​ ​Cryptonite​ ​because​ ​they​ ​uniquely​ ​prevent​ ​our​ ​adversaries​ ​from​ ​exfiltrating actionable​ ​information​ ​from​ ​our​ ​networks.​ ​The​ ​other​ ​key​ ​capability​ ​is​ ​their​ ​fine-grained micro-segmentation​, ​which​ ​stops​ ​east-west​ ​traffic​ ​that​ ​has​ ​enabled​ ​the​ ​spread​ ​of​ ​ransomware," said​ ​Ron​ ​Gula,​ ​principal​ ​at​ ​Gula​ ​Tech​ ​Adventures.

Cryptonite has put together technology partnerships with HPE Aruba ClearPass and Palo Alto Networks, details of which are due to be announced over coming weeks. ®


Biting the hand that feeds IT © 1998–2017