Enable your business with secure computing.
As a result of growing Bring Your Own Device (BYOD) and cloud computing trends, enterprise connectedness has exponentially increased. Not only that, but the DevOps movement has increased the number of accounts that have system administrator access to servers and data. Increasingly sophisticated internet attackers have made credential theft the single biggest threat to enterprise data security.
Faced with a porous network perimeter, heterogeneous computing environment, and hard-to-secure unmanaged devices, IT must raise the bar. Internal and external compliance pressures too often result in unrealized security potential without hardened endpoints. Static passwords and user-only authentication just aren’t enough anymore. Authorization of high-privilege users must be based on real-time security compliance enforcement and hardware-based device identity.
StrongNet hardens workstations.
The best way to administer your IT infrastructure is from locked-down, hardened workstations that enforce encryption, device-to-user association, and strong authentication. StrongNet uses hardware root of trust to deliver high-integrity user and computer credentials. Our patent-pending Measurement Bound Keys ensure that credentials will not be accepted unless the mobile device complies with security policy.
With StrongNet, you can:
- Block sophisticated attacks, including root kits and pass the hash
- Enforce encryption and remote lock to mitigate the risk of stolen or lost hardware
- Manage device integrity though interoperable, standards-based secure boot and device attestation
It’s compatible, reliable, and secure.
StrongNet provides seamless secure access for a variety of system administrator and DevOps scenarios, including Remote Desktop Gateway and SSH, on premise and in the cloud. Plus, interoperability with multiple identity and authorization data sources means you can lock down any line-of-business app.
Request a demo today!
Protect your system administrator devices with a proven solution. To see StrongNet in action or to learn more, email email@example.com.
“Today’s Internet threat landscape has shown that even highly-privileged enterprise network accounts are being attacked by adversaries with an unprecedented level of funding and sophistication. StrongNet provides our customers the hardened endpoints they need.”
— Dan Griffin, President, JW Secure, Inc.
How does it work?
StrongNet works by integrating with enterprise PKI.
- Certificate issuance and usage becomes gated on security compliance, as defined by the IT admin, using our proprietary Measurement Bound Keys.
- Device integrity is enforced using TPM remote platform attestation. Our attestation protocol is standard-based and uses strong cryptography.
- The net result is a high-assurance endpoint security solution that integrates with all PKI scenarios out of the box.
StrongNet software includes the following components:
- StrongNet Attestation Service to perform a cryptographic challenge-response protocol.
- StrongNet Policy Module (optional) to ensure that certain X.509 certificate templates are only issued to computers that are compliant.
- StrongNet Secure Endpoint Service to provide security compliance status notifications to the end user.
- StrongNet Key Storage Provider to support the Attestation Service.
See full component descriptions in the StrongNet whitepaper.
The following diagram depicts the StrongNet Secure Admin solution components in the context of the data flows involved in granting HVA access to an admin device.
The data flows, represented by the diagram’s numbered arrows, are described as follows:
- Device Measurements: The Admin Device attempts to create a StrongNet measurement-bound keyset. That is, a cryptographic key that is sealed to a specific TPM in a specific state.
- Credential: The device uses the StrongNet key to sign a certificate enrollment request.
- Verification: The Certificate Authority verifies that the request signer is trusted by the StrongNet Remote Attestation Service.
- Certificate [granted]: If the signer is trusted, the Certificate Authority issues the requested certificate to the device.
- Certificate [submitted]: The device uses the certificate for authenticated access to High-Value Assets on the network.
- Content [released]: Only policy-compliant devices can reach sensitive resources. If the device deviates from security policy, authenticated access is immediately terminated.