Washington, D.C. (PRWEB) December 17, 2013
Guardtime, the creators of Keyless Signature Infrastructure (KSI™) and New Context Services Inc., the Information Assurance and Operations Automation integration arm of Digital Garage, announce the creation of a real-time application integrity and intelligence engine.
Based on Guardtime principles of Active Integrity™, this new solution monitors enterprise application, system, security, and associated event log integrity in real-time, thereby protecting the infrastructure from tampering. It adds robust protection and detection against external attacks, and highly privileged malicious insiders, clock-tampering attacks, and sequence-of-event alterations. Guardtime Active Integrity makes this possible at cloud-scale, the intelligence is portable amongst service providers, and is customizable to customer-specific short and long term data retention policies. The historical provenance of what happened when and where is preserved with forensically provable chain-of-custody information.
Daniel Riedel, CEO of New Context said, “With this product we go directly to the root of all computing evil – malicious tampering - and build a solution that takes integrity seriously from the ground up. In this product we bring together the strong integrity guarantees of Guardtime’s KSI technology, the automation of Chef systems integration framework, and the high performance computing experience of New Context. The result – a single number representing the health of your enterprise platforms in real-time,” Mr. Riedel continued.
“This product aims to meet the vulnerabilities called out by the National Institute of Standards and Technologies (NIST) in their Guide To Computer Security Log Management as well as real-time potentials to address Continuous Monitoring requirements called out in Special Publication 800-37, as well as the Presidential Comprehensive National Cybersecurity Initiative (CNCI) to develop strategies to deter hostile and malicious activity in cyberspace,” said Steve Mays, CTO of New Context.
The integrity of system event reporting mechanisms, their associated applications and dependencies are the front line defense to prevent malicious activity and stopping the insider threat. “Guardtime KSI and Active Integrity is highly differentiated vs. traditional credential solutions based on secret-key cryptography, which have failed to deliver tamper, time and sequence evidence [due to compromise]” said Matthew Johnson, CTO of Guardtime. James Blom, CEO of Guardtime USA added, “We have brought together the right teams and technologies to meet one of the biggest challenges of our time – trust.”
The solution uses Guardtime’s KSI technology to uniquely fingerprint data and to provide system-independent time and chain-of-custody verification. The solution is able to handle thousands of log lines per second and securely remove them as evidence out of the threat-theater. The solution can be configured to validate integrity of log lines and applications continuously or in batches and analyze them for patterns of mischief. Moreover, Active Integrity components serve as a check and balance to themselves; continually validating it’s own infrastructure and can be configured to keep sensitive data separate from audit data. The solution, to be released to limited customers early in 2014, will be available as a cloud offering or a standalone onsite solution.
Guardtime brings transparency and accountability to digital society. Founded in 2007, Guardtime invented Keyless Signature Infrastructure (KSI) - a technology that allows any type of electronic activity to be independently verified using only formal mathematical methods, without the need for trusted administrators. Deployed by world governments, KSI provides an independent audit trail for everything that happens in digital society, limiting liability and making it impossible for insiders or sophisticated cyber attackers to manipulate data and cover their tracks. Implementing Guardtime KSI technology ensures reliable communications, travel, shopping, banking, and identity and privacy protection.