Traditional passive response to cyberthreats leaves corporations and critical infrastructure vulnerable.
By Alexander Damisch
Legacy cybersecurity has taken a passive posture. Corporations have set up roadblocks around their critical systems, waiting for intruders to arrive, and trying, often unsuccessfully, to ward them off. With the threat landscape becoming more ominous, an active security approach, one that assumes threats are omnipresent, offers enterprises a more effective way to protect critical infrastructure and sensitive information.
The Wrong Building Block
Legacy security has a weak foundation. Security was not a core feature of software development, but instead cobbled on afterwards. Also, with the unstoppable rise of virtualization solutions, from devices to IT infrastructure, the extreme complexity and code size of a grown stack is causing a significant challenge. The vast amount of code and functionality creates large attack surfaces. Compounding the problem, these systems are full of bugs, which hackers are happy to exploit. Vulnerabilities in applications and features can compromise the security of a system, because security exists comingled or in parallel to the system rather than at a more secure layer.
In addition, security design was reactive. Tools stood guard at the network and eventually at the application entryways. There, they inspected transmissions and quickly decided to let them in or rebuff them, but compromise was often inevitable. Systems had widely granted privileges, so third parties could add value to the various solutions, but hackers used them to destroy systems rather than build them up. It is often said that the only secure system is one that is powered off, but there must be a way to enable high levels of security while still maintaining full functionality.
Consequently, it feels like Sisyphus of Greek methodology, only that we are not rolling a giant boulder up a hill but following an ineffective process of detect and patch that chews up time, money, and resources. Despite organization’s best efforts, hackers frequently made their way to sensitive areas, before the process of patching starts again. Patching itself can introduce flaws or failures into a system so even it must be done with caution.
A Formally Secured Foundation
BedRock Systems learned from those painful lessons and crafted a new security architecture, built into a formally secured Trusted Computing Base™ (TCB), so critical systems are at the same time both safe and secure. Our Zero Trust Design™ assumes that critical systems are constantly under attack. Consequently, we can place safeguards everywhere and not just at select entryways at the network and application layer.
We dramatically reduced the potential attack surface! With the BedRock HyperVisor™, work is uninhibited but protected by a small, secure area with few entryways into the system for attacks. The BedRock HyperVisor™ is 10,000 to 100,000 lines of code, allowing for the code to be formally verified to be free of defects and security flaws.
Next, a capability-based system such as BHV™, closely guards privileges rather than capriciously doling them out. Applications and subsystems run, but BHV™ grants only a limited set of capabilities needed to complete their work, rather than carte blanche.
Each task exists in secure isolation from all other processes and cannot freely wander and explore the system stack. Consequently, threats are unable to make their way from an open network port to the critical application controlling the energy grid. BHV™ prevents lateral migration and keeps a compromise of a web browser or email client or auto updater application from compromising the security of the core system.
All these measures ensure that there is no lateral movement of threats and that Bedrock Systems™ can detect and prevent compromise.
BedRock Active Security™ Protects Operating Systems, Applications, and Services
Active Security™ is the fundamental security layer missing in traditional systems. Living directly at the level of the virtualization abstraction layer, it leverages virtual machine introspection and a sophisticated policy enforcing framework, with full visibility of all aspects of hardware resources and devices. Rather than bump in the log security, Active Security™ makes security a first-class citizen, even in a system design that did not originally take it into account.
Compared to security solutions that run inside of the operating system or service, and that are part of the attack surface, Active Security™ is running from within the hypervisor and secures the guest system, while itself being secure from attack due to the formal verification of the hypervisor.
Some of the features provided by Active Security™:
- Lock down the vulnerable OS/Kernel:
- No altering of kernel code in memory
- No unknown code running with kernel privilege
- Integrity protection of static kernel data structures
- Integrity protection of dynamic kernel data structures
- Control Flow Integrity Protection
- Constrain Applications, Processes, Services and Drivers
- Only run user-code allowed by an Access Control List
- Only run and load device drivers allowed by an Access Control List
- Secure Forensic Logging, enabling deep semantic actionable data from deployed critical assets.
- Threat Intelligence for mitigation of CVEs and cyber-attacks to critical assets
Legacy security did a mediocre job of addressing 20th Century cybersecurity needs and is ill equipped to protect critical assets here in the 21st Century. BedRock Active Security™ flips the legacy security paradigm from passive, like police waiting for a phone call after a break-in has occurred, to active, like a full security system that only allows authenticated and trusted personnel in and immediately alerts on any unauthorized access. BedRock is the system infrastructure that puts hackers, rather than enterprises, on the defensive.