Security startup Cryptonite dropped out of stealth late last week with a micro-segmentation-based technology designed to prevent hacker reconnaissance and lateral movement.
CryptoniteNXT, the firm's network appliance, sits between an organisation's perimeter firewall and internal networks, blocking malicious activities while at the same time preserving network performance and usability. The appliance is designed to confound hackers and malware by obfuscating network topology.
"By preventing reconnaissance, CryptoniteNXT is automatically stopping the spread of an attack," said Mike Simon, president and chief exec of Cryptonite. "This is done by having each endpoint have its own unique view of the network that is managed by our security platform.
"The endpoints view is session based and connects to the network via a temporary token which is a randomly generated IP address. Endpoints are restricted from maliciously scanning the network and seeing the network topology beyond their endpoint and our platform."
The technology changes a static network into a dynamic moving target. Even if hackers gain a foothold on targeted networks they can't go anywhere because they have no visibility or ability to run scans. The same approach works against insider threats, according to Cryptonite.
Policy-based control determines what a device or user is allowed to talk to and what resources are permitted to be accessed. Cryptonite's micro-segmentation is placed inline to all enclave traffic. This form of segmentation assigns policy based on user, port and process. This approach prevents attacks such as ransomware from spreading throughout organisations.
Obscuring IP topology helps to prevent attacks on legacy or unpatched systems by thwarting any attempts by hackers to map exploitable vulnerabilities on a targeted network. CryptoniteNXT Net Guard, a key component of the technology, maps from an obfuscated network onto the real network.
Justin Yackoski, Cryptonite CTO, explained: "The network has become an easily infiltrated space that cannot be completely locked down. With CryptoniteNXT, we take away the attackers ability to 'see' within the network, making network attacks or data exfiltration attempts significantly more difficult and expensive for attackers."
Simon PG Edwards, director of SE Labs and chair of the Anti-Malware Testing Standards Organization, said that remapping a network adds processor cycles and is bound to have a performance impact one way or another. "The claim that it can limit the network without any performance issues is one that needs testing," he said.
Edwards spotted caveats about the technology within Cryptonite's white paper.
"CryptoniteNXT Micro Shield Segmentation significantly reduces attack surfaces accessible via lateral movement. Users only have visibility to the servers and other devices necessary to support their daily work," the firm said. This, Edwards pointed out, meant that it's not fully a Zero Trust network because users can connect to servers.
Military industrial spinout
CryptoniteNXT is device and architecturally independent so it doesn't require an upgrade in switching equipment. No software or server software agent is required for the technology to work. Deception-based technology from the likes of Illusive Networks and others as well as network-based intrusion prevention technology aims to combat similar threats. The closest comparable kit might be TrustSec, Cisco's software-defined segmentation tech. Cryptonite claims it has no peers. "At this time, we have not engaged with competition for our network-based Moving Target Cyber Defense (MTD) offering," it said.
Research and development into Cryptonite's technology started with funding from the US Department of Defense and Department of Homeland Security. Spun out of a Maryland defence contractor, Intelligent Automation, Cryptonite is backed by cybersecurity investors, including Ron Gula, founder of Tenable.
"I invested in Cryptonite because they uniquely prevent our adversaries from exfiltrating actionable information from our networks. The other key capability is their fine-grained micro-segmentation, which stops east-west traffic that has enabled the spread of ransomware," said Ron Gula, principal at Gula Tech Adventures.
Cryptonite has put together technology partnerships with HPE Aruba ClearPass and Palo Alto Networks, details of which are due to be announced over coming weeks. ®