Reimagining the software defined perimeter (SDP) by combining secure remote access with microsegmentation and passwordless multifactor authentication.
Eliminates the threat of account takeovers (ATO) by eliminating passwords altogether for remote users accessing the network
Provides an alternative to legacy Virtual Private Networks (VPNs) for secure remote access as a Software Defined Perimeter (SDP)/Zero Trust Network Access (ZTNA) solution
Eliminates the dwell time and pivoting capabilities of adversaries within your network by creating containers of hosts and users authorized to communicate
The MITRE ATT&CK Enterprise matrix was created by MITRE with the goal of documenting the tactics and techniques used by adversaries through real-world observations. The index was designed to understand attacker models, methodologies, and mitigations and since it was published in 2013, it has been used by cybersecurity vendors to align their solutions to as decision makers began adopting it as a reference model to identify gaps in their security controls
BlastShield™ has combined multiple security control capabilities together to address three main tactics within the MITRE ATT&CK Enterprise matrix Initial Access, Credential Access, and Lateral Movement. While some of the techniques in other areas of ATT&CK could be applicable, these are the three main tactical goals BlastShield™ was designed to instrument a network against to disrupt the adversarial decision making process.
The client is cross-platform, supporting Microsoft Windows, MacOS, Linux, iOS, and Android devices and can install on bare metal systems for operational technology (OT) and other legacy hardware, hypervisors for virtual machine deployments, as well as onto cloud service providers (CSPs) supporting the protection of cloud workloads.
Deploys in minutes, creating a frictionless implementation process for the network operations team over any packet-based network;
Eliminates laborious modifications to existing routing/switching fabric and hardware;
With its patented “self-organizing network” BlastShield™ requires no tedious configuration steps and deploys in minutes;
Doesn’t expose any TCP/UDP ports, effectively eliminating BlastShield’s own attack surface;
Offered as a Software-as-a-Service (SaaS) and/or on-premise and cloud deployment options;
Cloaks users, devices, and applications bringing zero trust to everything and everyone; and
Provides an easy-button for one-touch access control to the entire network.
It’s no secret that VPNs have seen their window open and close in the cybersecurity industry as a means of secure remote access for remote workers. Countless vulnerabilities have been published affecting different VPN vendors, including exploits to SSL VPNs as well as high profile attacks that combined the compromise of passwords and even multifactor authentication tokens where adversaries used the corporate VPN to log in and steal company secrets.
With the rise of software defined networking (SDN) and zero trust (ZT), the software defined perimeter (SDP) also called zero trust network access (ZTNA) has been the new technology now replacing VPNs as a method of secure remote access for remote workforces and suppliers.
BlastShield™ provides organizations a method of secure remote access, authenticating and authorizing users without a password. Users simply scan a QR code generated by the BlastShield™ desktop app (which also supports FIDO2 compatible keys).
Once the QR code is scanned, users leverage the MFA authentication method for instantaneous access to protected, internal assets obviating the need for passwords and eliminating the threat of account takeovers (ATO) from credential stuffing tools, phishing, and other brute force and social engineering techniques.
Inherent to software defined perimeter (SDP) solutions is the capability to “darken” hosts or cloak them making them invisible to outsiders and insider threats who aren’t authorized to access the system or data.
This concept referred to as microsegmentation creates containers of hosts allowed to communicate with one another based on user identities and their “need to know.”
BlastShield™ leverages microsegmentation to effectively control the blast radius of a breach. Meaning, it is no longer a matter of “if” you’ll be breached, but “when.” And when that time comes, BlastShield helps your security operations team more quickly detect the breach by lowering the mean time to detection (MTTD) and mean time to response (MTTR).
By limiting what hosts and data are accessible to an adversary once they’ve established a “beach head” on your network, you limit the total damage to the organization, thus the costs associated with the breach and the potential damage from data encryption for ransom and leaks.
Microsegmentation is at the heart of BlastShield and the capability to effortlessly control what hosts within your environment and their users are authorized to communicate.