A
ZERO TRUST ARCHITECTURE
AND ITS
SECURITY PRODUCTS
The consensus in the literature is that 2021 will be the year of "Ransomware 2.0", with increasingly aggressive attacks (1): The Year of Extortion (2).
Cyber attacks are expected to cost the world $11.4 million per minute in 2021.
Some statistics show that the number of global ransomware attacks has increased by 50% compared to last year (1).
Since 2020, there has been a clear trend towards more innovative, smarter malware, applications that look legitimate but are not, and social engineering that is becoming increasingly professional.
Cyber attacks are becoming more aggressive, more targeted and more sophisticated, with attackers sourcing malware-as-a-service from underground forums (3) :
- Routine services such as Remote Desktop Protocols (RDPs) and VPN hubs remain a preferred target for attacks at the network perimeter. Attackers use RDPs to move laterally within infiltrated networks (4),
- Attacks on servers: criminals are targeting server platforms that use both Windows and Linux and using them to attack companies from the inside (4),
- Attacks on managed service providers, small businesses and the cloud will increase,
- Cybercriminals will turn more to automation and the number of malware samples will increase (2).
It is therefore easy to understand that simple backup and traditional security solutions are no longer sufficient (2).
- Traditional antivirus software has to deal with frequent changes that require updates that are either late in coming or do not come, but that do not prevent the damage from being done.
- The firewall alone is no longer sufficient to counter the most sophisticated attacks, as hackers hide malware under deceptive appearances.
Hence the need to implement epidemiologically inspired approaches to quantify cyber threats that have not been identified, detected or tracked in order to better address detection, risk assessment and prioritisation gaps (4)
Hence, the need to check whether your current security system meets this approach, whether it is based on new technologies with performance commensurate with the risks involved.
This approach is all the more necessary in Indonesia as Indonesia is currently known as the world's most vulnerable country that suffers cyber-attacks to their critical infrastructures. The government is working to change the current circumstances and build a stronger cyber defence against the nation's infrastructures (5).
“In just 10 shorts months between January and October 2020, Indonesia’s National Cyber And Crypto Agency (Badan Siber dan Sandi Negara/BSSN) has detected a whopping 324 million cyber-attacks targeting Indonesia alone. Cyber-attacks on a global level has also increased tremendously in 2020. BSSN reports that the number of cyber-attacks have increased nearly six-fold compared to the numbers detected in 2019. The top 3 types of attacks are Phishing, Distributed Denial-of-Service (DDoS), and Ransomware. The other types of attacks include malware and web defacement attacks” (6)
Cyber-attacks can cause significant disruption and damage even the most resilient organizations. Affected organizations will lose assets, reputation and business, and face fines and remediation costs.
( 1 ) Le 4 décembre 2020 à 17:06, par Bill Fassinou, https://securite.developpez.com/actu/310972/2021-sera-l-annee-du-ransomware-2-0-avec-des-attaques-de-plus-en-plus-agressives-une-ingenierie-sociale-plus-professionnelle-et-des-malwares-plus-innovants-selon-G-DATA-CyberDefense/
Phishing, an old but still popular tactic, is a social engineering attack that tries to trick people into divulging sensitive or confidential information. It is not always easy to distinguish from the original message, these scams can inflict great damage on an organization. Social engineering comes in the form of more than just phishing, but is always used to trick and manipulate victims to gain information or gain access to their computers. This is achieved by tricking the user into clicking a malicious link or physically gaining access to the computer through the scam. A DDoS attack attempts to disrupt normal web traffic and take a site offline by flooding a system, server or network with more requests than it can handle. A virus is a piece of malicious code that is loaded onto a computer without the user's knowledge. It can replicate itself and spread to other computers by attaching itself to other computer files. Worms are similar to viruses in that they are self-replicating, but they do not need to attach themselves to a program. They are constantly on the lookout for vulnerabilities and report any flaws they find to their creators. Malware is a broad term used to describe any file or program intended to harm a computer, and includes Trojans, social engineering, worms, viruses and spyware. A Trojan is a type of malware that disguises itself as legitimate software, such as a Virus removal program, but performs malicious activity when executed. One of the fastest growing forms of cyber-attacks, Ransomware is a type of malware that demands payment after encrypting the victim's files, making them inaccessible. Be aware that paying the ransom does not guarantee the recovery of encrypted data. Spyware/adware can be installed on your computer without your knowledge when you open attachments, click malicious links or download malicious software. It then monitors your computer activity and collects personal information. Structured language (SQL) query injection occurs when an attacker inserts malicious code into a server that uses SQL. SQL injection only works when there is a security vulnerability in the application software.
MITM attacks occur when hackers insert themselves between client (device) and server communications. MITM attacks often occur when a user logs on to an unsecured public Wi-Fi network.
( 2 ) https://www.acronis.com/en-us/cyber-protection-center/posts/acronis-cyberthreats-report-2021-will-be-year-extortion/
( 3 ) G DATA IT Security Tendances pour 2021, janvier 2021 par G DATAhttps://www.globalsecuritymag.fr/G-DATA-IT-Security-Tendances-pour, 20210111, 107020.html
( 4 ) Sophos 2021 Threat Report PDF (Sophoshttps://www.globalsecuritymag.fr/Sophos-publie-son-rapport-sur-les,20201118,105140.html)
( 5 ) https://intelligence-sec.com/events/deminingandeodseminar2021/Cyber Intelligence Asia 2022, Jakarta, Indonesia 22-24 March 2022
( 6 ) https://www.horangi.com/blog/2020-cyber-attacks-in-indonesia
With cyber threats constantly evolving, Cyber Security can be a complex undertaking. Due to the beneficial nature of successful cyber-attacks, cybercriminals are becoming increasingly sophisticated in their tactics, posing as an ongoing threat. Following are some of the Common Cyber-attacks and threats:
Phishing
Social engineering
DDOS (Distributed-of-service) attacks
Virus
Worm
Malware
Trojans
Ransomware
Spyware/adware
Injection sequel
A successful SQL attack will force the server to provide access to or modify the data.
MITM (Man-in-the-Middle) attack
Attackers can insert themselves between the visitor's device and the network. The user would then unknowingly pass the information through the attacker.
Because antivirus software never responds to the problems created by viruses that have mutated or by new viruses that are born every minute, and because firewalls that are not integrated in a general secure architecture, do not stop the attacks coming from viruses newly created or that have just mutated, each more sophisticated than the last, PT SYDECO has chosen to protect programs, servers and data: PT SYDECO targets the protection of the targets themselves and do not focus on the means used by the attackers, which is what the traditional antivirus programs are tackling, unfortunately always with a time lag, the time to adapt to the new viruses.
PT SYDECO's solutions are part of the fight against viruses, namely the use of isolation and protection :
- Micro-segmentation of the industrial or information network infrastructure will make it possible to isolate the elements likely to be attacked from each other.
- Protection around the targets will ensure that they are inoculated against any type of attack.
1. ALL IN ONE
ALL IN ONE is THE IT Security Solution from PT SYDECO it is based on the principles of ZERO-TRUST and is designed to prevent cyber-attacks such as Ransomware or data breaches, in the event of an attack, allowing computer networks to continue to function by preventing viruses or worms have any effect and prevent lateral contamination in the tissue.
The company's computer network, in any enterprise or establishment is protected by ARCHANGEL©, an advanced firewall created by PT SYDECO which is one of the components of the All-IN-ONE IT Security Solution.
ARCHANGEL© protects servers, computers and other connected objects from cyber-attacks originating from the outside world and prevents the spread of lateral virus contamination within the company.
Servers, computers that are on the company's internal network and which are connected to ARCHANGEL© itself are protected by SP-One©.
SP-One©, which is another component of the ALL-IN-ONE IT Security Solution, is a program and system that creates an airtight, secure shelter around source code or programs used in office, administration, or university computer networks. Cloud and in SaaS.
SP-One© protects servers, programs or Source Code against any cyber-attacks from the outside world and against those coming from within private computer network.
Enterprise computer network security is enhanced by the ALL-IN-ONE Micro Segmentation Architecture. Thanks to the Micro Segmentation Architecture, users can only access the servers they need to work on and after being registered as authorized users.
It follows that if a user accidentally or intentionally contaminates his computer, the virus or worm he has downloaded can only try to attack the server he is connected to. And this server is protected by SP-One, so not only the user will not be able to infect the server connected to it but also no other server in the network.
All data moving within the internal network or outside, in the outside world, is protected by SST©, Secure System of Transmission, which is another creation of PT SYDECO, and delivered inside the VPN.
SST© protects data by encrypting it without using a key, without any third party intervention, using artificial intelligence to do so.
SST© also protects all passwords used in the All-IN-ONE IT Security System.
VPN are created by ARCHANGEL and encrypted by SST©.
This is E2E protection and only the receiver can read the data. The data will disappear if someone tries to intercept it.
Backup Data is protected by SP-One and by Logic Micro Segmentation Architecture used by ALL-IN-ONE systems. Finally all data even when at rest, is encrypted by SST©.
ALL-IN-ONE protects ICS endpoints from SCADA (Monitoring Control And Data Acquisition) or DCS (Distributed Control System) against worms such as StuxNet, or viruses such as ShaMoon or Trojan Horses such as BlackEnergy and will avoid disruptive activities or services.
ALL-IN-ONE protects ICS ENDPOINTS' as a whole, servers, communication networks through which data and instructions pass, data itself, terminals and individual components.
The ZERO TRUST ARCHITECTURE of the ALL-IN-ONE system, by partitioning the enterprise network into sub-systems, namely the enterprise network, control network and industrial network, which are separated from each other by security devices such as firewalls, ARCHANGEL ONE WAY, reduces the exposure of industrial infrastructure to threats and prepare systems for enhanced installation monitoring and incident detection.
Of course, the security of any device, any server, program, data, depends not only on the element of material protection but also and most importantly on respecting the strict policies governing access to the installation, its use and behavior in case of a problem.
Figure 4: Zero Trust Architecture & Micro segmentation of ALL-IN-ONE protect DATA: They are in a DMZ (Demilitarized Zone)
But, thanks to the ZERO TRUST architecture and the elements that made it up, including the ARCHANGEL ONEWAY, or SP-One, there will be no more:
- Disruption in the services or operation of the ICS for example, due to blockage, delay in the flow of information, destruction or malicious encryption
- Unauthorized modifications to the system or its deactivation due to unfriendly penetrations or instructions that are illegal and harmful and which are of a nature such as to cause enormous human, material or financial damage
Archangel is a smart Box that creates an internal network within a company or an office and through which all data transmitted via the internet, either via WIFI or cable, must pass. It does also exist as a program.
ARCHANGEL© is equipped with:
3 FIREWALLS,
4 INTELLIGENT AGENTS,
2 BRAINS,
HONEY POT
DINAMYC ROUTER and
2 SWITCHS.
In order to filter all the flows entering in an Office and to protect all its installations which are connected through VPN including IoT against any external attack and against any lateral contamination.
Its function is to protect all computers or other mobile devices belonging to this network against any cyber-attack from outside and to protect each computer belonging to this network against the spread of a virus or a worm from an infected computer to another computer on the network.
I - The ONE WAY SYSTEM (ARCHANGEL OW)
That allows only one-way traffic to be used, which is very useful for securing an industrial network for example to permit a one way access and forbidden the access
II – With INTELLIGENT AGENT 4 (ARCHANGEL A4)
Archangel A4 has a fourth intelligent agent whose function is to stop the takeover of the operational system by an external agent and its automatic replacement by the original version.III – The ONE WAY SYSTEM with INTELLIGENT AGENT 4
For example to protect the backup center of a financial company
In order to protect the equipment that is connected or not to internet and to protect the transfer of data and calls even where internet is not accessible, PT SYDECO has created ARCHANGEL PLUS.
ARCHANGEL© with its own Operating System, ArchanOs Michael 18.2, is a mini computer that does already integrate SST© (Secure System of Transmission), another product of PT SYDECO. It protects the devices and data at rest and during their transfer between 2 ARCHANGEL© that are connected by VPN.
ARCHANGEL PLUS also integrates tools that allow sending to another ARCHANGEL PLUS data and calls protected by SST© using Radio Waves inside a VPN. SST© is used for Server SMS.
Sydecloud is a service for securely storing and sharing files. SydeCloud’s Server is located on the customer's premises protected by ARCHANGEL.
DATA is stored and conveyed protected by the encryption system of SST. When conveyed, DATA are protected by VPN created by ARCHANGEL which is on the user’s premises. Because SST Server is also on the user premises, there is no third party involved: Nobody can interfere and disrupt the service.
SST© (Secure System of Transmission) is a revolutionary system of protection of data, of whatever nature, by their translation into an unknown language created by a brain and written in the form of waves, a language which we call ALIEN and which knows no written character.
SST© is based on Artificial Intelligence, Unlike existing systems that protect data by encryption, SST© DOES NOT USE ANY KEYS.
SST©:
SydeChat is a mobile application that allows its user to:
- Give and receive calls,
- Give and received Vide Calls,
- Organize Video conference even with more than 10 participants,
- Create groups and organize virtual meeting with more than 10 persons who can interact with each other,
- Work in real time on the same document with several colleagues that you can see and talk to,
- Easily import all contacts from your old messenger service.
- all conversation are secured e2e,
- all communication of documents are secured e2e,
- all video conference are secure e2e,
- all remote working meetings are secured e2e.
The Security and confidentiality of the Data at rest or in motion is provided by the revolutionary encryption system of SST© that is not using any key and by the fact that all data in motion is conveyed inside VPN itself protected by SST©
Sydeco’s SERVERS, PROGRAMS, DATABASE, BACKUPS are protected by the ALL-IN-ONE IT SECURITY SOLUTION, where ARCHANGEL, SST and SP-One are implemented into a ZERO TRUST ARCHITECTURE (ZTA).
There is NO INTERRUPTION in the service even when the servers are under attack.
It is possible for the user to:
- keep his data (history) in his phone where they are protected by SST©,
- Keep his messages & data secured in Sydeco’s cloud, nothing, no trace in his phone,
- Keep his messages & data secured in his own computer, protected by ARCHANGEL-SST, nothing, no trace in your mobile phone or,
- Create his own messenger service by Installing, in his own server, SydeChat which is protected by ARCHANGEL-SST and SP-One. So the user has is private chat and his data & messages are kept in his servers. There is nothing, no trace in his mobile phone and no one can access his chat unless they are a member of the user’s network.
PT SYDECO has created a comprehensive security system based on epidemiological methods that includes a ZERO TRUST architecture and the most powerful tools from the latest technologies to protect against the disastrous consequences of Ransomware and other attacks.
The ALL-IN-ONE system of PT SYDECO offers a real-time response and follows the 0-0-0 rule:
- Zero minute to notice a threat,