stealth connects you to the future - pages -...
TRANSCRIPT
Stealth Connects You to the Future
Securing Your Global EcosystemToday, your enterprise has no borders, shares servers in the cloud, uses mobile
devices you don’t own, and allows suppliers direct access to your systems. Today,
you may use one public cloud, but by tomorrow you’ll end up using many. Today,
you may have a few control systems, but tomorrow they may run whole parts of
your business. Tomorrow, your global eco-system will need to continue to expand
to compete, while the security of your operations and privacy of your data remain
your responsibility alone. Unisys is positioned to help you leverage that connected
ecosystem – efficiently and securely.
You can place your trust in Unisys. We’ve been a technology leader for nearly
150 years and in the cybersecurity business since the 1960s; that leadership
continues today. Our award-winning approach to micro-segmentation
technology, Unisys Stealth®, is a software-based solution that secures
enterprises wherever they work, including data centers, clouds, mobile devices,
and Industrial Control Systems.
2
Enter Micro-SegmentationMicro-segmentation allows enterprise managers to quickly and easily divide their
physical networks into hundreds or thousands of logical micro networks, or micro-
segments. As opposed to the old way, which was analogous to putting your valuables
in a bank vault and investing in strong walls and a reinforced door, micro-segmentation
is more like a safe deposit box room inside the vault. Setting up micro-segments keeps
the different parts of an organization logically separate – which dramatically lowers risk,
since when someone does find a key to get in, they can only see what’s in their one tiny
little box (the segment).
Beyond Perimeter SecurityPerimeters are a thing of the past, and modern security concepts must adapt to
address that fact. Firewalls were fine when you only had a perimeter to protect, but
they don’t make sense for today’s highly interconnected and distributed enterprises.
Your data is everywhere. Your users are everywhere. Your processing is everywhere.
Your security needs to be everywhere too.
Identity-based micro-segmentation uses powerful
encryption to create segments within an organization
where only authorized users can access information,
while those without authorization cannot even see
that those endpoints exist. Micro-segmentation –
and Unisys’ micro-segmentation product, Stealth
– cryptographically confines user access to a single
segment of the network, with no ability to move
laterally to other parts of the organization. This helps
organizations mitigate attacks and hacker incidents by
rendering devices, data, and end users undetectable
on networks and helps secure interactions across the
network. Most importantly, these secured segments
can encompass any cloud, server, computer, or mobile
device, even if your company doesn’t own them.
3
Protecting Network Endpoints at the Packet LevelUnisys Stealth provides end-to-end secure protection of business data and
infrastructures from cyber-attacks. Stealth software can protect against payment
fraud, data theft, malware and more. This means that Stealth can help ensure that
organizations meet standards, such as PCI or HIPAA. The software is installed onto
your network, with a single management console coupled with software agents that
run on IP devices in the enterprise.
Stealth allows the system manager to establish controls that decide who gets to do
what, and easily enforce those rules at the network packet level, without impacting
existing applications, routers, firewalls and other infrastructure
Stealth enables a Zero Trust environment, where only entities known to the
system are allowed to interact. It adds a much-needed layer of security controls
to work seamlessly with already-deployed cyber defense, and lets you control risk
management processes to address the risk posed by compromised credentials.
Improving Connections to Operating Systems, Devices and More
Securing your enterprise ecosystem requires security
that was built to work everywhere, and has built in
connections to everything. Unisys Stealth provides
security across a wide range of operating systems,
devices, hypervisors, and networks as described
below, offering a holistic security solution that spans
various environments.
4
Operating Systems
Stealth is natively supported on the following operating systems:
• Windows 7 onwards and Windows Server
2008 R2 onwards
• Red Hat Enterprise Linux 6.x and 7.x
• SUSE Linux Enterprise Server 11.x and 12.x
• Ubuntu Linux 12.04 and 14.04
• AIX v6.1 and v7.1
Other operating systems that cannot run Stealth natively (for example, printers,
mainframes or some UNIX operating systems) can participate in Stealth
Communities of Interest (COIs) through the use of a front-ending Stealth Secure
Virtual Gateway (SVG). This allows them to communicate securely with Stealth-
enabled endpoints.
Stealth can also isolate endpoints running End-of-life operating systems such as
Windows XP or Windows Server 2003, permitting communication only to specific
endpoints and cloaking them from the rest of the network.
Devices
Stealth is supported on both servers (physical or VM) as well as end-user systems
like laptops or desktops. So Stealth can secure both client-server as well as server-
server communication, which differentiates it from competitors that can secure only
one of these.
Any x86/x64 device running Windows 7 or later, or Linux flavors mentioned above,
can natively support Stealth. Other devices can be supported through the SVG as
mentioned above. SCADA and ICS systems can participate either way, depending on
their operating system and hardware.
Mobile and handheld devices that include a native IPsec VPN can participate in
Stealth COIs through the Stealth Secure Remote Access (SRA) Gateway. The SRA
Gateway transitions incoming connections from these devices to the respective COI,
based on the user identity.
Hypervisors
Stealth is hypervisor-agnostic. Stealth operates at the OS level, and is therefore
compatible in environments running any hypervisor (VMware, Hyper-V etc.).
5
Networks
Stealth is deployed as an overlay on the existing network, so it does not require any
changes to network hardware infrastructure such as firewalls, switches or routers –
nor does it require any change to the network topology.
Stealth can be implemented on – and extend any – IP-based network, whether
virtual or physical. Stealth works on wired as well as wireless networks. Stealth
deployed on Windows and Linux endpoints also support IPv6.
Topology
Endpoints that are routable from each other can share membership in a Stealth COI.
This includes on-premise endpoints as well as endpoints located in branch offices
or disaster recovery sites that are connected over site-to-site networks. Remote
users can also participate in the COI from their Windows laptops or desktops or
from their mobile devices through the SRA Gateway. In addition, VMs hosted in
public clouds can also belong to the same COI as long as there is an MPLS or site-
to-site connection to the public cloud (for example, AWS Direct Connect or Azure
ExpressRoute).
Applications
Stealth is compatible with most applications, without requiring any application
changes, as Stealth operates low in the network protocol stack below the
application layer.
For mobile applications, Stealth is qualified with the Blue Cedar Networks Mobile
Application Protection (MAP)app-wrapping solution. MAP-wrapped mobile apps on
iOS and Android devices can securely connect to their backend systems in the data
center over Stealth.
Cloud
Stealth runs on Windows and Linux VMs in public clouds. Enterprises can extend
their on-premise Stealth COIs over a site-to-site or MPLS connection to secure
workloads in public clouds.
On-premise Stealth COIs can be securely extended to the AWS and Azure public
clouds by launching Stealth-enabled workloads directly on these clouds, ensuring
the benefit of Stealth security from launch time itself.
In addition, for applications that are completely hosted in the AWS public cloud,
Stealth can be launched from the AWS Marketplace, offering pay-per-use security.
Stealth is currently the only software micro-segmentation vendor to support
deployment directly from the AWS Marketplace. Stealth will also be soon available
on the Azure Marketplace.
6
Micro-segmentation is a Game Changer
Micro-segmentation is a new approach to security designed specifically
to provide containment in today's hyper-connected world. It accepts
that users are human, that technology evolves constantly, and that the
bad guys are just as clever as the good guys. When properly deployed,
a system of micro-segmentation will allow government and business to
protect against threats – and also contain threats that do make their
way inside.
The difference with this new containment strategy is its ability to work
at the Internet Protocol (IP) packet level. Driven by existing identity
management systems like Active Directory or LDAP, it's simple to
establish Communities of Interest for authorized users across all of
these technologies. With micro-segmentation, it's quick and easy to
create a cryptographically sealed community, so that everyone in a
specified group can reach it, but no one else – including hackers who
might introduce malware that is looking for something to steal – can
even see that it is there. And since it's cryptographically enabled at
the IP packet level, Unisys clients don't even have to manage the
applications themselves, saving time, complexity and money.
Today, businesses and governments worldwide are quickly building
on micro-segmentation. This takes full advantage of the infrastructure
already built and deployed, bypassing many of the constraints like
overwhelming network rules and the inherent inability to keep up
with tracking security events, while addressing the evolved business,
defense, technology and security realities of today.
7
Ecosystem
Stealth COIs are defined by mapping to groups in Active Directory or any other LDAP-
capable identity management system. This means that access control can be easily
modified by changing LDAP/AD group membership.
Stealth events can be forwarded to syslog servers. On Windows endpoints, Stealth
events are posted to the Windows application and system event logs, enabling SIEM
tools (for example, ArcSight and LogRhythm) to capture these events directly.
Sandboxing
While enforcing controls on all business workflows, it’s also important to allow users
to break out and surf the web sometimes. We understand that, and have developed
an encrypted gateway that allows enterprises to provide for safe surfing (in a fully
virtualized environment that protects the enterprise, while running transparently
to the user.) This allows direct encrypted connections to leading web sandboxing
vendors.
Other Infrastructure Servers
Stealth passes through DHCP and ARP in cleartext.
For other infrastructure servers where Stealth-enabled as well as non-Stealth
endpoints need to communicate (for example, DNS servers), cleartext filters can be
defined within the Stealth COIs. These cleartext filters can enable Stealth endpoints
to communicate with these infrastructure servers over a cleartext (unencrypted)
connection, while using Stealth for all other traffic.
Isolated Environments for Regulatory Compliance (PCI, HIPAA etc.)
In environments where some systems need to be
isolated from the rest of the network, for regulatory
compliance or other reasons, Stealth can enforce this
isolation. For instance, cleartext systems handling PCI
data can be put in a Stealth COI which can be tightly
locked so COIs can communicate with one other over
cleartext, while being cloaked from all other non-PCI
systems.
Making the Network More SecureUnisys Stealth is a leading-edge, software-based
micro-segmentation security solution designed to
make networks more secure. It provides a cost-
effective way to protect any and all of your IT systems
from unauthorized access. Using Stealth’s software
micro-segmentation features, users and security
managers can logically separate sensitive systems
from other systems in the enterprise, protecting them
from unauthorized external or internal access.
16-0398
For more information visit www.unisys.com
© 2016 Unisys Corporation. All rights reserved.
Unisys and other Unisys products and services mentioned herein, as well as their respective logos, are trademarks or registered trademarks of Unisys Corporation. All other trademarks referenced herein are the property of their respective owners.
Partnering with Microsoft and Amazon – and Stealth Certification
Unisys Stealth was born out a rich history between Unisys and the United States
Department of Defense more than 10 years ago. Stealth not only maintains
the secrecy of all network conversations, it also maintains the secrecy of the
conversation’s existence. Stealth encodes the traffic and hides all traces of the
network, regardless of location.
Stealth partners with Amazon Web Services and Microsoft Azure to bring increased
security to the cloud. And in July 2016, Stealth was evaluated and accredited by
the National Information Assurance Partnership (NIAP) as meeting internationally-
accepted standards for trusted security products and solutions.
NIAP certification, established by the U.S. National Security Agency (NSA) and the
U.S. National Institute of Standards and Technology, is recognized by governments
in countries such as Australia, Canada, Germany, Malaysia, New Zealand and the
United Kingdom – more than 20 countries in all. Only the most secure products
achieve this very exclusive designation.
Stealth also was concurrently approved by the NSA’s Commercial Solutions for
Classified (CSfC) program, opening the door to U.S. federal agencies to purchase
Stealth within composite solutions that protect classified systems and data.
CONCLUSIONStealth was built for the way you work today, and to take
you into the future. Stealth connects you to everything
you need to be efficient, agile, and advanced, while
providing you the security and privacy controls you need.
This can only be accomplished with an advanced product,
designed specifically for these borderless environments
– one that has evolved with some of the world’s most
mission-critical clients for years. Stealth connects you
to everything you need today, and into the world of
tomorrow. At Unisys, we continue to help you Secure Your
Future.
About UnisysUnisys is a global information technology company that
works with many of the world’s largest companies and
government organizations to solve their most pressing
IT and business challenges. Unisys specializes in
providing integrated, leading-edge solutions to clients
in the government, financial services and commercial
markets. With more than 20,000 employees serving
clients around the world, Unisys offerings include cloud
and infrastructure services, application services, security
solutions, and high-end server technology. For more
information, visit www.unisys.com.
Follow Unisys on Twitter at https://twitter.com/UnisysCorp
and LinkedIn at https://www.linkedin.com/company/unisys.
16-00179/16Printed in the United States of America