A hardware security module (HSM) is a dedicated networked server that is used to handle encryption and decryption of files.
With processing handled in this manner, high-speed file security is available in a secure environment protected from most network access.
We produce high-quality enterprise-class HSM products.
Our products are designed for IT departments to enforce risk reduction of leaks if private files are stolen.
Stolen by trusted staff and miscreants who breach networks.
Our products include the Kryptera Enterprise HSM, and the Kryptera Mirage HSM.
Our product lines share common features, where only the underlined features are common with other competing HSM products:
Our products were created from the ground up. We did not use any other product as a model to create our products. We knew we had to provide a straightforward approach that would allow IT administers to stop the leaks of stolen private files. Our products have no reliance on third party frameworks, APIs or libraries to maximize security and guarantee long term use.
We do not provide access through an application programming interface (API). We believe that providing an API creates security issues. Our products are designed to be quickly and easily utilized by IT departments without need for custom software development using a PKCS #11-compliant API.
We took this lengthy, costly and difficult approach to reach the highest level of security with the fastest level of performance. We took our time to create, test, refine and enhance our products, before we completely reviewed and refactored our entire source code base. Everything we have done has made our products more secure, stable, faster and easier to use.
It may be possible, though often unfeasible, to stop file theft by attackers gaining access to computers, mobile devices, networks, servers, and cloud storage, flawed operating systems and software applications, insecure backups, and back doors in hardware and software.
Private files have been stolen, are being stolen, and will be stolen.
Leaks and improper use of private files occur every day.
Kryptera HSMs are risk management solutions used to minimize the risk of private file leaks.
Kryptera HSMs are a secure turnkey solution that embraces server-side file processing.
Processing to automate encryption and decryption of files including files within complex directory chains.
Full automation is possible through scripting, server configuration, and use within a private network.
Kryptera HSMs provide high-speed mass processing and queuing of files and directories.
Kryptera HSMs are autonomous. They do not communicate with external networks, do not require external private key management, and manage private keys internally in a secure and unique manner.
Kryptera HSMs are inventive and disruptive.
Kryptera makes complex simple.
We'll now detail the reality that most people and organizations face today.
This may prove difficult to read, but it's the truth.
After that we'll provide details about our HSM solutions that will permanently alter your reality for the better.
Our solutions are inventive.
We created completely new hardware security module solutions.
A new approach with a new design using all new proven technology to make it all come together.
Our solutions were designed to simplify encryption and decryption of files.
Simplify to remove obstructions that prevent organizations from protecting their most valuable assets.
Our products provide IT departments with control over file security rather than rely on provision of a PKCS #11-compliant API.
The following link is provided throughout this document to view our solutions.
We’re facing a very serious crisis today that is not going away
The problem is cybercrime, and more specifically, the rapid growth of insider breaches.
The problem is getting worse, not better, with global losses approaching $3 trillion a year.
A key to the problem lies with current forms of encryption that require users to retain and manage passwords, passphrases and private keys.
Some organizations are now managing millions of encryption keys.
This has resulted in:
Kryptera HSMs come to the rescue, with a breakthrough approach to encryption of private files.
Kryptera's high speed mass encryption uses a unique method of internal key management.
Kryptera supports processing of many files, even within complex directory chains, at the very same time.
So no more excuses, no more hassles, no more reason for organizations to:
So why rely on obsolete encryption methods?
Kryptera has a brand new key that can help you stop leaks of private files and manage the insider threat crisis.
We have created an ever growing list of articles that relate to security risks.
This list will confirm the validity of claims we make that relates to risks.
Please share this list with subject matter experts within your organization to determine risk levels and exposure.
Criminal employees may work alone or report to:
Insider breaches have been increasing year after year. Today, over 60% of reported losses now come from within. Most losses are not reported.
It is simply too easy to steal from inside without being caught. The main culprits are trusted insiders, often unvetted by HR. Even ordinary employees can cause serious security breaches.
|Fear of suffering||Opportunity||Grudges||False news|
New employees are often provided with a computer that connects to internal and external networks.
Many employees are given access to email, private storage areas, shared resources, an Intranet site, and remote VPN access.
Smartphones may be provided, or the use of personal smartphones encouraged.
Organizations rarely monitor access to R&D, database administration, network administration, and critical roles in IT, support, finance, sales and marketing.
Criminals can work at these levels and be trusted, can operate beneath the radar and do things that can prove impossible to detect or stop.
They steal confidential files with impunity, insert back-doors, and destroy anything they want.
Employees familiar with the Darknet can unleash destructive events.
Providers of malware, ransomware and DDoS attacks found in the Darknet will attack an organization at low cost. Providers share revenue or pay for information to simplify attacks. Buyers will pay for stolen files and private information. The Darknet is available through the Internet, and accessed using the Tor network.
Here are the 10 most common pieces of information sold on the dark web and the general range of what they're worth—or rather can sell for:
Attacks are levied in retaliation for perceived grievances, to bring down a competitor, silence opposition, stifle contrary information, make money or simply to cause chaos.
Attacks can create high-paying work for people associated with an attacked organization. An internal criminal can leverage internal chaos to steal and transport private files and information.
To steal digital data requires access to files and information, temporary storage to house stolen files, and methods of transport for stolen files.
Intelligent criminals can easily:
Criminals can copy or steal files:
To gain full access, criminals can:
This is an effective way to gain full access to drive contents without an account or password
Organizations can also encrypt internal drives to prevent use as a USB docked drive. An encrypted drive is only secure after it has been powered down.
To avoid detection, insider criminals can transport stolen files from original sources, leaving fewer traces behind.
They can clean traces of their activity to prevent detection, and securely erase files after transport.
By defragmenting internal storage, they can overwrite sectors previously used by stolen files.
Insider criminals can leave traces behind. Shared network logs should be reviewed to check if employees are copying too many files.
Traces will be left behind if an internal drive placed in a USB case is accessed on a Windows or Macintosh computer. This is prevented by using a Unix or Linux computer, or by using a USB case that includes a read-only switch to prevent writes.
It is common for employees to set up Cloud space without authorization from the IT department.
Once properly set up, original private files can be directly transferred into Cloud space.
This can lead to long term problems for the organization. When original private files are present in Cloud space, the risk is high that security will become an issue.
Smartphones are major security risks.
Most smartphone applications are highly invasive, and malware infection is extremely common.
Rogue applications can capture keystrokes, audio, video, still images, screen captures, web activity, telephone calls, and most other forms of communications.
Smartphones can be connected to computers using a cable, WiFi, Bluetooth, and Near Field Communication (NFC).
SIM cards can be changed to communicate over alternate carrier networks.
Methods abound to transport stolen files and information using smartphones.
Each have created technology that records and retains private conversations and actions.
Some retain video, audio, and telephone conversations. Most retain location and other private information.
Some permit staff to review stolen recordings, where another relies on staff to transcribe stolen recordings.
Organizations should avoid relying on technology that creates internal security issues.
It’s hard to accept that people you trust and respect, that you work with and spend time with, are criminals.
Criminals who steal and leak private information do not care about the destruction they cause.
Kryptera Technologies has created the Enterprise and Mirage product lines.
Both products share features such as manual or automated high speed encryption and decryption of many files at the same time with internal private key management.
File encryption, with regularly scheduled encrypted backups, are the major ways to defeat leaks of stolen files, and associated loss.
Kryptera technology is directed to these ends.
Dedicated thieves will always find ways to steal and transport what they want and little can be done to stop it. But Kryptera offers a simple solution to stopping leaks:
With Kryptera in operation, there is no way thieves can decrypt a file without access to the same Kryptera server, or the same secure group of Kryptera servers, used to encrypt the file.
Kryptera products are designed to simplify encryption/decryption.
We make complex simple. And simplicity removes any reasons to avoid encryption of valuable private files.
Each product is provided on a turnkey network server that has been securely customized for client use.
Kryptera servers efficiently reduce the risk of leaks through high-speed mass encryption of many files and directories of files at the same time.
Private key management is central to Kryptera design and is internally handled in a highly secure manner.
Our design allows for queuing up of an unlimited number of files and directories for processing.
Files are randomly and securely encrypted.
Encrypted files normally cannot be decrypted on a different Kryptera server.
Kryptera Encrypted File Sharing (EFS)
The EFS feature can be used within many high-security scenarios.
One scenario can correct a widespread security fault where original private files have been directly stored in Cloud space and are subject to leaks on Cloud breach.
Using two Encrypted File Sharing (EFS) servers will correct this problem:
A Kryptera server hosted in a private network is used to decrypt files brought down from Cloud space, and encrypt files before transport into Cloud space.
This design minimizes risks of Cloud breaches leading to leaks.
Original files, including complex directories, that are stored in Cloud space will be mass-encrypted using the virtualized EFS server.
Available cores and memory, and speed of storage on the virtualized EFS server determine how quickly files can be encrypted.
Automated processing can occur 24/7.
As processing completes, original files and directories can be replaceed with the encrypted versions.
The virtualized Kryptera server is then destroyed after all files and directories have been encrypted.
This feature enables creation of a hierarchy of Kryptera servers.
For example, an administrator can create one to many departmental servers where each unique server is used to encrypt files that cannot be decrypted by other departments.
One to many managerial servers can then be set up to decrypt encrypted files from one to all departmental servers.
Managerial servers can encrypt files that cannot be decrypted by any other server within the organization, unless the hierarchy allows it.
Kryptera servers can be configured to share out queue directories within an internal network. Sharing of queues can automate encryption of archival backups prior to storage.
The archival backup would be written to a mounted input queue. The archive is encrypted then moved to a shared output queue directory used as a source for final storage to tape, NAS or cloud.
The Enterprise product line is highly customizable and designed for general purpose use.
The Enterprise code base can be used to create products that will operate on large capacity servers and computers down to extremely small computers and devices.
Mirage was refined for maximum speed and designed for special use.
While both product lines encrypt and decrypt files of any size, Mirage is three times faster than Enterprise when tested on identical hardware.
Mirage is best for critical processes that require real time encryption such as post-production movies, CCTV feeds, and database backups.
We have solid experience directly relating to the theft of private data and information.
We have reconfigured computers and servers to bypass security, restrictions and monitoring, and have cleared all traces of activity. We have also developed software that relates to NTFS ADS and direct sector writes.
We can help you to reduce internal risks, and isolate related problems.
Copyright © Kryptera