GRC Viewpoint

Introspective Networks: Enabling Proactive Cybersecurity Solutions At All Levels

ANTHONY
THOMPSON

Founder, President,
CEO & Board Chairman

Introspective extends a unique approach to cybersecurity. The approach is strengthened by a proper and extensive understanding on the underlying cybersecurity concerns. The firm differentiates itself with a range of defensive and proactive Cyber security solutions. Introspective Networks’ most significant differentiating factor is their unique approach to cybersecurity based on the proper understanding of the entire cybersecurity scenario and the underlying vulnerabilities with TCP/IP networking

Incoming data proves that cyberattacks are growing faster across the globe and taking different forms. Besides the financial losses, a successful cyber attack leads to reputational damage and loss of precious time. Therefore, the fear of potential data breaches and hacking possibilities is a regular part of the modern cybersecurity industry. Despite the enormity of the situation, the reality is that cyber threats are only sometimes dealt with properly. Attempts to ensure cybersecurity should begin with identifying the right approach. Many times, cybersecurity begins after a breach has occurred. Along with awareness campaigns and bridging the talent gap in cyber expertise, it is inevitable to get accustomed to a ‘proactive approach to cyber threats.’ In other words, all cybersecurity efforts should strictly be focused on preventing these breaches. Enter Introspective Networks, a firm headquartered in Colorado that has been rethinking the approach to cybersecurity. Instead of trying to detect problems, they simply remove them. For instance, their flagship product SmokeNet has been independently verified to remove all network threats through Moving Target Defense. It also uses an encryption cipher that can not be defeated; even in theory.

Looking at the statistics, For the 12th consecutive year, the US retains the top position in terms of the most expensive data breaches. It is USD $5.09 million more than the worldwide average. It is clear the current status quo and standards do not work. Even an average cyber threat could be disastrous for small to medium-level firms. Moreover, it may take significant time to recover completely from the attacks. Large, established enterprises may be less vulnerable monetarily, yet repeated attacks can have an impact. A damaged reputation may be even more costly for these firms than direct financial losses. The Internet has transformed our existence and is slowly gaining access to almost all aspects of our lives. Yet, with such power, there is greater opportunity for criminals creating more risk.

GOING INTO THE DEPTHS OF THE PROBLEM

“Because the Internet’s underpinnings were built on implicit trust, a Pandora’s box of security problems exists. Besides happening after the fact, reactive cybersecurity solutions do not address the real issue – the design of the protocols and equipment do not meet their adopted purpose of public and commercial use. Throw in a law that requires anyone with a Core Internet router to be able to record data from anywhere, and a huge security problem is created,” says Anthony Scott Thompson, Founder & T-CEO.

Fundamental changes are required to make sure that information control is restored. Directionally, this is where the US Government is taking us. There was an executive order on May 12th, 2021 that marks a move to a defensive posture. This is moving us to Zero Trust Architecture (ZTA) which is precisely what Introspective Networks has been developing for this moment over the last 6 years at the behest of the USAF 688th Cyberspace Wing after reviewing Introspective Networks’ patents on Streaming Transmission One-time-pad Protocol (STOP). This is the underlying technology used by SmokeNet – a VPN-like, IP Networking implementation of STOP. The 688th Cyberspace Wing declared there would be a move from “cyber offense” to “cyber defense” in the coming years. This executive order directs that projected change. One of the biggest cybersecurity threats today is current encryption. All current standard encryption uses some form of short key or keys with well-known algorithms. Unfortunately, cryptographic attacks are on the rise. Hacking VPNs is a prominent method for ransom attacks. This typically includes breaking encryption along with utilizing “Man in the Middle” (MitM) attack techniques allowing the ransomer to inject commands and take control of internal assets like databases and financial systems. The most immediate threat to encryption using relatively short keys is simple theft. Once stolen, data can be recorded and decrypted. This makes things like MitM attacks possible. With some clever social engineering at a cloud service provider, the keys can be obtained. Using key based encryption for things like VPN implies a lot of trust in the cloud provider and everyone that works there. This type of encryption is at odds with forthcoming ZTA compliance rules. Frankly, VPN connections to cloud service providers are just not secure. Discussing underlying cybersecurity problems would be incomplete without mentioning the Quantum computing threat. Technically, this would provide options to directly decrypt present encryptions.

The direction taken by NIST mirrors current encryption with short keys and trust in third parties. The efforts to develop post quantum encryption started in 2014 and are at odds with the 2021 Executive order. In contrast, SmokeNet uses encryption that is quantum computer proof and meets the requirements for ZTA. This encryption method creates a mathematically unsolvable problem. This is encryption that is used for the most critical top secret information going back to World War I and is still used to this day. It initially goes back even further to the 1860’s and was used by Wells Fargo to encrypt telegraph messages. The issue is prior uses have required a manual key exchange with manual encryption and decryption. That makes this impractical for use on the Internet. The problem of using this in a modern network is called the Key Exchange problem. Introspective Networks has solved and patented solutions to the Key Exchange Problem allowing this form of encryption to be used in any network, including the Internet. Contrary to the common perception, a firewall is not the ideal solution. Although it serves the purpose of protection to a great extent, the possibility of the firewall getting connected to external sources with bad actors cannot be ruled out. Firewalls are also very complex and, to be effective, require a large amount of attention. Moreover, distributing firewalls to every remote location increases the amount of attention and maintenance required. This raises the possibility of human error. Cloud is yet another critical aspect of cybersecurity. Cloud extends several benefits including an economy of scale. The benefits associated with the cloud have been so lucrative that more and more enterprises are considering shifting to the cloud. Cloud services can be accessed from anywhere, and the need for specialized software and hardware is eliminated. Cloud also enables centralized security, like cloud firewalls which can also offer higher performance. However, cloud-transitioned information is only partially secure as the data retains exploitation vulnerabilities as it traverses the Internet. It also, as mentioned earlier, in its current state is highly unlikely to be ZTA compliant.

“Most cloud services use public key encryption, which absolutely can be compromised by stealing the authentication cert from the authenticating Certificate Authority (CA) or tricking the client into installing a fake cert spoofing the CA combined with getting a copy of the private key from a cloud provider. Moreover, using private key encryption, which is cryptographically more secure, has only a single key to steal from the cloud provider,” adds Thompson. STOP and its IP Networking invocation SmokeNet were designed to address these shortcomings by not just encrypting data at a much higher level but by removing network threats like Man in the Middle attacks through Moving Target Defense – a very hot academic field as ZTA becomes a focus. The encryption key for a one time pad is as long as the data itself. The key material is not short and is unique for each byte of data. “We are mostly associated with the DoD through NORTHCOM doing validation with DISA, NSA and OSD. Our primary focus is on the U.S Government. We have the ability to export through the US Department of Commerce,” says Thompson.

THE INTROSPECTIVE DIFFERENCE

Introspective Networks’ most significant differentiating factor is their unique approach to cybersecurity based on the proper understanding of the entire cybersecurity scenario and the underlying vulnerabilities with TCP/IP networking. The Internet was originally an academic network – ARPANET. Its security revolved around limiting access to the network. When ARPANET was turned over to the public, there was little consideration around cybersecurity. The concern by the US DoJ was surveillance and other offensive capabilities. This was the seed of the cybersecurity mess we have today. “The solution is to have a proactive, defensive approach. This removes access, increases encryption effectiveness and makes data recording an order of magnitude more difficult if not impossible. There are three main areas to consider with cyber defense: Networks, Software/Hardware, and People. If you can solve all three of those problems proactively, you start removing vulnerabilities,” explains Thompson. Introspective Networks extends a unique solution that leverages Moving Target Defense (MTD) and Streaming Key Encryption (SKE). The combination of these technologies helps safeguard data in motion like never before. The underlying technology referred to as Streaming Transmission One-pad-protocol or STOP uses techniques to hide data in networks besides encrypting it. The encryption provides each byte of data with its own unique key. The keys originate from true random making guessing or calculating impossible. This method removes network and encryption vulnerabilities. Another solution offered by Introspective Networks is called PAWS (Partitioned Access WorkStation). PAWS prevents any ransomware from accessing the ‘private’ data when a piece of online information is accessed. The ideal way to use PAWS is in combination with SmokeNet for a totally proactive and effective cybersecurity solution. PAWS lets your employees maintain access to the power of the Internet without risking your most critical data. This is yet another method that is compatible with ZTA. This removes trust in direct internet access.

Cybersecurity enterprises are leveraging machine learning and artificial intelligence to nullify the effects of a cyber attack. However, incorporating these technologies is restricted by certain aspects, including resiliency, latency, and processing power. Even with AI, by the time a breach is detected, it is too late – the adversaries are already in your network. While AI can help discover problems, it is still a reactive solution with little hope of success against a talented adversary. As soon as they gain a foothold in your network, it is too late to stop them. The critical step is to not allow them access to your private data in the first place though a proactive approach like SmokeNet and PAWS. “Introspective Networks is also addressing Cloud Computing with a distributed AI framework with seminal Fog Computing technology: Processing Units for Multi-Agent Systems, or PUMAS. This allows distributed processing with zero-nines uptime and subsecond recovery from processing or network failures. When combined with STOP, you have a robust, zero nines, highly secure IoT infrastructure solution for industries like power grid, smart city or telecommunications automation,” concludes Thompson. Introspective Networks is rethinking how we approach computing with a keen eye on cybersecurity. For compliance, this technology can be a quick solution to checking many of those boxes with real, verified proactive solutions. Introspective Networks is a subsidiary of its parent company Introspective Power, Inc. (IPi). IPi holds 15 granted patents on these and other technologies. To inquire about purchases, email sales@inets.us. For general information, email info@inets.us. To learn more about SmokeNet go to https://inets.us.