By Carolyn Mathas
Large fault-tolerant quantum computers provide a substantial threat to existing public-key cryptography, rendering sensitive data and systems vulnerable to attacks. Moving to new encryption methods, however, may take a decade or longer to complete. In response, SandboxAQ just unveiled its SandboxAQ Security Suite, an end-to-end cryptographic-agility platform providing cryptographic vulnerability scanning and remediation. SandboxAQ claims that its Security Suite is the industry’s first complete solution for cryptographic inventory that includes analysis and inventory of filesystems, applications, and networks.
The SandboxAQ Security Suite architecture is based on three modules that enable discovery, management and remediation.
- The Cryptosense Module–a comprehensive set of analysis tools including a Network Analyzer to capture network traffic and identify cryptography used to protect data in transit. An application analyzer detects and records all calls to cryptographic libraries made by an application, identifying vulnerabilities and policy breaches. The Filesystem Analyzer scans files to find and parse cryptographic objects in data at rest.
- The Cryptoservice Module, currently available for select preview partners, enables remediation and supervised enforcement, immediately responding to off-policy vulnerabilities and out-of-policy algorithms. Remediation is based on real-time cryptographic algorithm and/or protocol switching. It’s the ability to cross-reference network, application and filesystem analysis that renders the complete inventory much more actionable for remediation.
- The Control Center module provides a comprehensive dashboard view of the existing cryptographic infrastructure including artifacts, libraries, algorithms and protocols. It also delivers benchmarking tools that monitor cryptographic performance.
Enterprises and government agencies already making use of one or more modules of the SandboxAQ Security Suite include global banks, Cloudera, Informatica, the U.S. Air Force and the U.S. Department of Health & Human Services. Strategic alliances are also in place with Deloitte and EY to help enterprise customers identify and remediate encryption vulnerabilities. Small organizations also able to benefit from the suite by subscribing to a SaaS service and paying only for the modules and usage they need. In comparison, large enterprise customers typically access the solution on-premises or self-hosted in their own cloud.
According to Graham Steel, head of product in SandboxAQ’s Quantum Security division, “Getting started right now is critical. Adversaries are not waiting for quantum computers to launch their attacks—they’re already engaged in Store Now Decrypt Later attacks, acquiring sensitive encrypted data now for future decryption,” Steel further explained that transitioning to quantum-safe encryption and implementing crypto-agility could take years. Many organizations with complex IT infrastructures are concerned whether this can be completed before large-scale quantum computers are available to carry out ‘decrypt right now’ attacks. “Our Security Suite is designed to accelerate every stage of this process,” he added.
The SandboxAQ Security Suite’s cryptographic agility enables customers to seamlessly swap cryptographic protocols amid ever-changing regulatory requirements and cyber threats. This concept of crypto-agility will become mandatory to protect organizations against classical and quantum-based attacks, while maintaining regulatory compliance.
Additional information about the SandboxAQ Security Suite is available in a press release posted here.
April 19, 2023