Never bring a knife to a gunfight!

anand kashyap and imam sheikh fortanix
Anand Kashyap
Imam Sheikh, Head of Security Products - Equinix
Published:Oct 9, 2018
Reading Time:2 Minutes

The Big Hack demonstrates that the cyber warfare has moved from realm of the software to realm of the hardware. Software-based security, such as anti-malware, firewall, user behavior analysis, network flow analysis, etc. are ineffective in the face of such sophisticated attacks.

Hardware implants, in the form of tiny microchips on the motherboard, were used to attack the operating system and then spy on and exfiltrate private data. Implants are even worse than interdiction, a technique used by US spy agencies as reported by Snowden.

Interdiction is used to alter and manipulate hardware in transit to insert hardware-based attacks. Implants occur at the time of manufacturing, which makes detection extremely difficult.

Attacks like The Big Hack have huge security implications. Even FIPS 140-2 Level 3 and Level 4 devices, such as Hardware Security Modules (HSM), may get impacted by this because the attack happens even before the tamper-response and tamper-detection modules are inserted. The possibility of hardware implants in servers in the public cloud can erode trust among customers who don’t feel like they have any control over the supply-chain process.

No software-only security solution can protect against these hardware manipulations.

Only hardware can fight and defeat hardware. Fortanix Runtime Encryption® decouples the security of an application from the security of the infrastructure. It assumes that the infrastructure is compromised, as was the case in the Big Hack. However, applications running with Runtime Encryption® remain protected wherever they run.

fortanix runtime encryption

Runtime Encryption® uses secure enclave technology such as Intel® SGX in the processor to ensure that data always remains encrypted, even when in use. Only authorized code can be loaded into enclaves, and it can’t be modified once loaded.

This ensures the confidentiality as well as the integrity of data and code. Data stored at rest as well as data in motion are also encrypted using keys available only inside the enclave. This ensures that no data is visible in plain text outside the SGX enclave, ever. You can’t hack what you can’t see!

Also read: How SolarWinds Busted Up Our Assumptions About Code Signing

Applications built on Fortanix Runtime Encryption®, such as Fortanix DSM, and Equinix SmartKey, powered by Fortanix, are protected from The Big Hack. To learn more about Fortanix Runtime Encryption®, reach out to us at info@fortanix.com.

Share this post:

Platform

Fortanix Armor

Key Insight

Data Security Manager

Confidential Computing Manager

Open Source Platform

Enclave Development Platform®

Solutions

Use Cases

Legacy to Cloud Infrastructure Migration

Regulatory Compliance

Post-Quantum Readiness

Secure, Data-Driven Innovation

Company

About Us

Partners

Careers

Confidential Computing

University

Blog

FAQ

Contact Us

Awards

Events

Press

News

Services

Media Kit

Newsletters

Customers

Resources

Support

Fortanix-logo

4.6

star-ratingsgartner-logo

As of August 2023

SOC-2 Type-2ISO 27001FIPSGartner LogoPCI DSS Compliant

US

Europe

India

Singapore

3910 Freedom Circle, Suite 104,
Santa Clara CA 95054

+1 408-214 - 4760|info@fortanix.com

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712