06:40 PM
Dark Reading
Dark Reading
Products and Releases

ZenithSecure Intros 'Hack-Resistant' Database

ZenithVault database accomplishes its advanced security primarily with automated data-splitting

July 2, 2013 - ZenithSecure&trade has launched the world's most secure database solution which makes it practically impossible for hackers to gain access to storage systems and disable or steal confidential information. The ZenithVault&trade database leverages automated secret sharing techniques to deliver the most secure database available today. It protects from cyber-attacks sensitive data such as credit card numbers. It is also ideal to protect personal data, financial documents, government secrets, patents, patient records and more.

The ZenithVault database accomplishes its advanced security primarily with automated data-splitting. First it encrypts data with the user's defined password as the encryption key. After this process, automated data-splitting occurs and the split data is then distributed across multiple servers and geographies using SSL or Diffie-Hellman/Elliptic curve transport encryption. The transport encryption type is based on the ZenithVault version in use. Each storage server is running a different operating system (OS). The use of different OSes per server defends against zero day attacks and/or OS exploits. This exclusive secret-sharing technique creates the most secure database available today. No longer does a single server breach mean compromised data. ZenithVault represents the most secured database against external or internal hacking attempts.

Today, data is typically secured by applying a set of security layers over a centralized SQL database system. Hackers have mastered gaining access to these one dimensional systems. Security layers can usually be circumvented, no matter how many are used.

ZenithVault Key Capabilities

Data-splitting is performed at the bit level, which is more secure than splitting whole words or phrases. For example, instead of a whole word or credit card number being stored on one server, random bits of them are distributed among multiple servers. This is the key reason why breaching a single server is no longer a security threat. With ZenithVault, hacker intrusion to one server means only access to random meaningless and garbled bits of partially encrypted data. Attackers would have to simultaneously breach at least three geographically distant servers with each running different OSes and application environments. This is just to be able to view the entire encrypted secret, let alone try to piece it back together again. The more servers deployed, the greater the degree of security.

Another security feature is that the ZenithVault servers only send out data bits associated with the appropriate user password. These passwords are also subject to data splitting and encryption. ZenithVault is limitless in scalability. The more servers you add to the cluster, the higher the security and storage capacity it achieves, without affecting performance.

"We were inspired by the method employed by the United States government in securing its nuclear missile launch codes," said Mihai Motocu, CTO of ZenithSecure. "It's a technique known as 'secret sharing' where multiple secrets have to be combined together at the same time to gain access. This method has been known for decades and is mathematically proven to be highly secure. It's at the heart of ZenithVault and is an excellent defense against brute force, zero day and other malicious hacker attacks."

Three ZenithVault Products

Currently there are three versions of ZenithVault being offered: ZenithVault Freeware, ZenithVault Enterprise and ZenithVault SaaS (Software as a Service). ZenithVault is implemented within an existing application, in parallel with its database. The integration is easily accomplished using any programming language and can be deployed within a single day. It has no impact on any customer or user experience and it has no visibility at the application level.

ZenithVault Freeware offers data encryption using a customer's password and full brute force attack protection by locking itself down when attacked. It uses at least three servers and can store information as binary data up to 10MB per entry. It is trusted platform module compatible and features SSL data encryption. It is compatible with Java, Python&trade, PHP, Ruby&trade, C# and other programming languages.

"We want to contribute to a safer electronic world by helping protect consumer, company and government data," Motocu added. "This includes small and medium sized businesses. This is why we're offering the Freeware version. It ensures all organizations can immediately deploy better data security than they currently have."

ZenithVault Enterprise and ZenithVault SaaS are for organizations requiring advanced, customized security measures without sacrificing functionality. This includes ecommerce, small and large enterprises, and governments. Enhanced features include complete data redundancy, high availability and custom data flow or API integration. To ensure redundancy and high data availability, geographical storage instance scattering requires at least five servers. Enterprise and SaaS also feature advanced elliptic curve/Diffie-Hellman encryption in order to avoid Man-in-the-Middle (MITM) attacks. They also have the ability to handle an unlimited size of large data objects. Enterprise and SaaS offer an improved data flow model. Billing data is forwarded from the storage nodes straight to the payment gateways or other custom APIs. From the unsafe application the data is transferred to the storage node and then is sent out for processing. This one-way data flow reduces the risk of breaches to almost zero. Finally, Enterprise and SaaS versions can be managed from custom-built, read-only operating systems.

Pricing and Availability

All three ZenithVault versions are now available. ZenithVault Freeware is free and can be immediately downloaded here. ZenithVault Enterprise and ZenithVault SaaS pricing models are structured according to specific client requirements and their configuration needs. Learn more by clicking here. ZenithVault Enterprise and ZenithVault SaaS provide the same features. The difference is the SaaS version is a managed solution that ZenithSecure provides for customers.

About ZenithSecure

ZenithSecure&trade focuses on full-service security software and data security services. ZenithVault&trade is the company's flagship product. It is the industry's strongest database security solution available today. By using secret sharing techniques ZenithVault's unrivaled data protection is essential for secure credit card storage and storage of other sensitive information. In addition to advanced database firewall solutions, ZenithSecure has other industry-leading security applications under development. The company's security services include software development, security integration and consulting as well as technical support services. ZenithSecure is a subsidiary of privately-held Agilio&trade Software and has offices in Transylvania, Romania and London, England. More information about ZenithSecure is available at

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I agree wtih you!
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.