Perimeter
7/2/2013
06:40 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

ZenithSecure Intros 'Hack-Resistant' Database

ZenithVault database accomplishes its advanced security primarily with automated data-splitting

July 2, 2013 - ZenithSecure&trade has launched the world's most secure database solution which makes it practically impossible for hackers to gain access to storage systems and disable or steal confidential information. The ZenithVault&trade database leverages automated secret sharing techniques to deliver the most secure database available today. It protects from cyber-attacks sensitive data such as credit card numbers. It is also ideal to protect personal data, financial documents, government secrets, patents, patient records and more.

The ZenithVault database accomplishes its advanced security primarily with automated data-splitting. First it encrypts data with the user's defined password as the encryption key. After this process, automated data-splitting occurs and the split data is then distributed across multiple servers and geographies using SSL or Diffie-Hellman/Elliptic curve transport encryption. The transport encryption type is based on the ZenithVault version in use. Each storage server is running a different operating system (OS). The use of different OSes per server defends against zero day attacks and/or OS exploits. This exclusive secret-sharing technique creates the most secure database available today. No longer does a single server breach mean compromised data. ZenithVault represents the most secured database against external or internal hacking attempts.

Today, data is typically secured by applying a set of security layers over a centralized SQL database system. Hackers have mastered gaining access to these one dimensional systems. Security layers can usually be circumvented, no matter how many are used.

ZenithVault Key Capabilities

Data-splitting is performed at the bit level, which is more secure than splitting whole words or phrases. For example, instead of a whole word or credit card number being stored on one server, random bits of them are distributed among multiple servers. This is the key reason why breaching a single server is no longer a security threat. With ZenithVault, hacker intrusion to one server means only access to random meaningless and garbled bits of partially encrypted data. Attackers would have to simultaneously breach at least three geographically distant servers with each running different OSes and application environments. This is just to be able to view the entire encrypted secret, let alone try to piece it back together again. The more servers deployed, the greater the degree of security.

Another security feature is that the ZenithVault servers only send out data bits associated with the appropriate user password. These passwords are also subject to data splitting and encryption. ZenithVault is limitless in scalability. The more servers you add to the cluster, the higher the security and storage capacity it achieves, without affecting performance.

"We were inspired by the method employed by the United States government in securing its nuclear missile launch codes," said Mihai Motocu, CTO of ZenithSecure. "It's a technique known as 'secret sharing' where multiple secrets have to be combined together at the same time to gain access. This method has been known for decades and is mathematically proven to be highly secure. It's at the heart of ZenithVault and is an excellent defense against brute force, zero day and other malicious hacker attacks."

Three ZenithVault Products

Currently there are three versions of ZenithVault being offered: ZenithVault Freeware, ZenithVault Enterprise and ZenithVault SaaS (Software as a Service). ZenithVault is implemented within an existing application, in parallel with its database. The integration is easily accomplished using any programming language and can be deployed within a single day. It has no impact on any customer or user experience and it has no visibility at the application level.

ZenithVault Freeware offers data encryption using a customer's password and full brute force attack protection by locking itself down when attacked. It uses at least three servers and can store information as binary data up to 10MB per entry. It is trusted platform module compatible and features SSL data encryption. It is compatible with Java, Python&trade, PHP, Ruby&trade, C# and other programming languages.

"We want to contribute to a safer electronic world by helping protect consumer, company and government data," Motocu added. "This includes small and medium sized businesses. This is why we're offering the Freeware version. It ensures all organizations can immediately deploy better data security than they currently have."

ZenithVault Enterprise and ZenithVault SaaS are for organizations requiring advanced, customized security measures without sacrificing functionality. This includes ecommerce, small and large enterprises, and governments. Enhanced features include complete data redundancy, high availability and custom data flow or API integration. To ensure redundancy and high data availability, geographical storage instance scattering requires at least five servers. Enterprise and SaaS also feature advanced elliptic curve/Diffie-Hellman encryption in order to avoid Man-in-the-Middle (MITM) attacks. They also have the ability to handle an unlimited size of large data objects. Enterprise and SaaS offer an improved data flow model. Billing data is forwarded from the storage nodes straight to the payment gateways or other custom APIs. From the unsafe application the data is transferred to the storage node and then is sent out for processing. This one-way data flow reduces the risk of breaches to almost zero. Finally, Enterprise and SaaS versions can be managed from custom-built, read-only operating systems.

Pricing and Availability

All three ZenithVault versions are now available. ZenithVault Freeware is free and can be immediately downloaded here. ZenithVault Enterprise and ZenithVault SaaS pricing models are structured according to specific client requirements and their configuration needs. Learn more by clicking here. ZenithVault Enterprise and ZenithVault SaaS provide the same features. The difference is the SaaS version is a managed solution that ZenithSecure provides for customers.

About ZenithSecure

ZenithSecure&trade focuses on full-service security software and data security services. ZenithVault&trade is the company's flagship product. It is the industry's strongest database security solution available today. By using secret sharing techniques ZenithVault's unrivaled data protection is essential for secure credit card storage and storage of other sensitive information. In addition to advanced database firewall solutions, ZenithSecure has other industry-leading security applications under development. The company's security services include software development, security integration and consulting as well as technical support services. ZenithSecure is a subsidiary of privately-held Agilio&trade Software and has offices in Transylvania, Romania and London, England. More information about ZenithSecure is available at http://www.zenithsecure.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant