06:40 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly

ZenithSecure Intros 'Hack-Resistant' Database

ZenithVault database accomplishes its advanced security primarily with automated data-splitting

July 2, 2013 - ZenithSecure&trade has launched the world's most secure database solution which makes it practically impossible for hackers to gain access to storage systems and disable or steal confidential information. The ZenithVault&trade database leverages automated secret sharing techniques to deliver the most secure database available today. It protects from cyber-attacks sensitive data such as credit card numbers. It is also ideal to protect personal data, financial documents, government secrets, patents, patient records and more.

The ZenithVault database accomplishes its advanced security primarily with automated data-splitting. First it encrypts data with the user's defined password as the encryption key. After this process, automated data-splitting occurs and the split data is then distributed across multiple servers and geographies using SSL or Diffie-Hellman/Elliptic curve transport encryption. The transport encryption type is based on the ZenithVault version in use. Each storage server is running a different operating system (OS). The use of different OSes per server defends against zero day attacks and/or OS exploits. This exclusive secret-sharing technique creates the most secure database available today. No longer does a single server breach mean compromised data. ZenithVault represents the most secured database against external or internal hacking attempts.

Today, data is typically secured by applying a set of security layers over a centralized SQL database system. Hackers have mastered gaining access to these one dimensional systems. Security layers can usually be circumvented, no matter how many are used.

ZenithVault Key Capabilities

Data-splitting is performed at the bit level, which is more secure than splitting whole words or phrases. For example, instead of a whole word or credit card number being stored on one server, random bits of them are distributed among multiple servers. This is the key reason why breaching a single server is no longer a security threat. With ZenithVault, hacker intrusion to one server means only access to random meaningless and garbled bits of partially encrypted data. Attackers would have to simultaneously breach at least three geographically distant servers with each running different OSes and application environments. This is just to be able to view the entire encrypted secret, let alone try to piece it back together again. The more servers deployed, the greater the degree of security.

Another security feature is that the ZenithVault servers only send out data bits associated with the appropriate user password. These passwords are also subject to data splitting and encryption. ZenithVault is limitless in scalability. The more servers you add to the cluster, the higher the security and storage capacity it achieves, without affecting performance.

"We were inspired by the method employed by the United States government in securing its nuclear missile launch codes," said Mihai Motocu, CTO of ZenithSecure. "It's a technique known as 'secret sharing' where multiple secrets have to be combined together at the same time to gain access. This method has been known for decades and is mathematically proven to be highly secure. It's at the heart of ZenithVault and is an excellent defense against brute force, zero day and other malicious hacker attacks."

Three ZenithVault Products

Currently there are three versions of ZenithVault being offered: ZenithVault Freeware, ZenithVault Enterprise and ZenithVault SaaS (Software as a Service). ZenithVault is implemented within an existing application, in parallel with its database. The integration is easily accomplished using any programming language and can be deployed within a single day. It has no impact on any customer or user experience and it has no visibility at the application level.

ZenithVault Freeware offers data encryption using a customer's password and full brute force attack protection by locking itself down when attacked. It uses at least three servers and can store information as binary data up to 10MB per entry. It is trusted platform module compatible and features SSL data encryption. It is compatible with Java, Python&trade, PHP, Ruby&trade, C# and other programming languages.

"We want to contribute to a safer electronic world by helping protect consumer, company and government data," Motocu added. "This includes small and medium sized businesses. This is why we're offering the Freeware version. It ensures all organizations can immediately deploy better data security than they currently have."

ZenithVault Enterprise and ZenithVault SaaS are for organizations requiring advanced, customized security measures without sacrificing functionality. This includes ecommerce, small and large enterprises, and governments. Enhanced features include complete data redundancy, high availability and custom data flow or API integration. To ensure redundancy and high data availability, geographical storage instance scattering requires at least five servers. Enterprise and SaaS also feature advanced elliptic curve/Diffie-Hellman encryption in order to avoid Man-in-the-Middle (MITM) attacks. They also have the ability to handle an unlimited size of large data objects. Enterprise and SaaS offer an improved data flow model. Billing data is forwarded from the storage nodes straight to the payment gateways or other custom APIs. From the unsafe application the data is transferred to the storage node and then is sent out for processing. This one-way data flow reduces the risk of breaches to almost zero. Finally, Enterprise and SaaS versions can be managed from custom-built, read-only operating systems.

Pricing and Availability

All three ZenithVault versions are now available. ZenithVault Freeware is free and can be immediately downloaded here. ZenithVault Enterprise and ZenithVault SaaS pricing models are structured according to specific client requirements and their configuration needs. Learn more by clicking here. ZenithVault Enterprise and ZenithVault SaaS provide the same features. The difference is the SaaS version is a managed solution that ZenithSecure provides for customers.

About ZenithSecure

ZenithSecure&trade focuses on full-service security software and data security services. ZenithVault&trade is the company's flagship product. It is the industry's strongest database security solution available today. By using secret sharing techniques ZenithVault's unrivaled data protection is essential for secure credit card storage and storage of other sensitive information. In addition to advanced database firewall solutions, ZenithSecure has other industry-leading security applications under development. The company's security services include software development, security integration and consulting as well as technical support services. ZenithSecure is a subsidiary of privately-held Agilio&trade Software and has offices in Transylvania, Romania and London, England. More information about ZenithSecure is available at

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-10-20
The Coca-Cola FM Guatemala (aka application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 2014-10-20
The Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 2014-10-20
The Mitsubishi Road Assist (aka application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 2014-10-20
The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 2014-10-20
The Vineyard All In (aka com.wVineyardAllIn) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.