Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/3/2020
05:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

DHS Awards $1 Million Phase 2 Contract to Waverley Labs to Deploy the Dynamic AccessID (TM) Network

Next generation software-defined perimeter ICAM solution to support crisis and emergency managers to conduct identity proofing on the fly.

WASHINGTON – August 3, 2020 — – Waverley Labs, a pioneer in Software Defined Perimeters (SDP) and digital risk reduction solutions, today announced it has been awarded a $1 million contract from the Department of Homeland Security (DHS) Science and Technology Directorate’s (S&T) Small Business Innovation Research (SBIR) program.

Following the Phase 1 development of a prototype for use of state issued drivers’ licenses, Phase 2 is to deploy Waverley Labs’ Dynamic AccessIDTM Network, to improve identity proofing on the fly for crisis and emergency managers.

During an emergency, Incident Managers are challenged in their ability to rapidly proof identities with valid credentials for first responders to access systems of interest (e.g. visitor systems, camera systems etc.). Existing ICAM solutions are closed, place onerous restrictions on the trust mechanism, do not account for mobile environments and are static in nature.

Currently it is difficult to onboard systems that use federated credentials from untrusted parties. The Dynamic AccessIDTM Network will enable Incident Managers to quickly identify, vet and approve emergency personnel based on existing identification credentials (bring-your-own credentials or BYOC) such as a drivers’ license, government issued smart card, personal identification verification card (PIV), and first-responder-owned devices (bring-your-own-devices (BYOD).

Much like a banking ATM network where cards from other banks are accepted for cash dispensing from ATMs, Waverley Labs’ Dynamic AccessIDTM Network is the first commercial infrastructure that provides the ability to dynamically associate disparate credentials and devices with first responder systems and physical security systems. 

During emergencies, systems of interest that leverage Waverley Labs’ Software Defined Perimeter for protection, can accept certificates issued by the Incident Manager for dynamic access to these systems ONLY for that emergency. The Dynamic AccessIDTM Network will not only provide a multi-jurisdictional trust mechanism for a specific emergency, but also the ability to securely on-board first responders to use said emergency systems. Once implemented it will have proved the much needed identity proofing capability for any Zero Trust implementation for successful commercialization.

“For the first time, crisis and emergency managers can standup secure ephemeral networks, dynamically federate participants and onboard privately-owned systems on-the-fly while ensuring that access control continues to be managed by the system owners,” said Juanita Koilpillai, Founder of Waverley Labs.  “This much needed ability to proof identities as part of the ICAM process represents the last mile in achieving a true Zero Trust solution.

In addition to delivery of the Dynamic AccessIDTM Network, Phase 2 will enlist participation and testing of the network with government organizations and commercial enterprises.

“The early and current ICAM systems are long overdue for improvements and modernization. For emergencies, federation and managing access based upon ICAM guidelines remains non-existent,” said Jeff Friedman, Chief Executive Officer of Building Intelligence. “Waverley Lab’s development of the Dynamic AccessID Network is not only a brilliant and important breakthrough for emergency services, it will ultimately save lives and protect first responders. For many industries, Dynamic AccessID has many broader applications.”

To learn more about identity proofing and reducing risk using the SDP check out this white paper. Waverley Labs worked closely with the Cloud Security Alliance (CSA) to develop the first commercial SDP specification and recently co-authored the CSA’s new white paper – Software Defined Perimeter and Zero Trust.

About Waverley Labs

Waverley Labs is a leading provider of digital risk management software and services that helps large organizations reduce their exposure to digital risk. Its products and services range from the industry’s first open source software defined perimeters (SDPs) for large federal agencies, to the assessment, quantification, and mitigation of digital risk from the business perspective. Waverley Labs worked closely with the Cloud Security Alliance (CSA) to develop the first commercial SDP specification and recently co-authored the CSA’s new Software-Defined Perimeter (SDP) Architecture Guide.

Waverley Labs works closely with NIST and the Cloud Security Alliance to provide thought leadership in digital risk management. For more information visit http://www.waverleylabs.comor call (800) 401-5180.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.