Castle Shield: Strengthening Cybersecurity with Quantum-Resistant Architecture

Dr. Milton Mattox, Chief Technology Officer
How far are quantum computers from becoming a ubiquitous technology? The recent developments in the quantum computing realm indicate that such a day is not far away. In fact, the world is going to witness a quantum revolution much sooner than previously stipulated.

Now, while it is positive news in terms of humankind’s next big technological leap, it also raises a few concerns in the cybersecurity realm. Some business leaders believe that once quantum computers become mainstream, it won’t be long before cyberterrorists get their hands on the advanced computers to scrape data or eavesdrop on communication. And when that happens, the cybersecurity strategies from the pre-quantum era would amount to nothing and crumble like a house of cards in the wind.

All things considered, many businesses are somewhat reluctant to upgrade their cybersecurity measures in regard to the upcoming quantum era. They believe preparing for a quantum era before it actually dawns upon us would unnecessarily trim their operational budget. But what if there is a way for the businesses to set up their cybersecurity measures for the quantum age without any additional expenses?

Enter Castle Shield.

The company has developed a “quantum-resistant architecture” (QRA) that enables its clients to deploy quantum-resistant cybersecurity solutions at a cost similar to any other contemporary cybersecurity product. “We help our clients become future-ready and safeguard themselves for the forthcoming quantum age,” states Dr. Milton Mattox, Chief Technology Officer of Castle Shield.

An Illustrated Cybersecurity Solution Suite built on QRA

According to Mattox, Castle Shield’s QRA forms the foundation for all its cybersecurity applications. The security solutions built on QRA can be broadly categorized into three distinct product lines based on their core functions, i.e. encryption, security information event management (SIEM), and regulatory compliance.

Fides, the first of the three, is quantum-resistant encryption (QRE) solution that also acts as a common element in all Castle Shield’s cybersecurity products. The QRE uses a licensed polymorphic encryption core to overlay with existing symmetric encryption algorithms and strengthen them further. For example, the QRE makes a traditional advanced encryption standard (AES) 256 as strong as AES 3092, without affecting performance. “We use the same symmetric encryption ciphers as that of the National Institute of Standards and Technology (NIST) and National Security Agency (NSA), but we wrap them with an extra layer of an algorithmic security to fortify the symmetric encryption efficacy while removing performance latencies from the clients’ hardware or application environment,” shares Mattox. Thus, even if any information is compromised, Castle Shield’s robust encryption makes it completely unusable to the attacker.

What’s more? For data in motion, in transit, or at rest, Castle Shield’s Fides solutions break the large monolithic blocks of data into small multiple independent fragments and encrypts the fragments with their own cipher-key pair. The result is data that is safe from advanced computational attacks. Fides solutions will soon leverage one or more of the post-quantum cryptography asymmetric encryption algorithms that are currently under evaluation by NIST.

The second product group, Senate, includes a compliance solution and cyber rating system that accurately monitors a business’ ecosystem and provides improved management of their assets. Businesses can use Senate to properly assess the data exchange between their third-party vendors and measure the probable financial impact should a data breach occurs. Senate can also be used to grade the vendors based on technical cyber risk score and security compliance level.

The company has developed a “quantum-resistant architecture” (QRA) that enables its clients to deploy quantum-resistant cybersecurity solutions at a cost similar to any other contemporary cybersecurity product

Therefore, businesses can facilitate a dynamic and increased situational awareness along with mitigation strategies aligned with each vendor’s security vulnerabilities.

The final, and the centerpiece of, Castle Shield’s offering is a multi-tenant SIEM logging and analytics software called Legion. It is specifically engineered for managed service providers (MSPs) and managed security service providers (MSSPs). Built as a functional business solution, Legion helps MSPs and MSSPs effortlessly take in disparate data from multiple sources and correlate it with the clients’ data sets. With a single pane of glass analysis to monitor and handle numerous environments, MSPs/MSSPs can visualize and mitigate threats across their distributed networks.

Going a step ahead of other SIEMs in the market, Legion also provides much more data telemetry with the help of Fides and Senate. Together, the trio of solutions holds the ability to thwart cybersecurity threats and ensure enterprise-wide compliance rather than just reporting the security information events. As a result, they improve an MSP/MSSP’s customer satisfaction level and control over their business.

Crafting Tangible Benefits

Such an approach to cybersecurity has undoubtedly helped Castle Shield become a burgeoning market leader in this space. As an example, Castle Shield is working with a new client who is in the managed security services provider (MSSP) space. The client is running Castle Shield’s SIEM product to keep track of the security information events occurring across the client’s enterprise. As security information events are aggregated at the client’s site and data center, the information is then sent to the Castle Shield cloud-based SIEM server. As an extra layer of security, Castle Shield uses its Aeolus VPN data-in-motion product to establish a secure, encrypted connection between the client’s server and the Castle Shield cloud server. This way, the client’s security information events are kept safe and secure as the information is in transit between servers.

“At Castle Shield, we believe strongly that sensitive and confidential data should be encrypted as much and often as possible. Even security information events should be encrypted before they are transmitted to the collection server so that the data is not compromised,” says Mattox.

Striding ahead with similar success stories, Castle Shield aims to bring quantum-resistant data security solutions to the masses in a very cost-effective way. Castle Shield is actively seeking to help healthcare providers, doctors, and nurses communicate safely with each other with its secure, private, and safe chat apps. At the same time, the company ensures the healthcare providers stay HIPAA compliant. Castle Shield is all set to expand in the financial as well as legal sectors. “Our roadmap consists of going beyond the normal industries that are concerned about data security and target industries that may not be thinking as much about the security and privacy of their data at this point,” concludes Mattox.

Castle Shield News

Announcing a Secure, Enterprise Data-at-rest Solution – Hypnos

Scottsville, VA - Castle Shield Holdings, LLC., announces the availability of its Hypnos secure enterprise data-at-rest solution. Hypnos secures unstructured data meant to be stored for both short and long- term use, including files on servers, hard drives, backup tapes, and other files in folders intended for general use. Organizations utilize conventional protection such as firewalls, anti-virus software, password protection, and multi-factor authentication that safeguards their IT backbone and indirectly their data-at-rest. While these traditional data security measures are helpful in preventing conspicuous intrusions, nefarious attackers often infiltrate networks through more discreet exploitation techniques such as human deception via suspicious emails or internal threats from rogue team members. Hypnos provides the last line of defense by encrypting data-at-rest whereas, in the event of a data breach, the data is secured.

Castle Shield categorizes data into four stages:

• Data-at-Rest: Data that is not currently being accessed and is stored on a logical or physical medium. This type of data can be further classified as structured and unstructured. Structured data is generally stored in database records, rows, and columns. Unstructured data includes files stored on physical or cloud-based file servers, mobile devices, flash drives, disk drives, etc.

• Data-in-Transit: Data that travels from one place to another usually through chat and text applications, emails, applications used for team collaboration, or any data exchanged through a private or public communications channel.

• Data-in-Motion: Often represented as a subset of data-in-transit, this type of data refers to data that is actively moving between two or more points via UDP or TCP- IP protocols such as a streaming video, audio, and data.• Data-in-Use: Data that is currently being accessed by one or more usersapplications for processing.

Hypnos focuses on keeping unstructured data secure, private, and safe while providing organizations the flexibility to freely move secured files from one medium to another including cloud-based long-term storage without decrypting the file. Some organizations have leveraged full disk encryption or filesystem encryption where all the data on the disk

or filesystem is encrypted. However, that approach generally only protects files while they reside on the disk. Hypnos does not have this limitation.

Recent ransomware attacks demonstrate that cyber terrorism is an ever-present threat. It’s more important now than ever to ensure that company data is secure so organizations can move towards adopting a zero-trust model. Hypnos provides enterprises with a flexible way to secure one, multiple, or all the organization’s files.

Hypnos uses a licensed symmetrical encryption algorithm called the Polymorphic Encryption Core (PEC). The PEC takes a standard encryption cipher such as the Advanced Encryption Standard (AES) and makes it much stronger by disassembling the message to be encrypted into fragments called shards. The encrypted shards created by the PEC make standard symmetric encryption ciphers stronger and quantum-resistant. The PEC carries a FIPS 140-2 validation certificate.

“Hypnos is the latest addition to our holistic approach to keeping confidential information secure, private, and safe. We recently announced our Aeolus VPN and Typhos apps that respectively keep data-in-motion and data-in-transit secure. These apps coupled with Hypnos, provide a holistic approach to protecting sensitive data today and for the burgeoning quantum era,” said Dr. Milton Mattox, Chief Technology Officer at Castle Shield.

The Hypnos Value Proposition –

• Encrypts unstructured data-at-rest.

• Protected data can be transmitted securely elsewhere.

• In the case of a data breach, files are secure.

• Users may choose to enable OTP authentication before encrypted files can bedecrypted for added security.

• Unstructured data-at-rest security is generally more flexible than Full DiskEncryption (FDE) and others.

Protecting corporate data in motion, in transit, and at rest is imperative for modern enterprises as attackers find increasingly innovative ways to compromise systems and steal data. Castle Shield is focused on providing enterprises with cost-effective ways to keep their most valued assets safe both today, tomorrow, and beyond. Hypnos is available today for general distribution.

Castle Shield

Scottsville, VA

Dr. Milton Mattox, Chief Technology Officer

The company has developed a “quantum-resistant architecture” (QRA) that enables its clients to deploy quantum-resistant cybersecurity solutions at a cost similar to any other contemporary cybersecurity product. Castle Shield’s QRA forms the foundation for all its cybersecurity applications. The security solutions built on QRA can be broadly categorized into three distinct product lines based on their core functions, i.e. encryption, security information event management (SIEM), and regulatory compliance

Castle Shield