September 29, 2015
Department of Homeland Security (DHS) Supporting Waverley Labs’ “Black Cloud” to Prevent DDoS Attacks
Waverley Labs, a leading provider of digital risk management software and services, today announced that it has been selected by the Department of Homeland Security (DHS) and Technology Doctorate (S&T) to develop an industry-first open source Software Defined Perimeter (SDP) to defend against large and sophisticated Distributed Denial of Service (DDoS) attacks.
The project titled “An Open Source Project for a Software-Defined Perimeter to Defend Cloud Apps from DDoS” was awarded through Broad Agency Announcement HSHQDC-14-R-B00017 and will become part of the DHS S&T Cyber Security Division’s larger Distributed Denial of Service Defenses (DDoSD) program.
Protecting cloud and critical infrastructure applications against remote surveillance and denial of service is one of the most difficult challenges facing the Federal government today. Waverley Labs’ open source approach to SDPs is emerging as a key component in a new security paradigm for protecting application’s infrastructure in enterprises and large government organizations.
SDP is based on a strong security model that only allows TCP connections from pre-authorized users and their devices. Moreover, SDP issues user level access at the port/protocol level (after user authentication using a one-time use token) to ensure connections cannot be re-tasked or hijacked or authentication credentials used by unauthorized users. Agencies are looking to SDPs as new approach to securing cloud and critical infrastructure applications as it allows them to customize a SDP implementation to their unique agency requirements — this includes all aspects of security from certificates, cyphers, identity systems, monitoring, management etc. Federal agencies can then “wrap” their apps with an SDP service to ensure both security as well as secure workflow.
The unique SDP specification and associated “security layers” is evolutionary in that it builds upon three proven controls such as the “need to know” access model used by US government agencies, device verification using SPA (Single Packet Authorization) and Mutual Transport Layer Security promoted by NIST. The Software Defined Perimeter is also revolutionary in that it extends the protection to the boundary that is changing with the growing use of mobile devices and the Internet of Things (IoT). More importantly, the SDP security model has been tested and proven to stop all forms of network attacks including credential theft, denial of service, and server exploitation that have plagued organizations for decades and continue to with increasing intensity.
Commercial SDPs have already been deployed by leading enterprises such as Coca-Cola and they continue to be tested in organized industry “hackathons” with an estimated 10 billion attempts — all unsuccessful.
Waverley Labs, the Cloud Security Alliance (CSA), a non-profit organization that promotes security best practices for the cloud, and Vidder, Inc. have been working closely to develop an open source approach to the SDP.
“The primary objective of the SDP is to make the application infrastructure effectively invisible or ‘black’ by eliminating (DNS) information or IP addresses,” said Juanita Koilpillai, Founder & CEO of Waverley Labs. “SDPs establish an undetectable application infrastructure by changing the historical paradigm and establishing communications with only authorized users rather than communicating with anyone seeking access. Conceptually we’re using SDP to create an Internet-scale Firewall leveraging the connectivity and compute power of the public cloud. An SDP based Firewall provides the government huge cyber security benefits at minimal cost.”
“We are already seeing success with commercial SDP deployments by Global 100 corporations and we are pleased to see Waverley Labs advancing open source development of SDP for the Federal Market,” said Jim Reavis, CEO of the Cloud Security Alliance. “We believe that Federal agencies will find many applications for this DHS-funded SDP project in protecting both legacy IT assets and cloud services of all classification levels.”
“We are excited to support DHS’s efforts to evaluate SDP as a strategy to stop remote surveillance and denial of service of US government assets,” said Junaid Islam Co-Chair of the SDP Workgroup of the Cloud Security Alliance, and President of Vidder, Inc.
Waverley Labs is in discussions with a variety of Federal and commercial organizations about similar SDP initiatives.