Frequently Asked Questions

CyphreLink provides military-grade data security protection for sensitive and proprietary information transiting any network. Operating over any IP-based network, this powerful solution provides virtually unassailable encryption for data in-transit using encryption keys that are never stored in memory, making it nearly impossible for an attacker to compromise. Designed for industrial control systems (ICS) and secure networking over any mobile, satellite or terrestrial network, CyphreLink technology uses half of the overhead of a typical IPSec VPN implementation.

CyphreLink secures network connections between two or more sites via deployment of a military grade, hardware-based encryption solution at each protected site. CyphreLink is easily incorporated into an enterprise’s existing data protection technologies as a service or licensed appliance. Serving as a unifying management solution, CyphreLink offers hardened security that reduces man-in-the-middle (MITM) attacks and unauthorized eavesdropping, while expanding the abilities of an organization to leverage virtually any network efficiently and cost-effectively.

CyphreLink is powered by BlackTIE®, a differentiated and patented technology that offers hardware-driven encryption to protect data in transit. With BlackTIE embedded in the silicon of a CyphreLink appliance, keys are never readable or exposed in plaintext to the host CPU, operating system, application software, or memory, completely isolating the generation and storage of all cryptographic materials and operations. This provides unmatched security when compared to typical firewall implementations that use pre-shared keys or key and certificate credentials that are stored in memory and easily compromised by sophisticated and persistent attacks.

Yes! In a few ways:

• Operating over any IP-based network, CyphreLink is easily deployed and can replace costly dedicated and MPLS circuits.
• CyphreLink removes the difficulty of managing encryption. Once installed there is no required maintenance required unless new functionality is released.
• There is no additional staffing required to operate. Set it and forget it!
• Unlike other solutions that use a lot of bandwidth, comparison tests have shown that CyphreLink actually returns bandwidth in a network link for other applications to use.
• Avoid costly fines from regulators with encryption solutions like CyphreLink

CyphreLink operates over IP and is agnostic to the underlying layer-2 data transport layer (VSAT, MPLS, Ethernet, broadband, mobile, etc.) to ensure customers can create a secure connection across and between practically all network types.

CyphreLink appliances are deployed at each site on a network (e.g. office, pumping station, refinery, manufacturing facility, and data center). CyphreLink encrypts data-in-transit using BlackTIE, Cyphre’s patented encryption key protection technology. CyphreLink can be configured for site-to-site (“point to point”), site-to-multisite tunnels (“hub and spoke”), and multi-site-to multi-site (“mesh”) network.

Cyphre exceeds current security protocols and policies by protecting keys within a hardware-based secure enclave. Keys are never stored in memory and very difficult to compromise. Many networks are vulnerable to known CVE vulnerabilities, use of pre-shared keys, and unencrypted hashes. Even with a firewall and VPN service in place, companies may be vulnerable to attack.

• For applications SSL or TLS – Depending upon the version of the SSL and/or TLS protocols being used, there are well-known vulnerabilities that the average hacker can exploit. Antiquated variants of these protocols are still in use by network engineers, who assume they’re protected from attacks, which is not the case. CyphreLink can improve the authentication assurance level of SSL and TLS connections and protect against “man in the middle” attacks and eavesdropping by hiding the keys within silicon and never exposing them in memory.
• For remote access – Secure remote access requires a high level of management and administration overhead for updating passwords, pushing software updates, managing devices, and administering network access controls. Installing CyphreLink alleviates this complication by protecting keys in silicon and automating key rotation. This results in lower operational costs and risk.

Scenario 1: Sensor Data

If the network is compromised in an area that is not secured by CyphreLink, such as sensor data sending information to a CyphreLink appliance, then CyphreLink is unable to protect data traveling across that portion of the network. The attacker could compromise data prior to reaching the ingress port of the CyphreLink appliance.

Scenario 2: Device and Data-at-Rest

If the CyphreLink appliance is compromised, the encryption keys are held in hardware and unable to be accessed. While certain data and firmware could be compromised, all encrypt/decrypt operations and keys used by CyphreLink are held in hardware and never moved to memory. Even with physical access to the device, an attacker would not be able to compromise the keys.

Scenario 3: Data-in-Transit.

CyphreLink encrypts all data traveling between CyphreLink secured locations. While data could be sniffed, that data will be encrypted and unreadable. To add further security to that data, the keys used to secure the data are rotated hourly. These keys are held in hardware, never exposed to memory, and cannot be obtained by a malicious actor.

When it comes to securing IP based data traffic, SSL/TLS (Secure Sockets Layer / Transit Layer Security) is the principal standard used. Using standard Public Key Infrastructure (PKI) for protecting data in transit, CyphreLink addresses an inherent weakness within PKI based approaches – protecting the actual encryption keys used to encrypt and decrypt the data traffic.

CyphreLink enhances standard SSL/TLS encryption sessions that protect your data in transit by providing encryption for data in-transit, network certificates, and encryption keys from any end-point and across any access network. This is achieved by establishing a highly-secure connection between trusted endpoints.

CyphreLink leverages a specialized chipset with a dedicated security engine to offload cryptographic operations outside of host CPU and system memory – two of the most common entry points for cyber criminals.  As a result, CyphreLink reduces the attack surface for your business.

The CyphreLink product is KMIP-compliant and FIPS 140-2 Level 1 validated, simplifying compliance with security requirements such as PCI, HIPAA, SOC, ISO, etc. The FIPS 140-2 standard is coordinated and specified by the U.S. National Institute of Standards and Technology or NIST.