Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

6/9/2021
10:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Waverley Labs Launches RESILIANT Essential to Zero Trust Model

RESILIANT software-defined perimeter positioned as the preferred method of securing applications and services in a perimeter-less environment.

WASHINGTON – June 3, 2021 — Building on its position as a pioneer and leading provider of Software-Defined Perimeter (SDP) solutions for the Federal Government, Waverley Labs today announced the launch of a new company – RESILIANT™– (www.RESILIANT.com).

To achieve zero trust, the “never trust, always verify” mandate, organizations must adopt processes and technology to make their “trust but verify” network security architectures more resilient. RESILIANT SDP (software defined perimeter) provides an overlay to an in-place network security architecture by deploying a “trust zone”. The RESILIANT trust zone provides assurance that services in the zone are protected from attacks.

RESILIANT SDP gateway is  service specific and provides  an internet scale, deny all packet filter which dynamically enforces policies to control which authorized  users with  validated devices, located anywhere, may access a service. The RESILIANT SDP controller is the policy decision point designed to authenticate and authorize users and their devices. The gateway dynamically enforces the policy and admits only credentialed users into the RESILIANT trust zone.

Unlike other solutions, the RESILIANT architecture enables the separation of the control plane from the data plane or policy decision from enforcement to provide full visibility into all connections into the Trust Zone. Policies that cannot be enforced cannot protect services. Protected services in the RESILIANT trust zone are effectively hidden from the internet, leaving attackers and unauthorized users abandoned outside the gateway.

RESILIANT enables IT security to pivot away from VPNs and aging network centric infrastructure to an API based architecture implemented at the application layer. DEVOPS can define a RESILIANT-ready gateway to secure CI/CD for operations. Enterprises using RESILIANT effectively reduce the number of successful attacks by deploying the invisible trust zones and admit only credentialed users using validated devices even while attacks are ongoing.

“McAfee is pleased to welcome RESILIANT to its Security Innovation Alliance, where partner integrations help build upon a Zero Trust approach to security,” said Alex Chapin, McAfee Vice President of Department of Defense and Intelligence Community. “Technologies like RESILIANT’s service-specific gateway are key to creating a Zero Trust architecture, which in turn is essential for protecting government agencies. Recent breaches have shown how critical Zero Trust principles – as well as a data-centric approach to security – are for the public sector.”

Since 2015, Waverley Labs has been leading the reimagining of the network perimeter as a primary defensive posture for securing the enterprise. Where network perimeters grant network access without authorizing application/service access, NIST advocates the Zero Trust model as a more effective and efficient security strategy.

Following NIST’s guidance, Waverley Labs began developing and contributing innovation to the open-source project for Software Defined Perimeter (SDP) initiated by the Cloud Security Alliance.

“Juanita Koilpillai has played an integral role in the Cloud Security Alliance’s development of reference architecture for the software defined perimeter,” said Jim Reavis, Chief Executive Officer, Cloud Security Alliance. “Her passion and dedication to maturing software defined perimeter (SDP) benefits all the members of the Alliance and is evident in the Zero Trust SDP her company is launching today. She understands the challenges and importance of overlaying traditional network security with a software defined perimeter as more applications and services move to the cloud.”

RESILIANT is the culmination of five years of R&D by Waverley Labs.  Waverley Labs incubated SDP and now, after completing   successful implementations by high profile federal agencies,  commercial SaaS, and service providers, Waverley Labs is launching  RESILIANT, the company, to rapidly commercialize SDP. The launch marks the next stage in positioning the RESILIANT SDP as the preferred method of securing applications and services in a perimeter-less environment.

Juanita Koilpillai, Founder and CEO, describes RESILIANT’s API based ability to limit unauthorized access: “RESILIANT leverages information in the enterprise systems of record for user devices and services. The RESILIANT controller provisions the gateway to enforce the policies at scale. The RESILIANT gateway dynamically verifies the SPA (single packet authorization) and integrates into each service or application. This dual process of setting policy and separately enforcing policy provides an instant view of all connections and the ability to drop them even after they are already established.”

RESILIANT is positioned for rapid growth as a deny-all, authenticate first solution that is simple to deploy.  Three reliable use cases include:

  • Protects all network models including 5G; prevents data exfiltration from known attacks such as ransomware, credential theft, DDoS, phishing, man-in-the-middle, and more.
  • The RESILIANT design benefits DevOps, enabling applications to move quickly from developers to end users by eliminating lengthy security reviews. RESILIANT benefits from Waverley Labs’ participation in the Red Hat OpenShift development program.
  • Available integration with any of the zero trust platforms provide many network-centric offerings  the capability to dynamically enforce security policy at the application layer.

About RESILIANT

RESILIANT provides an innovative Software-Defined Perimeter, the software as a service essential to achieving the Zero Trust model as defined by NIST. RESILIANT is unique in its ability to protect services in the RESILIANT Trust Zone by hiding services from the internet and leaving attackers and unauthorized users abandoned outside the Zone. The key to the effectiveness of the RESILIANT SDP is its ability to separate the control plane where policy decisions are made from the data plane where policies are enforced. This separation is essential to enforcing policies and controlling connections even in highly adaptive environments where services reside on multiple clouds. RESILIANT continues to collaborate with the Cloud Security Alliance and NIST to provide thought leadership for creating new and effective cybersecurity and digital risk management solutions. For more information visit http://www.RESILIANT.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.