Firewalls are out; hyperawareness of where data is flowing across networks and endpoints is in. The brand new Unisys Stealth(aware) platform takes a page from the CIA’s playbook, zeroing in on what micro-nodes are carrying sensitive data and making sure that they’re bulletproof. We have all of the details.
When the cybersecurity going gets tough, the tough take a page out of the CIA’s playbook in protecting a consumer’s sensitive cardholder and personal information data.
That’s what the global security team at Unisys hopes, anyway. Tom Patterson, chief trust officer and VP of global security at Unisys, and Rodney Sapp, VP of security and cloud product management at Unisys, briefed Karen Webster on the ins and outs of its brand new cloud-based cybersecurity platform, Stealth(aware), which has its roots in the firm’s work with the agency that the government entrusts to keep its most sensitive data safe.
“It kind of came out of a services engagement with our federal division,” said Sapp, who noted that the government wanted a way to communicate over the public internet, in any location in the world, including enemy space. “We came up with this idea of not just the fortress approach, but … we’re going to conceal, we are going to encrypt and this is going to be different.”
What Patterson and Sapp said makes Stealth(aware) unique is that it lets enterprises do two things that are pretty tough (and/or expensive) to do: map data flows across vast enterprise endpoints to determine what sensitive data gets passed — or, more appropriately, needs to get passed — to which endpoints and, in so doing, reducing the PCI scope and burden on the enterprise. Stealth(aware) does this by micro-segmenting and then parsing data that flows to and from those endpoints, dialing up security protocols across different parts of that network as needed. Think of it as micromanaging security, to the level that security can go where it is needed most, to the points of higher traffic and higher value transactions. Rather than building a gigantic firewall around everything, Stealth(aware) zeroes in on the parts of the network that need bulletproofing and makes sure that they are.
Patterson and Sapp believe that Stealth(aware) is probably the best way to manage the PCI process within a company and do it in an almost automatic and cost-effective way. Typically, Sapp said, doing that requires a lot of experts to come into a firm (physically) and analyze data flows. Stealth(aware) has been built with significant layers of artificial intelligence in the platform itself, which means that firms can go in and, “within a matter of minutes, map out, in a safe way,” how sensitive data should travel across the network. The client can review the recommendation, and “with the push of a button,” the platform will deploy the chosen security policies, with users choosing different levels of enforcement akin to “turn[ing] a knob.” In one example regarding the speed of deployment, Sapp cited a case where the firm did 3,000 endpoints across 200 network flows in a five-minute timeframe.
In getting the platform deployed, Sapp said that Stealth(aware) “will go out, discover the infrastructure, all the different endpoints and the data flows between all those different endpoints, and that is phase one. Phase two is using the data and intelligence … to group things in like categories … such as web servers, app servers or database servers … and it will come back then and recommend your security policy.”
Such microsegment and data flow streamlining, he believes, is rather groundbreaking for the payment card industry.
Any organization with its own infrastructure, in the old days, he said, could keep things secure because everything happened within their own four walls. Today, because of the way businesses run, there are no walls, Sapp emphasized. The networks have to connect directly to the processors, and their suppliers and all of the groups have to be integrated. What enterprises have found, he said, is that cordoning off PCI data in such an open business environment that these companies don’t control is tough.
Against that backdrop, Patterson said, Stealth(aware) allows for data to be mapped across flows through public clouds or private mobile networks. Such efficient data tracking, said Patterson, can help firms reduce their efforts to satisfy audit activities.
Patterson also noted that Stealth(aware) is a whole new way for enterprises to work with data.
“Acquirers and retailers are separate, and to make them work together, firms had to set up encrypted tunnels and cumbersome key exchanges, with the result that there wasn’t much integration. It was almost like bulk transfer that was automated,” Patterson emphasized. “Now, with Stealth(aware), there’s a simpler, much less expensive way to include not the entire processor but the bits of the server that need to be in that same group.”
Sapp offered that the overarching theme behind Stealth(aware) is one that conceals endpoints and mobile devices from people and enterprises (read: would-be evildoers) that don’t need to see them or know that they are there.
“The idea is that we are concealing the asset, the application and the data on them from people who are not supposed to see them,” Sapp said.