NEW YORK, Nov. 5, 2019 /PRNewswire/ -- Unbound Tech, a global leader in software-defined cryptography, today announced a new partnership with Cryptosense, the leading supplier of security analysis software for cryptography, to further verify the security of its virtual HSM. Unbound Tech will leverage the Cryptosense Analyzer Platform (CAP) to perform automated, systematic penetration tests of its Unbound Key Control (UKC), a virtual HSM and key management solution, and Crypto-of-Things (COT) virtual crypto key management and security solution.
Through this partnership, Unbound Tech will utilize the Cryptosense Fuzzer, a mutation-based fuzzing engine, to test the Unbound Key Control (UKC) and Crypto-of-Things (COT) PKCS#11 implementations. By sending commands to a device's PKCS#11 interface and logging the responses, the Cryptosense Fuzzer will test traces of exchanges between an application and a cryptographic library to ensure these virtual appliances are properly secured in the event of a PCKS#11 API attack–one of the most common attacks on HSM and Virtual HSM devices.
"Our software enables our customers to move securely to cloud cryptography services," said Graham Steel, CEO of Cryptosense. "CAP is the only tool on the market that provides everything you need for a secure and simple migration from start to finish. Our software looks inside a running application to see what cryptography is really being used, tests the use of the cloud crypto service to check for vulnerabilities and monitors the security of the migrated application in the cloud. By partnering with Unbound, we're able to reassure our customers of the continued security of their Virtual HSM and the applications that use it."
Testing with the Cryptosense Analyzer is the latest step in a series of third-party security validations in support of Unbound's virtual HSM. In early 2019, UKC also received FIPS 140-2 Level 1 and Level 2 certification from the U.S. National Institute for Standards and Technology (NIST). They are the first and only vendor to obtain FIPS 140-2 certification for a cryptographic module that spans multiple separate machines and uses secure multiparty computation (MPC) rather than relying on physical security measures to protect keys.
"There are often misconceptions around the level of security provided and benefits of protecting encryption keys with virtual appliances versus traditional HSMs," said Guy Peer, Co-founder at Unbound Tech. "The security provided by Unbound Key Control has now been industry tested and proven to be equal to, if not better, than that provided by a physical HSM. UKC is an operational and cost-friendly alternative to hardware that provides scalable key management and secure encryption from both physical and software-based attacks, while running on any existing physical or cloud infrastructure. With Cryptosense's stamp of approval, our clients can now feel more confident in adopting this approach to securing their sensitive information."
As a software-only solution, UKC offers unique benefits not common with physical HSMs - requiring minimal effort to setup, use and maintain in a variety of environments and application delivery models. All key management and user management operations are fully automated using the CLI or REST API, giving companies the ability to scale up or down, create partitions and users, register clients and revoke keys immediately across their entire global infrastructure from a single pane of glass.
About Unbound Tech:
Unbound Tech equips companies with the first pure-software solution that protects secrets such as cryptographic keys, credentials or other private data by ensuring they never exist anywhere in complete form. The Unbound Distributed Trust Platform stands as a new foundation for trust using secure multiparty computation to ensure secrets are always split into multiple shares and thereby eliminate any single point of compromise. Adopted by Fortune 500 companies, Unbound's elastic and agile platform protects secrets on untrusted infrastructure and removes existing dependence on dedicated security hardware, delivering a novel approach to security and privacy designed for the digital era. Serving as an engine for uninhibited growth, it allows enterprises to gain new levels of control over their secrets on any cloud, server or endpoint, and opens new possibilities for digital innovation. Founded in 2014, Unbound has been recognized with numerous industry awards and named in multiple Gartner Hype Cycle Reports. Be Trusted. Be Unbound. Visit unboundtech.com.
Cryptosense provides software to manage cryptography throughout an organization, enabling innovation and simplifying compliance. The Cryptosense Analyzer Platform discovers cryptography use inside applications and verifies use of secure hardware, both on-premise and in the cloud. Adopted by major financial institutions and payment infrastructure providers worldwide, Cryptosense is built on years of academic research. Customers use it to save time and money by automating audits, operate securely using cloud cryptography services, and integrate crypto testing into the CI/CD toolchain. For secure cryptography everywhere, visit Cryptosense.com.
SOURCE Unbound Tech