Unisys Stealth™ Solution Suite
The Right Information, to the Right People, at the Right Time – Securely

Overview:

Four Key Elements of Stealth

1. Cryptographic Service Module
2. Information Dispersal Algorithm & Data Reconstitution
3. Virtual Communities of Interest (COI)
4. Executes Very Low in the Protocol Stack

The increasing sophistication, frequency and scale of cyber-crime are placing escalating pressure on IT to protect sensitive data and infrastructure. Meanwhile the strategic direction of IT is to transform the data center to lower costs, streamline existing process, and support a more mobile workforce. The need to guarantee the integrity and confidentiality of network data within shared infrastructures is growing exponentially. Securing information within the network and while data is in motion anywhere is more important than ever. In some cases, lives depend on it.

Unisys Stealth renders users, data, and infrastructure invisible to cyber criminals. Built for the U.S. Department of Defense to secure sensitive information, Unisys Stealth achieved the National Security Agency’s National Information Assurance Partnership Common Criteria EAL-4+ certification, protecting data-in-motion across any network regardless if it is private or public. The good news is that Unisys Stealth Solution is available to everyone, bringing defense grade security to other public sector and commercial enterprises.

Benefits of Unisys Stealth

• Render data, users, and your data center invisible to the outside world
• Securely protect the user, network, and data center
• Unprecedented security without an expensive reconfiguring of the network

Unisys Stealth Solution Suite

• Stealth Data Center Segmentation
• Stealth Regional Isolation
• Stealth Secure Remote Access
• Stealth Solution for Secure Virtual Terminal
• Stealth Solution for Cloud

Data Center Segmentation:

Increase Security

• Availability, Confidentiality and Data Integrity
• Only authorized individuals can see resources
• Enforces “Least Privilege”
• Facilitates regulatory compliance

Cost Savings Potential

• Reduce data center complexity by streamlining infrastructure
• Simplify management
• Easy to change access
• Improve CapEx and OpEx

Enterprise Network

Cloak high impact systems from intrusions on intranet

Regional Isolation:

Increase Security

• Safely transfers confidential information
• Undecipherable data on public or private network
• Endpoints cloaked from other network users

Cost Savings Potential

• Internet vs. costly leased lines
• Avoid costly breaches and dangerous eavesdropping
• No network disruption

Protects corporate data assets in a global topology

Stealth in the Cloud:

Increase Security

• Stealth protection follows the workload
• Other cloud tenants have no visibility to workload
• Secure resource sharing within COI
• Isolated workloads between different COI / tenants

Cost Savings Potential

• Low cost cloud resources
• Rapidly increase resources on demand
• Maximize resource utilization

Integrated with Unisys Secure Private Cloud Solution

• For seamless deployment

Bring Unisys Stealth to the Cloud

Secure Remote Access:

Increase Security

• Secure point to point Stealth session avoids breaches
• Undecipherable data on public network
• Endpoints cloaked from other network users

Cost Savings Potential

• Distribute endpoint driver to all potential users; license on concurrent use
• Deploy SSVT vs. regulated laptops
• Simplify endpoint management

Offerings:

Stealth for Mobile

Unisys Stealth for Mobile enables authenticated and secure access to application processing environments in the data center from mobile applications. With Unisys Stealth for Mobile, security starts in the data center and extends to mobile devices. It leverages application wrapping software that encrypts data-in-motion from the mobile app across the Internet – securing it from hackers and evesdroppers.

• Helps secure the most critical assets in the data center from threats introduced by mobile devices.
• End-users are quickly authenticated into Stealth Communities of Interest with no adverse impact on the user experience.
• Enables even more fine-grained security to be applied to your application users.
• Fosters quicker implementation of mobile initiatives - application developers don’t need to become security experts or keep up with ever-changing security protocols.
• Supports BYOD environments - it does not require an entire device to be secured; personal data or applications on the mobile device are undisturbed.

Unisys Stealth for Mobile secures the entire data path by protecting critical servers and virtual machines with Data Center Segmentation, connecting authenticated mobile users into secure Communities of Interest, and wrapping applications on the mobile device.

Stealth for Amazon Web Services

Enterprises looking to achieve greater cost-savings with Amazon Web Services (AWS) public cloud can implement Stealth to bring additional security to the AWS environment, positioning them to move high-value, mission-critical workloads to the AWS Cloud. The Unisys Stealth for Amazon Web Services:

• Enhances the security of the AWS Cloud. Communication to, from and between Stealth protected assets in the AWS Cloud is encrypted.
• Cloaks endpoints in the AWS Cloud. Stealth ignores all packets that are not Stealth-formatted with matching Community of Interest (COI) keys. Stealth protected VMs are cloaked from other tenants in the cloud and from hackers attempting to infiltrate the cloud.
• Enhances control of AWS assets. Stealth enabled VMs in the AWS Cloud appear to be in the company domain; unlike a standard AWS deployment, when using Stealth, encryption key management occurs in the company’s datacenter.
• Is easily implemented. Stealth leverages Microsoft Active Directory or any other identity store to enforce identity-based access.

Stealth Solutions for Network Security

Secures data-in-motion and controls the information sharing within or across networks by employing an innovative data cloaking technique – all while vastly simplifying the infrastructure. Stealth assures security by transforming information using FIPS140-2 certified AES-256 encryption integrated with a new cryptographic data-dispersal algorithm that spreads data across the fabric of the network.

Stealth Solutions for Network Security has been through the National Security Agency’s Common Criteria process and received EAL-4+ certification as a multi-domain network software solution for protection of data-in-motion across any network - private or public - qualifying Stealth to protect up to secret defense-level or sensitive industry information to support your mission critical requirements.

Here’s what Stealth Solutions for Network Security can do:

• Render data endpoints undetectable and secure across any private or public network
• Secure virtualization of communities of interest (COI) based on security privileges allowing multiple COIs to coexist on a single physical infrastructure
• Deliver superior cyber defense resulting from Stealth’s ability to cloak networks from outsiders
• Reduce infrastructure and cost by reducing the need for multiple, separate physical networks for each COI
• Work with the existing security, identity management and IT infrastructure without a costly redesign

Stealth for Secure Virtual Terminal (SSVT)

The Stealth for Secure Virtual Terminal delivers the Unisys Stealth Solutions for Network Security on a secure USB-based device. SSVT is designed to protect high value transactions, transmission of sensitive data, facilitate emergency preparedness, and is ideal for travelling, home-based, or guest users. It can be booted from virtually any PC or laptop and preconfigured to establish a virtual secure Stealth tunnel through any network - private or public - to another predetermined Stealth endpoint such as a URL, web portal, Stealth gateway, etc. Our solution guarantees a clean boot from the USB device that mitigates any malware that may have infected the PC itself.

• SSVT has all of the attributes of Stealth Solutions for Network Security
• Flexibility to securely connect from anywhere, anytime
• Ease of use and enhanced user experience
• Small and portable

Stealth USB-Based Device:

The Unisys Stealth USB-based device is a core component in an enterprise-class hardware, software and services solution that transforms the security of remote access. The Stealth Solution for Secure Virtual Terminal (SSVT) provides customized, dark network communications for authorized, authenticated avoiding security breaches which are complex and costly to resolve. SSVT is quickly provisioned, requires no application changes and facilitates security regulatory compliance.

Instead of booting from a client hard drive, SSVT provides protection by booting from a tamper proof, locked, virus free operating environment, and safeguarding the transaction as it moves across the network. Stealth prevents malware from infiltrating the data by rendering the session invisible on any network, and preventing interaction with any non-Stealth network activity and devices. Additionally, SSVT can be configured to eliminate data loss at the end user's PC/laptop.

Stealth USB Device Specifications
Features	Optional secure open partition, varying capacity Hardware-based AES-256 CBC mode encryption (FIPS Pub 197) On-board malware protection Strong password authentication Zero software footprint One year warranty
Operating Environments	Linux (Ubuntu 9.10) or Windows embedded XP SP3 with IE7
Standards and Certifications	FCC CE WEEE compliant RoHS compliant
Physical and Electrical	Compact and portable Tamper-evident enclosure with removable cap Durable, impact-resistant ABS plastic Waterproof and dustproof to IEC 60529 IP57 Waterproof enclosure to MIL-STD-810F LEDs for power, data activity and authentication status Uses USB bus power
Dimensions, Weight, Environmental	Dimensions, Cap off: (H x W x L): 12.5 x 21.5 x 75 mm Weight: 19g Operating Temperature: {0 to 60 °C} Storage Temperature: {-20 to 70 °C} Relative Humidity: {5 to 95% non-condensing}

Videos:

Unisys Stealth for Mobile

Unisys Stealth for Mobile enables authenticated and secure access to application processing environments in the data center from mobile applications. With Unisys Stealth for Mobile, security starts in the data center and extends to mobile devices. It leverages application wrapping software that encrypts data-in-motion from the mobile app across the Internet -- securing it from hackers and evesdroppers. Unisys Stealth for Mobile secures the entire data path by protecting critical servers and virtual machines with Data Center Segmentation, connecting authenticated mobile users into secure Communities of Interest, and wrapping applications on the mobile device.

Watch on YouTube

Unisys Stealth Datacenter Segmentation

Cloak your Strategic Applications

Unisys Stealth is designed to protect business data and systems by creating a communications tunnel that is cloaked to any users or devices except those who are pre-identified as part of the “secure community” referred to as a Community of Interest (COI). This is unlike traditional solutions, which use physical topology to cordon off and protect high value servers, virtual workloads and applications. In contrast, Stealth enables security by using COIs, allowing the network to be simplified while protecting visibility and access to different servers and applications.

Play Video

Watch on YouTube

 

Unisys Stealth Regional Isolation

An Information Embassy

As companies look to multiple geographies for new business opportunities, IT challenges can quickly become a nightmare. Confidentiality requirements or geopolitical challenges that may compromise IP and data integrity necessitate that systems at geographically dispersed centers be kept separate from the corporate data center. Unisys Stealth is designed to help enterprises shield data assets within a designated region while controlling access to corporate assets from users in that region. Creating an information embassy with Unisys Stealth enables an organization to establish a secure regional site in various geographic locations.

Play Video

Watch on YouTube

 

Unisys Stealth Secure Remote Access

Much More than your Traditional VPN

Organizations typically use VPNs to access the enterprise network from remote sites. Unisys Stealth can be used in lieu of, or in conjunction with, deployed VPNs, to provide a higher level of security for both the information being transmitted and the endpoint sending the data. Stealth creates a communications tunnel hidden to everyone except those who are pre-identified as part of the “secure community” referred to as a Community of Interest (COI). An undetectable cryptographically secure tunnel into the network means avoiding the radar of hackers and ensures the connection remains protected from intrusion. You can’t hack what you can’t see!

Play Video

Watch on YouTube

 

Unisys Stealth Solution Suite Overview

Stealth allows multiple user communities to share the same IT infrastructure, securely. Stealth isolates applications so that only the authorized users can see and access the data unique to that application. In effect, you can’t hack what you can’t see. And, it works without application or infrastructure changes.

Play Video

Watch on YouTube

Documentation:

Download the Unisys Stealth Solution Suite Brochure (PDF).

Download the Unisys Stealth Solution Suite Secure Data Center Segmentation Brochure (PDF).

Download the Unisys Stealth Solution Suite Regional Isolation Brochure (PDF).