The TrustWrx Secure Cloud
The TrustWrx Secure Cloud brings to the small network a degree of security that has been available previously only to the largest networks. The corporate equivalent to TrustWrx is the enterprise SD-WAN – requiring VPNs, edge appliances and central security services, but also requiring highly complex installation efforts, costs and maintenance overhead. By providing a communications technology that is far more secure than a VPN, along with professionally managed central security services, TrustWrx brings to the small network a level of cost-effective and hassle-free security that exceeds that of most major corporate networks.
The TrustWrx Secure Cloud is comprised of three main parts:
- The TrustWrx secure communications stack.
- A professionally-managed cloud-based set of robust central security and
policy management services.
- An inexpensive on-premise edge appliance called a secure gateway.
The TrustWrx Secure Cloud is an isolated and secure
communications envelope within which:
- All components of the edge network behind the gateway are made invisible to the open Internet, including computers, laptops and all IoT devices and connected digital equipment.
- Cutting-edge central security services filter public-facing email and web traffic, trapping
threats and malware at servers upstream from the secure gateway. This isolates threats remotely to provide far more effective security than the aging anti-virus model that brings all threats onto the computer where they might circumvent desktop anti-virus software.
(Desktop anti-virus software is now less than 50% effective against modern threats.)
- Attachments and imbedded links, along with tracking cookies and other potentially unwanted files and exploits are diverted and cached at the central services, isolated and managed through secure interactive notification services with the end user.
- Unique three-layer encryption, identity authentication and integrated port controls secure all communications between the cloud-based central security services and the edge gateway.
- Only TrustWrx generated packets from authenticated sources can get past the central security services, through the encrypted connectivity and past the port controls of the secure gateway.
- All traffic inbound from the open Internet is filtered, analyzed, and confirmed to be free of known threats and malware before it is encrypted and sent to the customer’s gateway.
- All outbound email and web activity also passes through the encrypted tunnel, is also subject to security and threat analysis, and is then handed off to the open Internet, shutting down the re-transmission of bots, malware, etc.
The Secure Gateway
Purchased online or at retail outlets, the secure gateway from TrustWrx is the consumer end of the Secure Cloud. It is an inexpensive security-hardened Linux computer onto which the patented TrustWrx client software has been pre-installed. Simply plugged in at the on-premise router or critical endpoint, the gateway maintains a triply-encrypted connection with the remote central security services. It renders all computers and devices behind it visible only to the central security services and invisible to all other eyes on the open Internet. This means that no one on the Internet can see, access or tamper with any traffic in transit within the TrustWrx Secure Cloud or any digital equipment behind the customer’s secure gateway.
The Central Security Services
The TrustWrx Central Security Services is a cloud-based combination of Amazon Web Services (AWS) security services (developed by AWS under a $600 million contract with the CIA) along with highly sophisticated email and web security components. Managed by full-time security professionals and kept up-to-the-minute with the latest protections, TrustWrx seamlessly analyzes all traffic heading towards your network. This allows us to trap and quarantine many of the malicious emails, web exploits and direct attacks that might otherwise get past your desktop anti-malware software.
The TrustWrx Policy Engine
The central policy engine is a secure database application layer that is professionally managed on central cloud services. It maintains all policies for devices, identities, addresses, accounts, etc. It is the base reference for packet source authentication and control of all packet traffic.
The policy engine provides authentication at the inbound port of registered source IP addresses, source machine fingerprints and other security metrics for all TrustWrx packet traffic. These security fields are maintained at the central policy engine and local caches, are embedded within all encrypted packet headers, moving with the packets and validating all packets at all encountered ports.
Integrated Port Controls and Advanced Encryption
- Integrated port controls include three-layer encrypted port knocking and other unique protections that assure that only TrustWrx structured packets gain access to ports. All non-TrustWrx packets are blocked before they can penetrate ports.
- All TrustWrx packet traffic is protected by three-layer encryption technology, assuring that no accidental or malicious disclosure of keys or brute force decryption attacks will reveal packet content or packet header metadata.
Patented Core Technology – US patents protect many features of the TrustWrx technology.
The TrustWrx technology has been vetted by major testing labs for security and operational vulnerabilities.
A Performance and Stress test at NSS Labs proved that one thousand clients could send and receive over six Terabits of 1 MB messages per 8 hour day through two minimal rack servers – resulting in an NSS Labs high-performance carrier-class certification.