the TrustWrx Identity-Aware Framework
TrustWrx’s patented Identity-Aware Framework (IAF) This breakthrough SaaS solution supplants the VPN; replacing now-vulnerable single-layer encryption with three layers of encrypted packet controls and equipping the secure network itself with identity-centric security features and dynamic and intelligent traffic management. TrustWrx is the first to embed verifiable identity and packet usage provenance credentials within all edge network-originating packets, assuring that only legitimate traffic transits the secure network under centrally controlled policies, safe within a triply-encrypted network. This delivers two major benefits:
- Only packets with embedded IAF provenance can move on the IAF network. All rogue packets, lacking IAF packet provenance and verifiable identity, are trapped, quarantined and blocked.
- The IAF-protected edge network becomes invisible to the open Internet and all its dangers.
The cloud has dissolved the perimeter. In the new cloud world, the old perimeter protections are no longer effective and hard-wired tunnels have become a security and management liability. With these legacy tunnels, packets can only be marginally controlled at firewalls outside the tunnel, and the tunnel itself has no knowledge or control over the packets they move. The Internet now needs a modern alternative to the difficulties, constraints and proven dangers of the point-to-point security tunnels like VPNs and TOR – along with advanced identity and security features.
Packet Identity is the Missing Security Piece The Zero Trust (ZTNA) model is all about identity. So far, ZTNA has been concerned primarily with network micro segmentation and least privileged access for users, hardware and connected components. But nobody is tackling the glaringly obvious fact that packets have no verifiable identity, even though packets are the basic essence of the Internet. This is the equivalent of allowing holiday travelers and terrorists to move through border controls without passports.
The overall threat and malware problem persists primarily because the only identity a packet has is an IP address. However, spoofed and uncontrolled IP addresses are often a common delivery mechanism for the more than 90% of packet traffic that is unwanted or dangerous. Having no credentials and with no means of verifying the true packet source, the good are indistinguishable from the bad, and more than nine out of ten packets are unwanted or dangerous.
The critical innovation needed to solve this problem, and eliminate the majority of rogue packet traffic, is to arm the packet with true verifiable identity and usage provenance credentials – centrally validating packets and controlling packet usage across the local network and beyond to the cloud.
The Packet Provenance Passport TrustWrx has woven into its IAF technology an industry first, the “Provenance Passport” that is embedded in every IAF packet. This new identity and usage control knows and can verify in transit and at endpoints the device/user identity of the packet source, where packets may and may not go, and to what use they may be put. It is the packet’s ticket to edge network and cloud validity. Conversely, the lack of the packet passport signals a rogue packet that is not allowed to traverse the IAF network and can be quarantined or dropped.
By equipping the packet with a “passport”, referenced against a central policy engine, the packet’s originating source device/user is verifiable, its local and cloud usage is precisely controlled, packets without a passport are simply blocked, and the edge network is rendered invisible to the open Internet. With a hands-free install, this innovation delivers previously unattainable levels of Internet security and privacy for the small company network and its connected workers at home.
The TrustWrx Identity-Aware Framework is comprised of four main parts:
- A triply-encrypted smart tunnel that isolates, validates and secures all traffic between the TrustWrx cloud services and the gateway. It policy-drives traffic access controls on the edge network and to the cloud, while rendering the edge network invisible to the open Internet.
The IAF smart tunnel has no dependencies on a previously established tunnel, like VPNs and TOR. It is ephemeral; existing invisibly only when packets are in motion and dissolving when IAF sessions complete. It is agnostic to firewalls, DMZs and any configuration of a network, subnets, or cloud deployments.
- A plug and play customer-premise gateway. This is an industry standard router, flashed remotely with TrustWrx gateway software and installed by the end-user – no technical expertise required – and managed by the end-user or the MSP. TrustWrx provides a list of qualified routers that may remotely flashed with the TrustWrx gateway software.
- A suite of TrustWrx central services at AWS that host the IAF policy management and proxy routing software, the SOC interface, the CRM system, web sites, etc.
- A Partner Security Operations Center (SOC) These services are contracted from partner providers. The IAF is modular and can connect and integrate services from any third-party source, protecting previously established MSP/SOC relationships.
TrustWrx is the first to protect insecure IoT devices. Until now, smart devices like Ring, Nest, Alexa, medical devices and even smart light bulbs, have operated completely without any security. This is a huge security risk, because insecure IoT devices have become a primary funnel for threats and malware to move across the connection to attack the servers and other digital assets of host companies. Utilizing the policy-managed packet routing of the IAF, TrustWrx is the first to seamlessly integrate the complete control of packets moving to and from IoT devices into a secure business or home network.
Patented Core Technology – US patents protect many features of the TrustWrx technology.