Advanced Data Recovery Protection
Ensuring data edge is protected against sophisticated threat actors
Evolving mission requirements and technical innovation has resulted in the proliferation of devices at the edge. These devices will collect, process, and store sensitive data that will be vulnerable if adversaries gain physical access.
Sophisticated actors can employ advanced data recovery (ADR) techniques and technology to defeat protection measures.
Cigent Secure Storage Solutions utilize layered data protection utilizing proven methodologies and patented technologies to stopADR.
Cloning
Typically utilized when an actor has physical access, it utilizes COTS or open-source software (e.g., EaseUS, DD, Clonezilla). The software creates an exact copy of the device’s hard drive, including the operating system, installed programs, and all data. Cigent prevents cloning by locking all data ranges. With hidden encrypted partitions data is secured even if a device is in use.
Low Pin Count (LPC) Bus Sniffing
Cigent PBA and encryption key management effectively defeats these attacks. The keys are not visible to intercept and recreate the recovery key to authenticate. This approach requires physical access to a device and is used when software full drive encryption is in place. An actor utilizes tools to gain key access by intercepting the communication between the LPC Bus and TPM Module.Cigent utilizes full drive hardware encryption where keys are not stored in the TPM. Additionally, PBA provides a separate secure authentication environment.
Hex Editors
A hex editor is a forensic tool that reads the binary data of a drive or file and displays the binary data in hexadecimal format. With a hexeditor, an actor can see or edit the raw and exact contents of a file, circumventing protections or identify gaps.Preboot Authentication prevents the hex editor from reading because the device is powered off and encrypted. If a hex editor is used, it won’t be able to read the data contained within a hidden partition.
Other attacks
A multitude of other attack vectors exist including remote attacks using living-off-the-land binaries and data recovery tools including WinSCP, Putty, SSH. Nation states and other advanced actors are continuing to develop new approaches.Cigent utilization of PBA and MFA complemented with advanced protection features including Hidden Partitions and Storage Embedded AI, prevents unauthorized access from any data recovery approach
Cigent Protection
Protection for Data at the Edge
Clone and wipe
Cloning is the process of duplicating data from the hard drive which may also include data wiping. Various techniques exist with actors utilizing COTS or open-source software (e.g., EaseUS, DD, Clonezilla) to nearly instantly clone the hard drive and/or initiate wipe. Typically executed with physical access but can also utilize Bluetooth or other wireless connections.
Cigent protection: Hardware Full Drive Encryption, Hidden Partitions, and AI
Data in encrypted state is unreadable with all ranges locked, preventing data from being cloned or wiped. When device is at rest hardware full drive encryption with PBA prevents access. If the device is powered-on data stored in hidden partitions remains encrypted with locked ranges.
Additional protection is provided with Cigent embedded AI data monitoring that monitors access patterns and will instantly lock all data upon detection of cloning attempt.
Alternative OS Boot
Advanced actors may employ an alternative OS boot to circumvent encryption protection. The approach tricks the device into exposing encryption keys by interrupting the boot process with an alternative OS. Once the adversary gains access to the encryption keys the encryption protection is disabled.
Cigent Protection: PBA with MFA
Alternative OS Boot can be prevented using PBA. PBA provides a separate, secure environment for user to authenticate prior to booting device. This prevents the insertion of an alternative OS. PBA protection can be further enhanced utilizing Cigent MFA providing separate credentials to validate user authorization.
Hex Editors
A hex editor is a forensic tool that reads the binary data of a drive or file and displays the binary data in hexadecimal format. With a hex editor, an actor can see or edit the raw and exact contents of a file, circumventing protections or identify gaps.
Cigent: PBA and Hidden Partitions
Pre-boot Authentication prevents the hex editor from reading drives because the data remains encrypted and inaccessible. Additionally, when a device is in use, data stored within hidden partitions also remains unreadable with ranges locked.
Low Pin Count (LPC) Bus Sniffing
This type of data recovery technique requires physical access to a device. It is used when software full drive encryption has been employed. If an organization has not set up a second factor authentication method (e.g., a PIN) a threat actor uses tooling to gain key access by intercepting the communication between the LPC Bus and TPM Module.
Cigent Protection: PBA and Encryption Key Management
Cigent PBA and encryption key management effectively prevent these attacks. The keys are not visible to intercept and recreate the recovery key to authenticate.
Quantum Computing
While quantum computing has not been practically applied to defeat cryptography it is only a matter of time. There have been continuous improvements in stability and performance, including China’s 2024 announcement of a 504-Qbit chip that is claimed to be 180 million times faster than the fastest supercomputer. Quantum computing’s speed and ability factor large integers will inevitably significantly disrupt current crypto protection methodologies.
Cigent Protection: Partitions, AI, and Verified Data Erasure
Cigent provides the ability to create secure partitions that can only be accessed with step-up authentication. Those partitions are unreadable at the sector level even if an adversary gets direct physical or remote access and logs into the operating system.
Cigent has embedded AI in its Cigent Secure Storage that monitors data access patterns. This unique protection attempts to clone the drive and automatically locks thwarting a cloning attempt.
The only full-proof approach to ensuring data cannot be compromised by quantum is to ensure it is permanently erased. Cigent provide patented verified data erasure that scan block-by-block to ensure that all data is erased and forever unretrievable.
TAGLINE
The Cigent Advantage
Cigent is prepared to support your mission navigating the complex compliance requirements to protect data at the edge. Its solutions were developed for and with US Federal agencies with deep expertise in data protection. Cigent protections have been thoroughly tested and validated by leading Federal agencies including MITRE, NIST, NSA, NIAP, the Air Force, Cyber Resilience of Weapon Systems (CROWS), and NSSIF (UK).
To ensure availability and provide flexibility, Cigent works with leading drive manufacturers including Digistor, Kanguru, and Seagate and Cigent offers our own branded drives.
provide value to the visitor
FIPS 140-2 & FISMA — Understanding Cybersecurity Compliance for Cryptography Modules
Understand FIPS 140-2, its compliance requirements for federal agencies, and the ..
Adding Pre-Boot User Authentication for Sensitive Data Security
Why federal agencies need to protect sensitive and classified data with pre-boot user ..
Data Security for Unmanned Vehicles—both UAV and UGV
Ensure data security for unmanned vehicles with advanced protection methods. Learn about ..
Frequently Asked Questions
Check out the answers to some of most frequently asked questions about Cigent, what we do, and how we do it. Don’t see your question on the list? Click the BOOK A DEMO button in the top right corner of your screen to learn more about us during a custom demo.
Cigent protects data on devices operating at the edge from unauthorized access. Cigent solutions secures data at rest with layered protection including hardware encryption, pre-boot authentication, and multifactor authentication. Cigent also ensures data integrity when the device is in use preventing wiping and cloning and other data attacks.
Advanced data recovery (ADR) includes a variety of techniques and technology that can be utilized to recover data from a device. ADR is not necessarily malicious as it can be utilized for the legitimate recovery of data when a device may have been physically damaged, data was inadvertently erased, or other incidents. However, actors will use ADR to circumvent protections for the secure storage of data.
Cigent employs layers of security to prohibit unauthorized data access. The foundation of Cigent protection is the combination of AES 256 full drive hardware encryption coupled with pre-boot authentication (PBA), and multifactor authentication (MFA). This combination of technologies delivers high-confidence protection for data at rest. In addition, Cigent has advanced, patented features that provide additional security and extends data protection throughout its lifecycle. These include hidden partitions with locked data ranges, storage embedded AI monitoring data access patterns, secure data logs documenting all data activity, and verified data erasure.
Cigent data at rest protection foundation is full drive hardware encryption. Cigent complements this with patented storage embedded AI that monitors data access patterns. AI embedded within the storage continually monitors data access patterns instantly securing data when anomalous behavior is detected. This includes detection if an adversary attempts an alternate O/S boot approach. The AI capabilities provide an additional tamper-proof monitoring that extends Cigent protection for ADR.
Still have questions?
Learn more about Cigent and our solutions by downloading our company overview.
Cigent’s Federal Data Protection Solutions are second to none
Learn more about how Cigent can help you achieve your mission and protect data at rest and data on the edge from all forms of attack.