Ahead of the Infosecurity Europe show last week, I caught up with AEP Networks, a developer of highest-grade security technologies that was acquired by a military contractor last September.
In the $75m (£48m) acquisition, the defence and aerospace company acquired AEP for its links to the UK government's national technical authority for secure electronic communications.
The company has rebranded as Ultra Electronics AEP Networks, and talking to SC Magazine last week, CTO Mark Darvill said that the offer from Ultra Electronics came when it wanted to complete its cyber security portfolio. A UK-based company with contracts to governments, Darvill said that this has allowed AEP to become UK-centric, but the acquisition was far from the first move into cyber security by Ultra.
He said: “They've got a number of other companies in the cyber security space. Probably the major one is 3TI in the US who do security cyber systems and also encrypted wireless LAN. There are about five or six in the UK and US that do everything from top-secret cryptos through to voice analysis and all sorts of things.
“This is additive to their current portfolio. I guess one of the big differences between a Lockheed Martin approach and Ultra Electronics is Ultra's view is that when they acquire companies of a certain size, they stay as standalone entities.
“So, from my point of view, post-acquisition, although we have a different reporting line now and things like that, the company is primarily running on the same business plan that it developed pre-acquisition.”
Last week the company announced two product launches. The first is an addition to its Keyper range, the Ultra Safe Keyper Plus, an FIPS 140-3 level 4 ready hardware security module (HSM).
Darvill said that this is a new variant and is the most secure HSM available, and is aimed at a new NSA standard by including FIPS 140-3 encryption and including new elliptic technologies for the physical encryption of the data and the key material itself.
He said that the ‘elliptic curve' has been demanded more and it is used in this product around the mathematics of the delivery and encryption of key material. He also said that this has advanced tamper-proofing, which means that if it is tampered with, the key material it holds within it is destroyed.
“It's the only device in the world that does that. The FIPS 140 level 4 standard is the one that defines this tampering and we're the only people that make this type of device in the world,” he said.
“If you can imagine the key material that some of our customers put into this; it could be a government root key, for instance, or a DNS root key – and if they lose that key or have it stolen then, effectively, either their network or their data or whatever it is they're trying to secure with that could be compromised.”
He also claimed that this is separate to a server as it sits on the network and responds to people who need something signed; Darvill said this is safer than putting it onto a server because no matter how secure the server may be, the operating system is always open to vulnerabilities and to being attacked, and it's sometimes quite difficult to see whether it has been attacked.
Also launched last week was Ultra Protect 7.4, a mobile application that enables secure access to work applications on the move and BYOD policies with virtual access to the office via mobile devices.
The company claimed that Ultra Protect 7.4 helps to safeguard data by not allowing information to be stored or saved on the device and providing full encryption between the device and server, so if a device is lost, stolen or transferred, corporate information is always protected.
Darvill said: “The Ultra Protect is basically a secure application access gateway to provide extremely secure access for users, irrespective of the endpoint device that's being used. Basically, the user authenticates via this device using two-factor authentication and then will gain access to WebTop, which is like a single webpage and is the only thing that they can see and has icons on that represent which applications they are allowed to gain access to.
“Based on the individual user or the group that the user is in, they will see a range of applications and potentially data as well. So, with 7.4, we've made the solution even more secure as it uses key material to encrypt the sessions between the end-user and the servers that they're trying to gain access to.
“From the user's point of view, the big thing that we've incorporated much more solidly into the product is the mobility access through the smartphone and tablet access, it is really centred on bring your own device. This solution now is very much focused to allow them to gain access to applications and data while ensuring the integrity and security of the data at the core.
“Effectively, we're now implementing three-factor authentication.”
I asked Darvill if this was BYOD but aimed at large enterprises, critical national infrastructure companies, governments and the defence community. “It is for where people want to give people access to information and to applications and data on the move but do want that stringent level of security that goes with it,” he said.
We finished by moving back to the acquisition; I asked Darvill if the added capabilities of Ultra Electronics had influenced these launches. He said they had been in development pre-acquisition and AEP's raison d'être and core values had not changed.
“What you will see coming out over the next couple of years is more innovation. So we're doing more around some very advanced areas and including, in a year or two, areas like quantum encryption. We've got to take a fairly long-term view on some of the really new stuff,” he said.