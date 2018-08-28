BOSTON, Aug. 28, 2018, packet-capture products and IT managed services, announces today the release of the ARIA SDSmicro Hardware Security Module. The ARIA microHSM is a bundled solution consisting of a virtualized HSM application and the PCIe-based Myrcom Secure Intelligent Adapter



With the ability to offload the storage of keys to ARIA microHSM, this solves for one of the most alarming and difficult to solve security challenges: how to address the vulnerabilities in the Intel x86 chip design, and more important, the SGX vulnerability targeted by Foreshadow. The innovative and elegant approach of the ARIA microHSM not only establishes a fully secured TrustZone, but it also requires zero footprint as it can be deployed in any cloud or on-premises server.

"Intel's SGX was trusted to be the secure enclave to store certificates and keys used to encrypt data and applications. Now that Foreshadow directly targets and compromises SGX, this is no longer possible," said Gary Southwell, GM, CSPi Security Products. "This puts the industry in a tailspin as it affects millions of servers, and a fix from Intel could be years away. Our ARIA microHSM entirely bypasses the x86, creating a secure environment within the same server to cache millions of keys and run the crypto-operations in an impenetrable environment."

The now infamous Meltdown and Spectre vulnerabilities first exposed the x86 chip design weakness and raised alarm bells across the technology landscape. However, the most recent Foreshadow and Foreshadow NG flaws are of greater concern to the security market as they directly impact L1 cache and SGX. Intel designed SGX to allow user-level programs to create secure enclaves on the x86 processor with protected memory regions for executing security-related functions and storing crypto-keys and other secret information.

The ARIA microHSM securely caches keys away from the server Intel CPU, ensuring that the encryption of critical application data or transactions involving PII/PHI are protected in the event of a breach. The SIA is also powerful enough to offload the entire set of cypto-fuctions from the applications, encrypting and decrypting the data as required as it is moved across the PCIe bus. The microHSM can scale to securely handle close to one million operations per second - up to ten times greater than appliance-based HSM solutions.

Since the ARIA microHSM is delivered as a PCIe network adapter card, it can be deployed in any cloud or on-premise server. It doubles as a high-speed NIC card and was built from the ground up to be a secure transaction execution environment. Its hardware provides a TrustZone that can generate and cache keys for rapid execution directly within a hardened compute environment. For organizations that need to meet government security requirements, a FIPs 140-2 Level 3-compliant version is available. It scales to handle the high volume of traffic originating from the host server/VMs applications to uniquely encrypt data to any level of strength on an application or even a transaction-by-transaction basis. The benefit is that the server/VM applications get the fine-grained or course-grained encryption services they need as required. Applications perform at the highest rate because the crypto-services do not contend for the same server cores as the application and hypervisor when under load.

The ARIA microHSM leverages the Myricom Secure Intelligent Adapter (SIA), winner of best new security product at VMworld 2017. This solution is highly performant - easily supporting millions of requests per minute - required to protect PII/PHI as dictated by stringent regulations. This allows the microHSM to generate encrypted traffic at up to line rates of 50 Gbps 10x greater than its nearest appliance based competitor.

