Atlas Cloud Security Proxy

High Assurance TLS and Reverse Proxy Solution

Key Benefits

  • NIAP, FIPS, & Commercial Solutions for Classified (CSfC) validated platform capability
  • High performance and high assurance TLS or reverse proxy solution
  • Web Application Firewall
  • Application Delivery Controller (ADC) Load balancer
  • High availability capability with active, passive modes
  • Certificate-based access control with OCSP and CRL checking
  • SSL and TLS session analysis for network security monitoring of the front-end data path
  • Integrated analytics of proxy and TLS environment

Secure, Control and Protect

Bivio Networks Powers Advanced Cyber Operations™ with Atlas Cloud solutions. Atlas Cloud Security Proxy is a high assurance and high availability proxy solution. This proxy is ideally suited to secure, control and protect data in-transit as well as the information technology assets that provides that data. The Cloud Security Proxy is designed for enterprise, cloud and mobile security environments as either a TLS or reverse proxy.

Cloud Security Proxy Solution

The Cloud Security Proxy is integrated on Bivio’s family of compact cyber applications platforms. These platforms implement a secure and robust architecture that enables the Cloud Security Proxy to operate in a high assurance mode. This is achieved through a unique architecture that segments the management control of the proxy from applications processing of the user’s data. The platform incorporates a NIAP validated RedHat Enterprise 7 operating system for application processing and has been has been assessed to meet the stringent Commercial Solutions for Classified (CSfC) standard.

Whether the user is a mobile phone, tablet, laptop or remote desktop system, the Cloud Security proxy provides the external transport layer security (TLS) tunnel into the IT asset. Once the user reaches the Cloud Security Proxy, it delivers validation of the access, verifies the requested resource and creates the internal secure tunnel to that resource. The proxy solution enables logging of every session for full auditing, permits the access control through multiple security controls and affords full protection of the internal IT assets.

The proxy solution delivers secure communications with transport layer security for users accessing public or private information technology assets. It features 5 Gbps of AES-GCM encryption per processing core, supports a minimum of 500,000 sustained end-to-end TLS sessions and 800,000 client-side TLS sessions.

The integrated platform is NIAP-Common Criteria and FIPS 140-2, Level-1 validation for high assurance operations. This is accomplished with the FIPS 140-2 validated crypto libraries where the proxy supports Advanced Encryption Standard (AES), Elliptical Curve Cryptography (ECC) encryption standards and Secure Hash Algorithm (SHA) message digest. The crypto module meets the NSA SuiteB standards for protecting classified data intransit across the grey and red networks. Whether the cloud is implemented as a public, private or hybrid cloud infrastructure utilizing, wired, wireless or LTE networks access, the Cloud Security Proxy delivers assurance so that the communications path remains secure end-to-end.

In addition to the TLS proxy mode, the Cloud Security Proxy can be utilized as reverse proxy to protect the enterprise from reconnaissance and exposure of internal IT assets. The solution supports HTTPS validation and enforcement for connections originating from or destined to the cloud. To prevent unauthorized HTTP/HTTPS connections, the proxy implements dynamic ACL’s for management of Whitelists, Blacklists and URL restrictions. The proxy with its Web Application Filtering can filter any element of the HTTP/HTTPS request or response as well as deliver to the user specific error codes for that request/response process. The proxy has embedded anti-bot and DDoS protection as well as optional security monitoring of the SSL/TLS process. The Cloud Security Proxy can also operate in an integrated load balancing mode.

Bivio 6310 Series TLS Protected Server

The B6310-NC Compact Cyber Application platform is a core component of the Cloud Security Proxy Technology. The platform provides from 16 to 56 cores of compute power for scalable encryption and proxy workloads. This enables proxy services for hundreds to thousands of simultaneous users. It facilitates an application-agnostic proxy environment for supporting multiple TCP-based traffic types including Web, Instant Messaging, Voice and Video applications from various vendors. The platform also supports multiple 1 and 10 Gb interfaces. The B6310R-NC ruggedized platform can be implemented in austere environments enabling mobile, deployable and tactical services.

Summary

The Atlas Cloud Security Proxy provides an exceptional level of confidentiality, integrity, and assurance for enabling TLS-based network communications in enterprise, cloud and mobile environments. Coupled with security monitoring and integrated analytics, Cloud Security Proxy is a unique and un-paralleled capability. This solution is the only application-agnostic transport layer security proxy that is enabled with National Information Assurance Partnership – Common Criteria, FIPS 140-2 and Commercial Solutions for Classified (CSfC) validation.