Lockstone Technologies

Password-less Organization

No passwords, for anyone, in your organization

Secrets in Silicon

Software keys are hackable, hardware keys, well, that’s a different game

Cloud-on-a-stick

An entire enterprise infrastructure on a read-only bootable USB

Red Team Tools

Supporting those who do the good work

License-free Infrastructure

No annual fees, no key management or deployments, no hassle

Absolute-Zero Trust Enterprise

Because we don’t trust anyone either

javascript slider
Cloud-on-a-stick

Cloud-on-a-stick is a secure way to run your cloud services from the flexibility of a USB. The entire network can be stored in a locked safe, a copy can be made for another office, or can be carried to a remote work site.
All of your services and network infrastructure run as virtual machines and containers on a single bootable USB. Configurations, libraries, and executables are all immutable. This means that upon a reboot, any changes to the infrastructure during the prior session are wiped. Your network starts fresh and unmodified on every boot. Persistent data partitions are also encrypted and can be on a remote file sharing network, a hard disk in a computer, or any other removable storage device.
You don’t need to worry about upgrades or personal hardware issues either. With every new upgrade, you’ll get a new USB. If you ever need to access an older version, simply use the old USB. Cloud-on-a-stick is also hardware independent. If something goes wrong with your production hardware, simply pop the USB into another computer.

Password-less Organization

Passwords are the #1 security threat to an organization. Hackers commonly use weak passwords to infiltrate networks. Your own password may be strong, but how many employees do the same? Corporate password policies are only good if they are followed. Have you ever just added a “1” to your password during password changes? Passwords also require considerable overhead and can often require hiring additional employees for simple management such as resets, set-up, and general login issues. These complexities have measurable budgetary consequences with minimal security improvement.
We replace passwords with an employee-specific USB dongle that glows when authentication is needed. They simply tap the dongle, and they are authenticated. It's that simple.
The USB dongles are small computers with cryptographic keys built in. They use asymmetric encryption technology to solve incoming “challenge” requests for authentication without needing external resources—the entire authentication process happens locally on the USB, making it secure.
USB dongles can also be customized for different security requirements. They have NFC and can be used for physical access swipes (doors, safes, printers, etc.) The “touch” authentication can be coupled with a pin code as well to prevent a lost dongle being used by unauthorized persons.

Absolute-Zero Trust Infrastructure

Insider threats—or compromised employees—are one of the most common attack vectors. Many networks we see are like eggs; hard on the outside, soft on the inside, making many security breaches come from within.
Our zero-trust design isolates each user’s workstation to only allow network communication to services they need. Most organizations prohibit user access by not granting the password to a web service. Instead, our network prohibits the user’s device from ever sending information to the web server to begin with. If, for any reason, communication is established, users must have a mutual TLS certificate to even see the authentication page (we recommend an authentication dongle for this).
Network routes are only generated when a user logs in and removed when the user logs out.

Secrets in Silicon

Encryption is paramount to a secure network. Unfortunately, key storage and management are often overlooked weak spots to proper encryption implementation. Improper key management can be as bad as, if not worse, than no encryption at all due to the false sense of security. Both critical and non-critical data should be encrypted for maximum security—you never know what might be used as an attack vector.
Keys are often stored on-disk using the best security practices available, but these are still vulnerable to exploitation. Instead, keys stored in hardware by being burned into silicon are much harder to abuse as they cannot be read from silicon. They can only be utilized by onboard computers to perform cryptographic operations.
We use this method by carefully constructing a key management chain that relies solely on hardware-based encryption keys to ensure your secrets stay safe.

Red Team Tools

We provide software products for red teams to use to conduct penetration testing. These tools can leverage vulnerabilities to provide access, lateral movement, persistence, or exfiltration to a red team for the use of penetration testing.
These tools are only available to cyber firms and law enforcement who provide a detailed description of why they require the tools and what their intended use is.

License-free Infrastructure

Software licensing causes massive overhead that only increases cost and complexity while decreasing security.
For instance, Microsoft requires online activation for many of their products, requiring you to connect potentially sensitive computers to the internet. Even their offline installations require a complicated licensing server or technicians to physically phone Microsoft and read product keys over the phone like it’s the early 90s.
Other vendors have similar annoying, expensive, and/or complicated licensing models that have costly annual fees and high overhead. The products often constrict you to a single ecosystem. For instance, if you run Splunk then you’ll need to hire a Splunk developer. Splunk Inc. then controls the cost and training availability. They can even change their ingest costs year-over-year resulting in unexpected fees.
We do away with all of that and design using entirely license-free, open source, free software. It’s safe and secure because the source code has undergone security reviews—unlike black-boxed source code from private companies. This architecture is flexible and licensed software can easily be integrated, if needed.

company

We are a select team of highly-experienced cyber professionals offering expert consultation and implementation of cyber solutions. We take great pride in being able to offer innovative and robust solutions at competitive rates.

Who we are

Most technology companies are simply “integrators” who buy off-the-shelf commercial technology and install it within your organization without a thorough understanding of how the solutions operate under-the-hood. This business model usually results in both high prices and low security.

We are doers, not buyers.

“Integrators” need to charge a mark-up on-top of what their big-box suppliers are charging. As a result of these premiums, your price inflates with each company in the chain. A lack of thorough understanding of these third-party, off-the-shelf solutions often results in weak security considerations and vulnerable implementations leading to a playground for hackers.

We take a grass-roots approach; erring towards open-source “tried-and-true” solutions with customized configurations but non-custom components. License management is a nightmare for many organizations - integrators purchase licenses during the initial setup (often at a discount) then leave organizations to deal with an annual onslaught of purchasing requirements and license key updates to deploy. Open-source solutions alleviate this headache by removing licensing requirements altogether. Why doesn’t everyone do this? Because it requires expertise that average technology providers simply don’t have.

image

Configure, don’t code.

Custom solutions require custom support. Every line of code written has a cost to maintain while every line of configuration written is maintained by the developer. It’s our goal not to lock you into our services by providing you with a custom solution that is only supportable by a specific company. By sticking to industry-standard open-source solutions, our customers can hire any firm with open-source expertise to maintain or service our products in the future. We stand behind our skills, but encourage customers to choose the firm that best fits their needs, even if that’s not us - we design our solutions to specifically support that.

services

We provide a default non-disclosure agreement as standard practice on all contracts and encourage customers to amend that agreement with their own custom text or have us sign their own. We’re in the business of protecting information, not selling it.

Consultation

Many organizations just want solid advice in regard to what they need to implement their technological issues. A simple, but honest, analysis that provides a concise overview of options and expenses is critical for making smart and effective technological choices. Many smaller companies choose to implement these solutions on their own after a bit of advice from us. We’re in the business of providing knowledge and support, not in the business of trying to weasel monthly service contracts out of clients.

image
Capability Implementation

Very simply; a customer wants to be able to do something and we make it so they can. We do this somewhat contrary to industry norms. Most organizations ask for the requirements upfront, they build the product, and then hand it to the customer. We find this frequently results in frustrated customers. Most times, customers know what functionality they want but don’t understand the capabilities and limitations of the technology. Other companies might deliver what they consider to be a fully finished product according to customer requirements. However, during a lengthy development process, requirements can change or contradict each other, and the resulting product turns out to be not at all what the customer expected.

image

We approach this service iteratively. We provide the customer with an initial deployment of the capability with the smallest level of basic functionality. After some use, the customer provides feedback on changes and features they’d like to see in the next iteration. This workflow results in customers who get exactly what they want more efficiently than is more efficiently than is possible with an “all-the-requirements-upfront” approach.

Network Modernization & Security Hardening

Technology changes daily, with upgrades, vulnerabilities, and maintenance being a part of that evolution. We find the older a company’s infrastructure gets, the more it costs to maintain. We commonly implement the decommissioning & replacement of these legacy services. This process is usually a weight off the customer’s shoulders as we strive to ensure the replacement is low maintenance and bit-rot resistant. Continued support of antiquated services adds to a system’s long term maintenance costs, so it’s important to design the system to anticipate and minimize those future costs.

image
Vulnerability Assessment

We do an inside-out approach to vulnerability assessments, determining vulnerable services via configuration and architecture analysis. Although we think it’s important to use classic pentesting techniques against public facing services, we find port scans and guess-and-check style assessment usually only catches low-hanging fruit.

image

We are adamant about proper network monitoring. Humans are inconsistent when it comes to boring and monotonous tasks. They neglect to review textual logs, they forget to run system diagnostics, and they forget to review net flow data for signs of intrusion - even if you are paying them to do so. The key is automation, effective dashboarding, and low-false positive active alerting; let the computers do the monitoring and have the humans make decisions.

products

This system aggregates data from multiple sources, each in their own format then normalizes each dataset into defined standards. These standard objects are ingested into a visualizer for easy overview consumption, while the irreplaceable original data is stored compressed and encrypted for later use or reprocessing.

Big Data Normalization and Processing

This system aggregates data from multiple sources, each in their own format then normalizes each dataset into defined standards. These standard objects are ingested into a visualizer for easy overview consumption, while the irreplaceable original data is stored compressed and encrypted for later use or reprocessing.

Zero-Trust Network Implementation

This drop-in solution sits between existing web services and end-users to allow authentication using a more secure password-less architecture that employs physical tokens. Web services are configured with dynamic ingress and egress networking rules that limit lateral movement in the event of compromise. Comprehensive logging is added to identify atypical behavior and isolate the problem at its source..

Portable Infrastructure Services

This project combines several virtual appliances to provide fully on-premise cloud infrastructure (“cloud at home”) offering a modular set of services such as routing, wireless access, authentication, logging, data synchronization and backup, and source control. With setup as easy as booting from a USB drive, this solution is the most portable network implementation you can find. Configurations are organically source controlled and can be easily tracked, secured, rolled-back, or shared and changes to the system are *non-persistent* so you are always running from a known state.

projects

We’re organizing our source code; GitHubs are coming soon.

Logo
Contact Us
logo

Lockstone Technologies LLC

8 The Green, Suite 4000

Dover, DE 19901

© 2022 Lockstone Technologies
All rights reserved
Contact Us