brochure
DESCRIPTION
ÂTRANSCRIPT
![Page 1: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/1.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Wave Systems Corp.
Steven Sprague
President and CEO
![Page 2: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/2.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Wave Systems Corp.
Over 23 years focused on hardware-based endpoint security
Wave is the leading trusted computing hardware Independent Software Vendor
Publicly traded on NASDAQ (WAVX) since 1994
First to provide Enterprise solutions leveraging Trusted Platform Modules (TPM), Self-Encrypting Drives (SED) and related authentication solutions
80+ million copies of Wave client software products shipped in 30+ languages
500K+ Enterprise customer seats deployed globally , including G500 customers in various verticals.
16 issued patents and 36 patents in-process
Founding member and Permanent Board Member of the Trusted Computing Group
2
![Page 3: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/3.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
A little history from the cellular industry C
lon
ing
Inci
de
nts
Time
Introduction of Device ID in cellular
US Analog to Digital conversion
3
![Page 4: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/4.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
The Future is Mobile !!
BUT what is mobile???
Is it based on size – Small (IPAD?)
NIST NIST 800-124 draft says: An operating system that is not a full-fledged desktop or laptop
operating system
Microphone is optional??
Get’s SMS? RINGS? …..
4
![Page 5: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/5.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Mobile IS
The Transition from a network based on connections to a network
based on identity
With a mostly message based transport not link based
A services and subscribers model
Device ID
The Networks WiFi – 4G - wired
Service
Device ID
5
![Page 6: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/6.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Therefore:
Every enterprise is it’s own little carrier
So every device is going to need a SIM module or equivalent
Trusted Computing the
Foundation of Modern network architecture
Enabling only Known devices
Reducing Reliance on users
Improving usability by transitioning training of the user to policy
6
![Page 7: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/7.jpg)
• The Trusted Computing Group (TCG) is an international industry standards group
• The TCG develops specifications amongst it members
• Upon completion, the TCG publishes the specifications
• Anyone may use the specifications once they are published
• The TCG publicizes the specifications and uses membership implementations as examples of the use of TCG Technology
• The TCG is organized into a work group model whereby experts from each technology category can work together to develop the specifications
• This fosters a neutral environment where competitors and collaborators can develop industry best capabilities that are vendor neutral and interoperable
7
![Page 8: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/8.jpg)
Copyright© 2010 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #8
Mobile Phones
Authentication
Storage
Applications •Software Stack
•Operating Systems
•Web Services
•Authentication
•Data Protection
Infrastructure
Servers
Desktops &
Notebooks
Security
Hardware
Network
Security
Printers &
Hardcopy
Virtualized Platform
Trusted Computing Group Standards
![Page 9: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/9.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
What is a TPM
It’s a chip on the mother board
It is the Trusted Root for device identity
It is on 600 million shipped PC’s
It is on all Windows 8 Mobile devices
It will be on all smartphones
It stores Keys that can’t be copied
It is the foundation of Trusted Execution
It is the foundation of High Assurance Platform
You already deployed and paid for it !
9
![Page 10: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/10.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Trusted Computing standards = Best Cyber Investment
Hardware already deployed
TPM enabling tools are available for deployment at scale
Network stack is already in place for SSL and IPSEC
Most Effective Cyber Tool Ever Deployed
Known Device
10
![Page 11: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/11.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Evidence of Return on Investment
DOD pays $100’s to manage a PC
Hope it’s their device
Hope HBSS is running
Hope it has Data at Rest Encryption
Hope it has been patched
Apple spends $20
Only know devices on ITunes - Each user gets 5
Only whitelisted software runs on the device
Tamper resistant apple keys for content based control
Verizon spends Less
Only known devices
Only known software
11
![Page 12: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/12.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Leveraging the Device not the User
Make the device Safe to lose
TCG Self Encrypting Drives
TCG Opal standard for all storage
Enterprise proof of encryption if lost
Assure that the device is not compromised
TCG Bios integrity NIST 800-147 + 800-155 (draft)
Secure Boot
TNC + Device ID server for TNC in the cloud
12
![Page 13: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/13.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Self Encrypting Drives
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
SEDs have their own processor and RAM – making them impervious to software attack.
Encryption keys are stored in the drive controller chip and never leave. No management required.
Always-on AES encryption means all of the data is protected all of the time and cannot be turned off.
Drive-level authentication blocks all read/write functions until the user is verified.
Support SATA interfaces and are FIPS 140-2 certified. Available in spinning disks or solid state. A wide selection from Hitachi, Micron, Samsung,
Toshiba and Seagate Seagate has shipped over 1M drives
Dell, HP and Lenovo sell SEDs for little to no added cost
TCG Opal Self Encrypting Drives (SED) were introduced in 2009
![Page 14: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/14.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Substantially lower Total Cost of Ownership than Software Encryption
Key Savings in Lower Operations Cost
Potentially fastest ROI to IT
If you are in a cost sensitive environment – the sooner you migrate the bigger the savings
Invisible to End User
No performance degradation
Single Sign on
Supports CAC, PIV, Biometrics
Business Case to migrate on OS upgrade
Save money upgrading to WIN 7
Save money when repairing machines
Why Self-Encrypting Drives - SEDs
14
![Page 15: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/15.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
0.00 10.00 20.00 30.00 40.00 50.00 60.00 70.00 80.00 90.00
Read
Write
Extensive Data Read / Writes
Seagate Momentus 7200 Seagate Momentus 7200 SED
0.00 10.00 20.00 30.00 40.00 50.00 60.00 70.00 80.00 90.00
Software Encryption #3
Software Encryption #2
Software Encryption #1
Avg Software FDE
Seagate SED
Seagate (No Encryption)
Drive Throughput - Heavy Data Reads
1 Trusted Strategies LLC, "FDE Performance Comparison, Hardware versus Software Full Drive Encryption" February 9, 2010
Software FDE
has major
performance
impacts on
drives and
processors
SEDs have zero impact on drive performance
15
![Page 16: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/16.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
1 Trusted Strategies LLC, "FDE Performance Comparison, Hardware versus Software Full Drive Encryption" February 9, 2010
41.26
54.76
26.37
40.80
23.22
21.42
0.00 10.00 20.00 30.00 40.00 50.00 60.00
Software Encryption #3
Software Encryption #2
Software Encryption #1
Avg Software FDE
Seagate SED / Wave Embassy
Seagate (No Encryption)
Time to Return from Hibernation
23 Hr 46 Min
8 Hr 9 Min
3Hr 16 Min
0 Minutes - Data Encryped as loaded
0 200 400 600 800 1000 1200 1400 1600 1800 2000
Software Encryption #3
Software Encryption #2
Software Encryption #1
Self Encrypting Drive
Time Required to Encrypt Drive
SED encryption is virtually instantaneous
16
![Page 17: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/17.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
1 Trusted Strategies LLC, "FDE Performance Comparison, Hardware versus Software Full Drive Encryption" February 9, 2010
200 MB/Sec
150 MB/Sec
100 MB/Sec
50 MB/Sec
0
Drive Throughput – Heavy Reads/Writes
Hard Drive
w/Software FDE
37
Seagate
Self-Encrypting
Drive
67
SSD
w/Software FDE
67
Samsung SSD
Self-Encrypting
Drive
167 SEDs:
Optimal
HDs / SSDs with Software FDE – Bad Mix
17
![Page 18: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/18.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Other features of SED Opal drives
Primary mechanism to bind user to device
Always encrypted so solid state is protected
Better trust infrastructure enables proof of encryption
Machine can be reimaged without affecting Encryption
Multiple partitions allow very strong Isolation
Full integration with Smart Card authentication
Cheaper better stronger faster easier……
18
![Page 19: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/19.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
SP 800-147
BIOS
Protection
Guidelines
Standards
SP 800-155
BIOS
Integrity
Measurement
Guidelines
Preventing unauthorized modification of BIOS
Establishing a secure BIOS integrity measurement and reporting chain
19
![Page 20: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/20.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Standards
TPM Deployment
Improvements
Device Identity
Wave Endpoint Monitor
Endpoint Health Solution
The Wave solution provides a trust infrastructure for remotely managed PCs:
TPM-based: provides a hardware root of trust
Strong machine identity: ensures it is a “known” device
PC integrity measurements / TNC ensures that the device is in a known state before the OS loads
Getting back to basics - In an enterprise environment, legitimate firmware is absolutely necessary
20
![Page 21: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/21.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Quoting process
Data Upload
Wave Endpoint Monitor
Query Reporting
Alert notification
Export
PCR data collection
BIOS Integrity Reporting For Secure Boot
Monitors Endpoints
Capabilities Reporting
Integrates With TNC
Data Analysis, Reporting And Export
PC or Mobile
Bios Integrity Management
21
Monitoring Analysis
![Page 22: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/22.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Windows OS loader
UEFI Boot
Windows kernel and
drivers
AM software
Boot policy
AM policy
3rd party software
Secure Boot prevents malicious OS loader
1
2
TPM 3
Client Attestation
service
4
Client retrieves TPM measurements of client state on demand
Client Health Claim
Windows logon
Malware Resistance: Architecture Win 8
Measurements of components including Anti-malware software are stored in the TPM
22
![Page 23: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/23.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Putting it all together
BIOS Integrity
Management
Opal Drive –
Pre OS load
Bios Check +
User Auth PIN
DirectAccess
With TPM+
BIM Domain Logon
W/ SC or TPM OPAL sourced Trust
TPM sourced Trust
• Two independently sourced COTs systems
• Trusted Pre-OS Pin entry
• All machines Policy managed if connected (mobile)
• Users Have no credentials – no Phishing
• Simple to manage simple to use
OS START
23
![Page 24: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/24.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Trusted Computing Challenges
No experience with deployment
It’s not just security its how the network functions and user experience
Industry built SED and ???????
Early value lays foundation for enhanced needs – Enhanced needs are needed now but we still need to build the foundation
24
![Page 25: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/25.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Trusted Computing Use Cases for Mobile
25
Consumer Enterprise •Mobile Banking •NFC Mobile Payments •E-Wallets •Content Protection – DRM •E-Health Application
• Strong Authentication / Network Access Control •Device Integrity •Data Protection • Secure Messaging
•Machine Identity •Device Management • Identity Management • Secure Apps •Device Interconnectivity
* TCG Mobile Phone WG Use Cases V1.0 and V2.0
Joint
![Page 26: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/26.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
TPM in Smartphone
Device Identity – Issuance of Credential Keys Platform, Component, Application Attestation/Integrity Industry Standard, Cross Platform Interoperability
Keys -
Roots of
Trust
m/Trusted Platform Module
Wave Systems mTPM Key & Management
Server
Wave Systems mTPM
Attestation / Integrity Server
26
![Page 27: Brochure](https://reader035.vdocuments.mx/reader035/viewer/2022070503/568c366c1a28ab023597f9b1/html5/thumbnails/27.jpg)
© 2012 Wave Systems Corp. All Rights Reserved.
Time to start
Put SEDs on all new machines
Put TPM client management software on Gold image
Key every TPM prior to deployment of the machine
Leverage BIOS Integrity and Device ID in all Network services
Only Known machines
27
Steven Sprague President and CEO +1 413-243-7017 [email protected]
www.wave.com