Frequently Asked Questions

Frequently Asked Questions

We focus on highly regulated industries where Privacy Loss Prevention is required by law and corporate authorities to operate are contingent, and relied upon, verifying their privileged data is perpetually protected.

 

We take pride in our ability to learn the fundamentals of virtually any industry or technology, quickly and to regulatory expertise. Some of the markets we serve include Federal and State governments, stock markets, energy companies, defense contractors, healthcare, and more.

Timing and capability. The urgency and demand for verifiably assured privacy has been amplified by the proliferation of remote work and cyber-criminal activities. StandGARD has unique capabilities and understanding of regulated industries to provide immediate, affordable and effective privacy assurance.

You initiate through an online or phone inquiry.  A Customer Service representative will contact you within 24 hours with an assigned Project Leader. Your initial consultation typically last 45 minutes.

 

Depending on the complexity of the project, you should expect to spend anywhere from 10-80 hours working with the Project Leaders documenting your requirements, data architectures, business processes before a collaborative scope of work is established.

 

The Project Leader will coordinate with internal product and service teams to produce an initial project plan, estimate of the materials, schedule, acceptance criteria and preliminary data security architecture.

 

After review and acceptance of the project plan a purchase order is produced and delivered for your acceptance.  In most cases this process takes 7-10 days.

Our technologies simplify data protection and are automatically and continuously active without human involvement or monitoring. They are also used in several NIST NCCoE projects as best practices to reduce cyber-risk across the federal government and to strengthen agencies ability to prevent and detect cyber-attacks.

 

A key innovation of this technology is the placement of security control protections are at the lowest layer in the security stack, as close to the attack surface as possible which is inside of each device and independent of host operating systems or access credentials. Another innovation is the implementation of protection from sabotage, modification, deletion and disclosure at the data block-level.

 

This allows all data on the device to remain encrypted at all times, and only decrypts each data block (and only that data block) on-the-fly, so that if an intruder does penetrate higher levels of the security stack they will not be able to see any content on the device.

 

Our StandGARD™ secure technologies provide a unique capability to provide a Zero Trust Architecture as a microsegment with security controls implemented at the lowest layer in the security stack to protect data from both Disclosure and Manipulation.

 

This is done by implementing patented algorithms into the host (or Gateway) and into the hardware storage (or Device) as close to the attack surface as possible, inside the device with the data itself. These products provide the foundation for regulatory compliance with FINRA, SEC 17a, DoD 5015.2, NARA, GDPR, HIPAA and others.

 

These technologies allow users to determine the type of protection to be enforced (temporary or permanent, and at various levels including data blocks, files, volumes or physical devices), and the frequency of protection (instantaneous, or when a file is closed, or at periodic intervals or specific time of day, nightly, weekly, or on demand).

 

Other technologies may let you know that your data has been compromised, rather than actually preventing it from occurring in the first place, and these are enforced at the software layer as storage appliances. There are several high-profile cases of data being manipulated on these appliances, simply because these use software controls and viruses at a lower layer (e.g. root kit, device driver, virus) circumvent protections.

 

Further, a storage device removed from the appliance, placed in a different computer may modify, delete data or re-format the device and all data is lost. Our approach is unique in that the enforcement is within each storage device already at the lowest layer with the data and cannot be bypassed regardless of system used or credentials.

Placement of the security controls at the lowest layer in the security stack has the key advantage that intruders cannot get to a lower layer to circumvent or bypass the controls. In order to do this, the controls need to be within the hardware itself which prevents any security breach at higher layers (network, operating system, application, IDS systems, etc.) from gaining unauthorized access to the data layer.

StandGARD™ has 12 patents issued for our unique products and technologies.
There are no other products that implement security measures inside of each device to protect data from sabotage, manipulation, deletion, disclosure and re-formatting (intentional or accidental).

 

These products are high-capacity, high-speed, and have a long reliability and shelf life. Other “secure storage” products are software-controlled enforcement which can, and have been bypassed. They also have the vulnerability of a bad-actor removing a storage device, placing it into a different computer, changing data or re-formatting the device, causing data sabotage or manipulation and data loss.

 

Our technologies prevent these types of data damage since the enforcement is within each individual device and continuously protects the data regardless of which computer system is used.

  • NIST SP 800-207 “Zero Trust Architecture” https://csrc.nist.gov/publications/detail/sp/800-207/draft
  • NIST SP 1900-25 “Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events”
  • https://www.nccoe.nist.gov/projects/building-blocks/data-integrity/identify-protect
  • NIST SP 1800-11 “Data Integrity: Recovering from Ransomware and Other Destructive Events”
  • https://www.nccoe.nist.gov/projects/building-blocks/data-integrity/recover
  • NIST SP 1800-10 “Protecting Information and System Integrity in Industrial Control System Environments”
  • https://www.nccoe.nist.gov/projects/use-cases/manufacturing/integrity-ics
  • DISA Testing and Report: “Assessment Report WORMdisk and CYBERdisk”
  • DHS Cybersecurity and Infrastructure Security Agency (CISA) CDM Approved Products List (APL): Zero Trust Storage.

These products improve the security posture of government agencies and their ability to survive a cyber attack which would otherwise destroy data and prevent access to systems and operations. Zero Trust Architecture for all corporate cyber defenses provides a physical layer of defense that cannot be found elsewhere in the IT marketplace today.

Disclosure or unauthorized read access leads to intellectual property theft, loss of military technology advantages, loss of the use of intelligence assets, PII or HIPAA violations, potential reputation damage or embarrassment and other calamities.

 

Manipulation or unauthorized write or delete access may include sabotage, deletion, Ransomware or other attacks leading to system outages, loss of operations, denial of on-line financial or other services, loss of utilities, transportation and other services, election manipulation, the defeat of weapon systems, or simply going out of business from bad decisions based on faulty data. 

 

These products strengthen the cyber-security posture against these types of attacks on data files, documents, financial records, log files, scripts, authentication databases and other sensitive content. It is critical to secure the operating system and application executable code, configuration files and sensitive data to prevent malicious code injection that would compromise or circumvent the Data Confidentiality security controls that have been implemented. 

 

Immutable un-corruptible backups and archives are needed in the event of a disaster. Backup versioning to immutable storage provides a trusted and rapid on-line recovery from cyber-attack events. Zero Trust Storage is used like ordinary storage devices and serves as the target media for backup software utilities providing very fast I/O capabilities with the added advantage of be able to remain online and survive Ransomware and other destructive events. 

Zero Trust Devices™ are used as the secure storage on four best practice projects with the NIST NCCoE Data Integrity, Data Confidentiality, Protection from Ransomware and other Destructive Events and Protecting Information and System Integrity in Industrial Control System Environments. Security use cases include: 

  • Voting Machine Integrity: Votes immediately stored and locked-down preventing manipulation or deletion and optionally encrypted on-the-fly for each individual vote as it is cast. No internet connection or access to any other machine needed. 
  • “Gold Image” Content: Ensures executables, configuration files and data are pristine for Disaster Recovery. – Firewall and Audit Log Files: Prevents manipulation of security logs. Hackers cannot delete log entries to cover their tracks. 
  • Fraud Prevention: Files, documents, contracts cannot be altered or deleted. 
  •  Critical and Immutable Data: Important documents, contracts and acquisition, digital evidence, legal records, files, pictures, video, records retention (financial, personnel, tax, land, and other files). Neutralizes Ransomware and other viruses. 
  • Backups, Archives, email Repositories: Trusted safely protected, can’t be deleted or held hostage by Ransomware. Reduces the frequency and volume of data to be backed up for data. 
  • Eliminates digital evidence “chain of custody” issues: As long as the storage device is available, questions on content integrity are eliminated since content cannot be manipulated or deleted.

These products are easily integrated into existing applications and are used the same way that conventional storage devices are used. There is no change required for the applications, simply save files to these secure storage devices.

 

For example, Office applications like Word or Excel may save files as the D: drive on a laptop, PC or server, or a mount point, network path, or drag-and-drop to secure cloud storage from any device. In another example, nightly backups or data base exports may directly store to these products.

 

Voting machines may record to these devices and each vote is immediately encrypted and locked down preventing sabotage, manipulation, deletion or re-formatting. APIs and examples are also provided for integration into customized application use cases. Audit log file entries are generated in CSV format for easy export into SIEM systems.

Our products are “plug and play” and support standard operating systems, interfaces, applications, file systems, browsers and sharing protocols. We support microSD, USB thumb drives, individual SATA devices, NAS/SAN servers, Web storage servers, and in hybrid and private customer-owned secure cloud storage.

 

Our secure cloud storage eliminates expensive data download fees associated with traditional cloud storage. It also provides the ability to deliver original content and media for digital evidence and chain-of-custody legal issues.

These products scale across all platforms including IOT devices, weapon systems, cameras, embedded systems, tablets, smartphones, laptops, workstations, servers, and in the cloud. They may be dedicated devices or network shared and provisioned as needed as a service with unlimited scalability.

These products work across various platforms, operating systems, file systems, file formats with a variety of media formats including microSD, USB thumb drives, SATA/eSATA devices, Enterprise NAS/SAN storage servers, web services and unlimited in hybrid or private cloud storage.

There are various types of technologies to protect data from manipulation and deletion, some like optical media including Magnetic Optical, CDs, DVD and Blu-Ray are hardware technologies. Many are older technologies, are low density and slow, and require a special mechanical drive to read and write content. Tapes may be good for long-term archive but not usable for high speed access. WORM software based appliances have been hacked and the software can be bypassed by removing the storage devices and inserting into a different system. They also require extensive technical skills to operate and are expensive. With Zero Trust Storage, none of the limitations of the above points apply.

StandGARD™ Zero Trust Storage consists of proprietary technologies in various form factors including microSD, USB thumb drives, disk drives, NAS/SAN servers, Web servers, and each are available is on-prem or hosted cloud storage. The storage devices may be purchased separately, or as integrated turnkey appliances with all hardware and software installed and configured.

 

StandGARD devices provide the capability to automatically protect (locked down from sabotage and encrypted) each data block, on-the-fly without action other than to save the data. And can provide lock-down and optional encryption for conventional file systems like NTFS, ExFAT, FAT32, ext3, ext4, UDF, and other file systems, and provide the capability for users to make decisions on the type of protection (temporary or permanent) and when to protect (immediate, chosen time, on demand, etc.).

Top