Skyport Sytems has used the NFD11 to show the first time their new innovativ product.
Skyport is a startup company with a very unique product that brings a new layer of security to the table.
Basicly you can verify that a server is not compromised for e.g. by a rootkits. The problem is to verify that a server is not compromised these days. To survive a wipe/installtion process, rootkids are placed in HW componetnts like e.g. the Firmware of HardDisks and SSDs. Even with a fresh OS installation the server would be immediatly compromised again. At the moment it is hard to address this attack vector. Skyport positioned their product as an extra layer of security for the high mission critical appliactions. How does it work ? Skyport has shown a Hardware based NIC that has TPM Chips, CPUs and RAM. So all the hardware and firmware inside of a server can by verified and inspected.
It is also possible to control and manipulate the traffic that goes across the Skyport hardware. Besides Firewall functionsalitys you have with Shield WEB Application a Crypto Creditional Proxy that can act as an encryption break up point so that SSL encrypted data can be inspected here as well.
You also get new Logging capabilities for your Skyport protected servers. Of course you can run a Virtualization Hypervisor on a Skyport protected Server.
Network Autobahn View:
We have to protect a System against attackers in all possible ways. Skyport adds an additional layer of security and addresses an attack vector that is not covered by any other classic security solution that I am aware of.
Will we deploy a Skyport NIC to all our servers ? Maybee not, but for the buissness critical application I see a pretty sharp usecase.
For more informations check out the Video from the NFD11 Skyport presentation: