Organizations we support
Military
Defense Community
Sensitive and Classified Materials at the Edge
dib-star
Defense Industrial Base
Safeguard Sensitive and Classified Data at the Edge
Intel (2)
Intelligence and Special Ops Community
Secret Data in Extreme Environments
FedCiv-2
Federal Civilian Solutions
Protection of Sensitive Data from Lost Device and Remote Attacks
Local or Remote Admin
Commercial Solutions
Data Protection for the Modern Workspace
Devices we protect
Frame 84
Servers / Enterprise
Frame 85
External Media
Industrial Control Systems
Industrial Control Systems
Frame 87(1)
Unmanned Vehicles
Portfolio
Products
Who we partner with
Handshake
Partnership
Cigent Ecosystem of Device and Service Partners
Resources
Downloadable Assets
Whitepapers, eBooks, Infographics, and More
Blog
Read articles on all things cyber security.
Learn More About Cigent
News from Cigent
4 min read
Discover best practices for protecting sensitive ..
4 min read
Explore how disk cloning and data destruction can ..
Menu Close
Market - Tank (3)

Advanced Data Recovery Protection

Ensuring data edge is protected against sophisticated threat actors

Evolving mission requirements and technical innovation has resulted in the proliferation of devices at the edge. These devices will collect, process, and store sensitive data that will be vulnerable if adversaries gain physical access.

Sophisticated actors can employ advanced data recovery (ADR) techniques and technology to defeat protection measures.

Cigent Secure Storage Solutions utilize layered data protection utilizing proven methodologies and patented technologies to stopADR.
18

Cloning

Typically utilized when an actor has physical access, it utilizes COTS or open-source software (e.g., EaseUS, DD, Clonezilla). The software creates an exact copy of the device’s hard drive, including the operating system, installed programs, and all data. Cigent prevents cloning by locking all data ranges. With hidden encrypted partitions data is secured even if a device is in use.

Sniffing

Low Pin Count (LPC) Bus Sniffing

Cigent PBA and encryption key management effectively defeats these attacks. The keys are not visible to intercept and recreate the recovery key to authenticate. This approach requires physical access to a device and is used when software full drive encryption is in place. An actor utilizes tools to gain key access by intercepting the communication between the LPC Bus and TPM Module.Cigent utilizes full drive hardware encryption where keys are not stored in the TPM. Additionally, PBA provides a separate secure authentication environment.

Hex Editor

Hex Editors

A hex editor is a forensic tool that reads the binary data of a drive or file and displays the binary data in hexadecimal format. With a hexeditor, an actor can see or edit the raw and exact contents of a file, circumventing protections or identify gaps.Preboot Authentication prevents the hex editor from reading because the device is powered off and encrypted. If a hex editor is used, it won’t be able to read the data contained within a hidden partition.

Other Attacks

Other attacks

A multitude of other attack vectors exist including remote attacks using living-off-the-land binaries and data recovery tools including WinSCP, Putty, SSH. Nation states and other advanced actors are continuing to develop new approaches.Cigent utilization of PBA and MFA complemented with advanced protection features including Hidden Partitions and Storage Embedded AI, prevents unauthorized access from any data recovery approach

Layout 1 (1)
Cigent Protection

Protection for Data at the Edge

Clone and wipe

Cloning is the process of duplicating data from the hard drive which may also include data wiping. Various techniques exist with actors utilizing COTS or open-source software (e.g., EaseUS, DD, Clonezilla) to nearly instantly clone the hard drive and/or initiate wipe. Typically executed with physical access but can also utilize Bluetooth or other wireless connections.

Cigent protection: Hardware Full Drive Encryption, Hidden Partitions, and AI

Data in encrypted state is unreadable with all ranges locked, preventing data from being cloned or wiped. When device is at rest hardware full drive encryption with PBA prevents access. If the device is powered-on data stored in hidden partitions remains encrypted with locked ranges.

Additional protection is provided with Cigent embedded AI data monitoring that monitors access patterns and will instantly lock all data upon detection of cloning attempt.

Rectangle 3 (3)

Alternative OS Boot

Advanced actors may employ an alternative OS boot to circumvent encryption protection. The approach tricks the device into exposing encryption keys by interrupting the boot process with an alternative OS. Once the adversary gains access to the encryption keys the encryption protection is disabled.

Cigent Protection: PBA with MFA

Alternative OS Boot can be prevented using PBA. PBA provides a separate, secure environment for user to authenticate prior to booting device. This prevents the insertion of an alternative OS. PBA protection can be further enhanced utilizing Cigent MFA providing separate credentials to validate user authorization.

Rectangle 3 (3)

Hex Editors

A hex editor is a forensic tool that reads the binary data of a drive or file and displays the binary data in hexadecimal format. With a hex editor, an actor can see or edit the raw and exact contents of a file, circumventing protections or identify gaps.

Cigent: PBA and Hidden Partitions

Pre-boot Authentication prevents the hex editor from reading drives because the data remains encrypted and inaccessible. Additionally, when a device is in use, data stored within hidden partitions also remains unreadable with ranges locked.

Rectangle 3 (3)

Low Pin Count (LPC) Bus Sniffing

This type of data recovery technique requires physical access to a device. It is used when software full drive encryption has been employed. If an organization has not set up a second factor authentication method (e.g., a PIN) a threat actor uses tooling to gain key access by intercepting the communication between the LPC Bus and TPM Module.

Cigent Protection: PBA and Encryption Key Management

Cigent PBA and encryption key management effectively prevent these attacks. The keys are not visible to intercept and recreate the recovery key to authenticate.

Rectangle 3 (3)

Quantum Computing

While quantum computing has not been practically applied to defeat cryptography it is only a matter of time. There have been continuous improvements in stability and performance, including China’s 2024 announcement of a 504-Qbit chip that is claimed to be 180 million times faster than the fastest supercomputer. Quantum computing’s speed and ability factor large integers will inevitably significantly disrupt current crypto protection methodologies.

Cigent Protection: Partitions, AI, and Verified Data Erasure

Cigent provides the ability to create secure partitions that can only be accessed with step-up authentication. Those partitions are unreadable at the sector level even if an adversary gets direct physical or remote access and logs into the operating system.

Cigent has embedded AI in its Cigent Secure Storage that monitors data access patterns. This unique protection attempts to clone the drive and automatically locks thwarting a cloning attempt.

The only full-proof approach to ensuring data cannot be compromised by quantum is to ensure it is permanently erased. Cigent provide patented verified data erasure that scan block-by-block to ensure that all data is erased and forever unretrievable.

Rectangle 3 (3)
TAGLINE

The Cigent Advantage

Cigent is prepared to support your mission navigating the complex compliance requirements to protect data at the edge. Its solutions were developed for and with US Federal agencies with deep expertise in data protection. Cigent protections have been thoroughly tested and validated by leading Federal agencies including MITRE, NIST, NSA, NIAP, the Air Force, Cyber Resilience of Weapon Systems (CROWS), and NSSIF (UK).

To ensure availability and provide flexibility, Cigent works with leading drive manufacturers including Digistor, Kanguru, and Seagate and Cigent offers our own branded drives.

iStock-814367282

ebook

Get the Comprehensive Solution Overview

Cigent provides a resilient defense that stands strong against even the most formidable threats, ensuring that your data remains safe, secure, and protected at all times. Our comprehensive solutions eBook gives you the full details.

eBook-Cigent-Company-Overview-11-21-2024_01_41_PM
Resources / Blog
Introduce resources that can
provide value to the visitor
4 min read

Edge Computing Requires Edge Security: Best Practices for Protecting Sensitive Data at the Edge

Discover best practices for protecting sensitive data at the edge with Cigent's insights ..

4 min read

Prevent Data Security Issues with Disk Cloning & Data Destruction

Explore how disk cloning and data destruction can prevent security issues. Learn how to ..

Blog 4 min read

FIPS 140-2 & FISMA — Understanding Cybersecurity Compliance for Cryptography Modules

Learn about FIPS 140-2 and FISMA compliance for cryptography modules, essential for ..

Frequently Asked Questions

Check out the answers to some of most frequently asked questions about Cigent, what we do, and how we do it. Don’t see your question on the list? Click the BOOK A DEMO button in the top right corner of your screen to learn more about us during a custom demo.

What does Cigent do?

Cigent protects data on devices operating at the edge from unauthorized access. Cigent solutions secures data at rest with layered protection including hardware encryption, pre-boot authentication, and multifactor authentication. Cigent also ensures data integrity when the device is in use preventing wiping and cloning and other data attacks.

What is Advanced Data Recovery?

Advanced data recovery (ADR) includes a variety of techniques and technology that can be utilized to recover data from a device. ADR is not necessarily malicious as it can be utilized for the legitimate recovery of data when a device may have been physically damaged, data was inadvertently erased, or other incidents. However, actors will use ADR to circumvent protections for the secure storage of data.

How does Cigent prevent malicious Advanced Data Recovery?

Cigent employs layers of security to prohibit unauthorized data access. The foundation of Cigent protection is the combination of AES 256 full drive hardware encryption coupled with pre-boot authentication (PBA), and multifactor authentication (MFA). This combination of technologies delivers high-confidence protection for data at rest. In addition, Cigent has advanced, patented features that provide additional security and extends data protection throughout its lifecycle. These include hidden partitions with locked data ranges, storage embedded AI monitoring data access patterns, secure data logs documenting all data activity, and verified data erasure.

Does Cigent use Artificial Intelligence to prevent Advanced Data Recovery?

Cigent data at rest protection foundation is full drive hardware encryption. Cigent complements this with patented storage embedded AI that monitors data access patterns. AI embedded within the storage continually monitors data access patterns instantly securing data when anomalous behavior is detected. This includes detection if an adversary attempts an alternate O/S boot approach. The AI capabilities provide an additional tamper-proof monitoring that extends Cigent protection for ADR.

Still have questions?

Learn more about Cigent and our solutions by downloading our company overview.

Card

Cigent’s Federal Data Protection Solutions are second to none

Learn more about how Cigent can help you achieve your mission and protect data at rest and data on the edge from all forms of attack.