CIPHERFORT

O celular mais seguro do mundo para ambiente corporativo e pessoal

KAYMERA Technologies
Mobile Threat Defense Solution – SaaS Model

INTRODUCTION

This document describes Kaymera’s product portfolio of innovative mobile defense technology.

ABOUT KAYMERA TECHNOLOGIES
Kaymera was founded in 2013 by veterans in the cybersecurity industry with in-depth knowledge
and expertise in mobile cybersecurity and cyber-attack methods.

Kaymera’s solutions deliver the world’s most advanced mobile cyber defense technology, designed
to protect organizations, governments, and professionals against all mobile security threats with
military grade mobile cyber defense enhanced user experience.

Kaymera’s mobile defense solutions are already deployed globally both in governments and
commercial organizations.

OUR PRODUCT PORTFOLIO
Our product portfolio is the result of our extensive experience in the mobile security industry, and
successful relationships with customers. It is based on innovation and expertise in cyber defense
technology and constant updates of security threats.

Our products include:

  • CipherFort Secure Device Solution, a best of bread military-grade mobile security solution for data protection.
  • CipherWatch Adaptive Mobile Threat Defense (AMTD), a robust, enterprisecentric, risk-based, contextual and privacy aware mobile security solution, with secure communication application for iOS and Kaymera users for cross-platform support.
  • CipherBond, Kaymera’s secure communication application allows to communicate securely across platforms between users of Kaymera’s secured device and Android/iOS applications.
  • Cyber Command Center, Management Console that displays real-time information of the organization’s security status: usage statistics, devices risk level, system messages and real-time alerts and device attacks.

CIPHERFORT SECURED DEVICE SOLUTION

The CipherFort - KAYMERA 360° solution is based on hardened, off the shelf smartphone devices,
installed with a proprietary secured version of Android OS and backed by a secured communication
and content management infrastructure with the ability to effectively protect against a wide range
of mobile threats while providing maximum usability and standard smartphone functionality.

SOLUTION KEY-BENEFITS
The solution Key-Benefits includes the following:

  • Seamless integration into the phone native Android OS, providing ultimate security with maximum usability and transparency.
  • Total protection against voice, text, and data communication interception as well as Trojan Attacks, MITM attacks, Applications accessing private/confidential information or physical extraction of data in cases of loss/theft/unauthorized physical access.
  • Seamless network signature, standard "off-the-shelf" high-end devices.
  • Data leakage prevention, by allowing smart apps permissions management.
  • End-to-end secure communications, for voice, text, group messaging and file sharing.
  • Mobile security management console, for monitoring the organization’s mobile devices status and allowing the security and IT team to mitigate attacks in real time.
  • Centralized application permissions management, for better controlling which application gets access to private and organizational data.
  • Multi-platform support, allowing secured communications between Android, iOS and the office PBX telephony system.

SOLUTION HIGH-LEVEL ARCHITECTURE
The solution high-level architecture is described in Figure 1.

Figure 1: KAYMERA Solution High-Level Architecture

KAYMERA OS – THE END-USER SECURED MOBILE SOLUTION

The end user device is based on the KAYMERA OS, a highly secured operating system, built from
the bottom up to maximize device protection with highest standards of usability as provided by
the stock Android platform.

1. Device Protection

The device is protected from all known attack capabilities, including:

  • Network Interception: All voice, SMS and internet communications are protected.
  • WiFi: protected from interception, data manipulation, and infection.
  • SS#7 attacks: protected from tactical and Service Provider signaling manipulations.
  • Data extraction: protected from physical extraction means.
  • Trojan horses (APTs) and Malware attacks: full permission control policy over hardened OS

2. Risks Detection

When the device is under attack or in a risky environment, real-time alerts will notify the user on
its mobile device, with optional suggested mitigation. This will allow the user to identify when his
device is under attack and act accordingly.

3. Integration with SOC and SIEM solutions (Optional)

Kaymera’s solution generates real-time alerts when one of Kaymera’s devices is cyber-attacked,
when a user activates the panic mode or when a predefined condition is trigged.

The integration specification includes the following specification:

  • Integration is based on REST API and JSON protocol
  • API documentation is available for easy implementation
  • Management dashboard statistics, including cyber-attack alerts and panic mode alerts, can be viewed by SOC / SIEM system users
  • Additional customization and knowledge transfer is available upon request

4. Maximizing usability

The KAYMERA OS is available on a set of high-end devices. Currently supported models:
LG Nexus X5, Huawei Nexus P6, Google Pixel and Pixel XL.

The KAYMERA OS keeps the highest standards of usability by using the latest versions of the
Android OS platform. By that, KAYMERA OS allows you to:

  • Stock Android Experience.
  • No pre-installed vendor bloatware.
  • Support for latest versions through Secured Off-the-Air (OTA) updates from KAYMERA.

Figure 2: Google Pixel with KAYMERA OS

KAYMERA MANAGEMENT CONSOLE

The KAYMERA Management console allows IT and Security Managers with complete control over
the end-users' mobile environment for mobile security purposes, including:

  • System management console with multi-tenancy support
  • Full network monitoring and device management
  • Enforcement of the organization risk policies
  • Reports generation

Figure 3: KAYMERA 360° Management Interface

SOLUTION SPECIFICATIONS

CipherFort Solution Specifications are described in Table 1.

Table 1: CipherFort Solution Specifications

Tipo de segurança

Descrição

Segurança do aparelho

  • High-end off-the-shelf Android smartphone in accordance with KAYMERA supported devices list.
  • Encrypted storage securing data-at-rest.
  • Protection against physical extraction of data.
  • Remote wipe.
  • Remote device locking.

Segurança de comunicações

  • Strongly encrypted voice calls in highest quality.
  • Integrated encrypted messaging: immediate messaging, secure attachment sharing and time-limited selfdestructing messages.
  • Always-on persistent VPN.
  • PKI cryptosystem stored in a hardware protected keystore.
  • Robust encryption framework leveraging 2048 bit RSA cryptosystem with AES 256-bit symmetric session keys.

Sistema operacional segura

  • The core of KAYMERA’s robust layered defense system: Encrypt, Protect, Prevent, Detect.
  • Resource control framework for prevention of data leakage and misuse of device resources.
  • Immune to advanced persistent threats and malware.

Sistema de gerenciamento do aparelho

  • Centralized mobile device security management framework.
  • Manage and enforce app permissions, security protocols and policies on a corporate, group and device level.
  • Dashboard view of threat and device activity in the network.
  • Real-time security posture and risk level assessment and deployment of countermeasures.

Segurança pessoal

  • Sensors that monitor and alert in real-time on device penetration attempts and Man-in-the-middle attacks.
  • Embedded personal alarm system (Panic Mode).

SOLUTION COMPONENTS

The solution main components are described in Table 2 below.

Table 2: Solution Component

Componente do sistema

Descrição

Smartfone da Kymera baseado em SO

  • End-user handset
  • A predefined set of supported mobile devices installed with Kaymera’s proprietary secured version of the Android OS – theSecured Kaymera OS.

Consola de gerenciamento

  • System management console with multi-tenancy support
  • Enables full network monitoring and device management
  • Enforcement of organization and risk policies
  • Reports Generation

Servidor PBX seguro

  • Handles secured communication from and to Kaymera devices connected to the virtual network
  • Provides the ability to communicate to non-secured devices seamlessly from the Kaymera devices in a semi-secured manner by terminating encryption on the Secured VoIP infrastructure’s end and continuing through open cellular or landline channel using SIP Trunk Services
  • Enables integration into commercial IP based organizational landline PBX systems

Servidores proxy seguros de mídia

  • Provides a high quality of service for VoIP based conversations for wide GEO coverage.
  • Bridges multiple devices connected to different networks in different GEO locations
  • Improves system scalability and communication performance
  • Provides global functionality of network secured communication with best performance and quality in mind.

GW seguro de dados

  • Manages and balances secure data connection across all secured devices
  • Enables high availability and best usage of bandwidth and infrastructure.

SECURE DEVICE OFFERING PACKAGES

Kaymera offers 2 types of packages for its Kaymera secure device solution.
The package options are described in Table 3.

Table 3: Kaymera Plus and Kaymera Premium offering packages

Tipo de segurança

Descrição

Kaymera Plus

  • Secure device handset - KAYMERA OS software license
  • Kaymera Management Console unlimited access
  • Kaymera framework environment software license
  • Secure communications for voice, messaging and VPN.

Kaymera Premium

  • In addition to the Kaymera Plus offering, the Premium package includes the following capabilities:
    • Location Tracking Module
    • KAYMERA Secure Communication iPhone App software license

Package 1: Kaymera Plus
The Kaymera Plus package includes the Kaymera Secure Device solution for on-premise
implementation, allowing the customer to be fully independent when operating the solution.

The customer has full access to the management console and can define his own security and
configuration policies for groups of users or individual users. The VPN and the secure
communication capabilities are based on customer’s infrastructure and under his full control.

The Kaymera Plus package includes a license for the following items:
Secure device with KAYMERA secure OS software license

  • Management Console unlimited access
  • Kaymera framework environment software license
  • Secure communications for voice, messaging and internet traffic (VPN)
  • Kaymera detectors and real-time alerts
  • Malware prevention and applications policy definition
  • Personal security features (including Panic Mode)

Package 2: Kaymera Premium
Kaymera’s Premium solution adds the following capabilities to the Kaymera Plus package.

Location Tracking Module

The Location Tracking Module provides the security manager of the organization with the ability to
monitor the location of every Kaymera user in real time through the Kaymera Management Console.

Location Tracking Module is especially important for first responders and special operations units
where real-time location synchronization is critical for mission success. By locating critical personnel
in real time, command and control managers can direct and follow their users with real-time
navigation and location sharing.

The module shows the accurate location of selected users on a map, seamlessly affecting user
activity and with minimum effect on battery life.

Secure Communication Application for iPhones

The premium package also includes free software licenses of Kaymera’s Secure Communication
Application for iPhones.