About Blue Ridge Networks
Headquartered in Chantilly, Virginia, Blue Ridge offers computer and network security products and services based on technologies developed in-house that deliver protection from Malware, Data Leakage, and Network Attacks. For over 15 years, Blue Ridge has supported high-value cyber targets across the globe in every industry, including financial services, retail, healthcare, energy, technology, and government.
We consider ourselves a security pure-play, dedicated to extending our track record of delivering innovative security solutions that reduce costs and improve IT operations.
Our Vision
- Make Security Technologies that Reduce Enterprise IT Costs
- Let Organizations Safely Reap the Economic Benefits of Cloud Computing
- Make Enterprise and non-Enterprise Endpoints Safe Computing Platforms
- Reduce Risks to Organizations from their Employees and Partners
- Interconnect Enterprise Facilities, Personnel, and Partners with Private Networks that are More Simple, Agile, Reliable, and Lower Cost
What We Do
| Computer Protection Software | Block Malware Attacks that Routinely Defeat Traditional Computer Protection Products |
| Centralized PC Control and Audit | Assess, Enforce/Remediate, and Audit Software Application Usage, Configuration Settings, 3rd Party Security Software, and More |
| Stateless Virtual Endpoints | Securely Access Cloud Computing or Enterprise Resources from a Virtual Endpoint Free of Malware, Leaving No Data Behind |
| Cloud Computing Security | Compartmentalize, Privatize, and/or Extend Your Enterprise Windows Domain to Cloud Computing Services |
| High Assurance VPN | Secure Data-in-Motion with PKI Authenticated Remote Access and Site-to-Site Encrypted Ethernet VPN |
| Managed Security Services | Cloud-based Security Services: VPN (includes ISP connections), WAN Firewall, Stateless Virtual Endpoints, and/or Endpoint Security |
More Information on Our Security Products and Services
Our Security Innovations that have Reduced Costs and Improved IT Operations
| Network Security | ||
| Technology | Benefits | |
|---|---|---|
| Encrypted Ethernet VPN | Data is encapsulated and encrypted within Ethernet frames instead of IP datagrams. . | Secures all Ethernet communications including IP and non-IP protocols, legacy protocols (IBM SNA, Novell IPX, AppleTalk, etc.), and legacy Ethernet appliance communications. Provides a flatter, simpler network topology. |
| Security Enhanced Internet Key Exchange (SE-IKE) | SE-IKE is a method for security the key exchange process, which is required in any VPN that employs encryption. It envelopes each key exchange message within a mandatory, mutual public key authentication process. This determines the session encryption key (e.g., AES 256 bit) used for the subsequent VPN tunnel. | SE-IKE is arguably the most successful security communications protocol ever developed. It has been in use for over 15 years by high value targets of cyber crime with no reports of vulnerabilities or breaches, ever. |
| Client-like VPN Appliance | A virtual or physical VPN appliance that acquires a private or public IP address from its local network and initiates a high assurance, encrypted Ethernet VPN connection to a VPN server, much like a VPN client. | Truly plug-and-play deployments in minutes, provides disaster recovery simply by relocating the appliance elsewhere. |
| High Availability WAN (Redundancy and Failover) | Virtual and/or physical VPN appliances are cross-connected via encrypted Ethernet across any form of transport from any location. The appliances are grouped in tiered pools for failover. | Radically simpler to set-up and more resilient than redundancy/failover approaches offered by other network appliance vendors and carriers. |
| Geographically Distributed Server & Data Center Redundancy and Failover | Enterprise server resources are connected via encrypted Ethernet over any form of transport, located anywhere. Back-up and primary resources with non-public IP addresses can have identical or same subnet IP addressing regardless of location or local ISP. | IT operations throughout an enterprise (e.g., router, DNS, server, and client configurations) are simplified when back-up resources do not require a unique IP address. Intranet moves, adds, changes, and deletes no longer require propagating changes throughout the enterprise infrastructure. This can also significantly reduce mean time to repair (MTTR). Some 3rd party server applications require primary and back-up servers to be on the same IP subnet, severely hindering geographic distribution of resources. Such servers can thus be located anywhere when connected via encrypted Ethernet VPN appliances. |
| Extend Enterprise Windows Domain to Cloud Computing Services | Virtual and/or physical VPN appliances provide an encrypted Ethernet connection between an enterprise and select portions of a cloud computing service provider’s resources, which effectively become part of the enterprise intranet. | An enterprise can utilize its existing, unaltered Windows Domain(s) to authenticate and authorize the use of cloud computing resources by employees. |
| Cloud-Based Encrypted Ethernet VPN | Virtual or physical client-like VPN (see below) devices generate encrypted Ethernet tunnels to a geographically distributed and redundant cloud-based VPN hub that seamlessly connects all authorized locations. | Scales to many thousands of enterprise nodes that is radically easier to operate and delivers the most cost-effective continuity of operations and disaster recovery solution available. (see encrypted Ethernet VPN below) |
| Active Directory Remote Access Local Login | IPSec client software establishes a VPN tunnel, initiates an Active Directory (AD) discovery and authentication challenge, and terminates the tunnel if AD authentication failed. | Facilitates secondary, local authentication, which is typically required in large organizations employing a certificate authority for authentication. Delivers a true Kerberos authentication and does not require a Microsoft ISA Server for each unique Windows domain, which are required by all alternatives. |
| Endpoint Security | ||
| Technology | Benefits | Stateless Virtual Endpoint | Pixie features a virtual thin client endpoint isolated from its host, and a virtual VPN appliance to both cryptographically isolate the virtual endpoint from the network surrounding the host as well as envelope the virtual endpoint within a closed private network including enterprise or cloud computing resources. | Secure access to enterprise or cloud computing resources from a malware-free virtual endpoint running on any computer, with no data leak risks, two factor public key authentication, reduced desktop management costs, and simplified information asset management. |
| Application Guarding | AppGuard Technology restricts where a guarded application may write, preventing it from altering critical PC resources. | Prevents zero-day malware attacks routinely missed by traditional anti-virus/spyware products |
| Parent-Child Software Control | A protected service running in windows prevents ‘guarded’ applications from writing into system space (i.e., preferred location to insert malware). The service applies the same restrictions to any child application or process that the ‘guarded’ application (i.e., parent) spawns. | More than triples malware protection effectiveness against day-old malware compared to traditional anti-virus/spyware products, yet at a fraction of the effort required by host intrusion prevention system (HIPS) and other zero-day malware technologies, and without their heuristic false-positives. |
| Drive-by Download Protection | Limits what applications may launch from user-space (e.g., My Documents, Desktop, an additional hard drive, etc.). Only applications on a ‘guard list’ may launch. Once launched, such applications are placed under guard so they cannot harm critical PC resources | Prevents zero-day malware attacks routinely missed by traditional anti-virus/spyware products, and without the complexities and user-disruptions found in alternative technologies. |
| Script-based Attack Protection | Restricts execution of common types of Windows scripts, based on publisher and location. | Prevents zero-day malware attacks routinely missed by traditional anti-virus/spyware products |
| InstallGuard | Locks-down a PC, freezing all MSI installation actions, except for policy defined publishers. | Prevents unauthorized software installation, even by end-users with local admin rights on a PC |
| Trusted Enclaves Data Protection | A protected service running in Windows computers limits access to specified user-content to specified software processes, denying any and all other software processes access (e.g., privacy mode). | Eliminates need for perfect malware prevention to plug malware-caused data leaks. Anti-malware policies can be less Draconian and disruptive. |
| User-Space Application Whitelisting | A protected service running in Windows ensures that only white listed applications may launch from user-space, where Windows end-users without local admin rights have write privileges on a computer. Such white listed applications as well as other ‘guarded’ applications (e.g., Internet Explorer, Outlook, etc.) are not allowed to alter system space, where legitimate software and operating system resources are located. | Prevents malware and unauthorized software usage. This is a dramatically more practical alternative to enterprise whitelisting products, where most effort is focused on where problems occur least, and which ignore application behavior after they launch. |
| MBRguard | A protected service running in windows prevents any alteration of the master boot record (MBR). | Protection from sophisticated malware attacks missed by traditional anti-virus/spyware, and without the false-positives and other shortcomings of alternative approaches. |
| Built-in Certificate Authority | The BorderGuard Management Console and EdgeGuard Management Console each feature special purpose certificate authorities (CA) to facilitate authentication and management plane integrity. | All the benefits of using the most robust form of authentication and authenticity commercially available, without the extensive pains of using a general purpose CA. (Some training session students do not realize they are employing PKI.) |
| Tunnel-Lock | First use of firewall technology in the industry, a Windows driver on a computer that ensured that all its data traffic traversed enterprise perimeter defenses either permanently or when it had an active remote access VPN connection. | Enhanced the value of enterprise firewalls by extending their benefits to remotely connected endpoints. |
| Two-Factor Public Key Authentication | Remote access VPN and Pixie users utilize RSA asymmetric keys, typically 1024 bit, as well as a passphrase. The passphrase, which is never exposed to a network, can be easy to remember. | Eliminated risks from man-in-the-middle attacks, still prevalent in SSL deployments. Reduced the risk of end-users’ employing easy to remember pass phrases . Significantly reduced customer trouble ticket volume due to lost passwords. |
- Contact Us Today to learn more about how Blue Ridge Networks can help your business.