OPAQ awarded patent for software-defined network segmentation

OPAQ has received a patent from the United States Patent & Trademark Office for its software-defined network segmentation technology that monitors connection requests on endpoint devices and enforces security policies to prevent lateral attacks on corporate networks (Patent # 10,122,760).

The patented approach is part of the OPAQ Cloud, a platform-as-a-service that enables managed service providers to deliver Fortune 100-grade security to midsize enterprises. With this technology, OPAQ can offer enforcement of security policies at both the network and the endpoint.

This is the fourth patent awarded for intellectual property within OPAQ’s technology portfolio. The others cover cyber security inventions for risk analysis reporting (# 8,793,151), correlating information across distinct domains (# 9,104,710), and providing a global virtual perimeter through distributed points of presence (# 9,197,601 B2).

“The details of the recent SamSam Ransomware indictments highlighted the way that attackers spread within internal networks to infect entire organizations,” said Tom Cross, CTO of OPAQ.

“Talk to any security professional, and they’ll tell you that network segmentation is an important best practice that can help mitigate the spread of malware and lateral movement by attackers. Unfortunately, a lot of organizations don’t do a good job at segmentation, in part because the traditional approach of using VLANs, routers, and switches is too brittle and expensive to maintain. OPAQ’s breakthrough technology simplifies segmentation by allowing dynamic policies that respond automatically as users move within a campus. Sometimes referred to as microsegmentation, this technology enables service providers to help their customers adopt a Zero Trust security posture entirely using cloud-based controls, without having to perform expensive truck rolls in order to configure on premises equipment.”

Highlights of the OPAQ patent

The patented invention works in the following way:

• Cloud-hosted controllers communicate with software agents on endpoint computers.
• The agents monitor connections to and from each endpoint, and assesses them against security policies from the controllers, which can adapt in real time to changes on the network.
• Service providers gain visibility into and control over east-west traffic on customer networks, with the ability to craft policies and respond to incidents.
• The endpoint agents can be configured from the cloud to perform automated responses (enforce step-up/multi-factor authentication, block a connection request, quarantine the device, etc.) when a security policy violation occurs, or an additional authentication is required.