In little more than a year since being spun off from Alphabet, SandboxAQ has been quickly assembling a portfolio of quantum technologies, some gained through acquisition or investment in other firms, others developed in-house. This week, the quantum sector is seeing the first evidence–and definitely not the last, according to Graham Steel, Head of Product, Quantum Security, at SandboxAQ–of how these efforts are coming together at the platform level, as the company has announced the SandboxAQ Security Suite.
The suite, announced just days before the RSA Conference, one of the world’s largest cybersecurity events kicks off in San Francisco, provides multiple modules that combine in an end-to-end solution for cryptographic vulnerability scanning and remediation. Elements of the product suite already are being used by both commercial and public sector customers to maintain compliance, enforce policies, safeguard sensitive data, and strengthen their overall security posture, protecting both data in motion and data at rest, the company said.
The first module in the suite is the Cryptosense module, which includes the Cryptosense Analyzer Platform, an encryption management tool that SandboxAQ scooped up through its late 2022 acquisition of U.K. start-up Cryptosense, and which already is being used by multiple customers. This module also includes the SandboxAQ Network Analyzer, which combines with the Cryptosense Analyzer to provide a complete solution for cryptographic inventory that includes analysis and inventory of filesystems, applications, and networks, the company said.
The need to inventory existing cryptography across an enterprise has been called the first step toward eventual adoption of quantum-safe encryption, as many enterprises may be using a mix of old protocols like MD-5 and SHA-1, while others may not even have the slightest idea which or how much encryption they use.
Steel, the co-founder and CEO of Crytosense before it was acquired, described what each company brings to the table in terms of technology, saying that his company had one scanning offering that looked at files throughout the enterprise–files on endpoints, servers, inside containers–to find any cryptography being used, and another offering that did the same for applications, collecting information of the cryptography technology used to protect them.
“It was used by some pretty big financial services players already before the acquisition,” he told IQT News. “What was built on the Sandbox side was a complementary technology around looking for cryptography in a network track, so looking to see data in motion. How was it encrypted? What was the handshake that was used to set up the encryption? What algorithm was used? And so one of the nice things about doing the deal was that we actually had this natural complementarity.”
SandboxAQ said several customers already are including one or more pieces of the new security suite, including Cloudera, Informatica, the U.S. Air Force, the U.S. Department of Health & Human Services, and a range of global banks.
Steel promised there will be more announcements from SandboxAQ “coming down the pipe in the next couple of months.”
Meanwhile, the company’s press release announcing the new suite cited supporting quotes from some of the company’s partners.
“At Vodafone, we take the protection of our clients’ valuable assets very seriously and we are preparing for a migration to quantum-safe security. For this reason, we welcome innovations as announced by SandboxAQ that can help various industries in their journeys towards quantum-safe networks, products and services,” said Luke Ibbetson, Head of Vodafone Group R&D.
“SandboxAQ has built the principle of cryptographic agility into every aspect of its Security Suite, enabling customers to seamlessly swap cryptographic protocols in response to ever-changing regulatory requirements and cyber threats,” said Taher Elgamal, a partner at Evolution Equity Partners and SandboxAQ advisor. “Security and compliance teams will appreciate Security Suite’s ability to support a hybrid deployment of existing encryption algorithms and post-quantum cryptography.”
“The SandboxAQ Cryptosense module empowers organizations with detailed knowledge of where cryptographic vulnerabilities exist and provide focused recommendations for their mitigation,” said Dave Burg, EY Americas Cybersecurity Leader. “This can be key to protect against both quantum-enabled and classic cyber attacks.”
Dan O’Shea has covered telecommunications and related topics including semiconductors, sensors, retail systems, digital payments and quantum computing/technology for over 25 years.