The power of multiple DNS firewalls, combined to work in real-time harmony. Sum your favorite DNS service’s results into a concerto of a firewall power-house.
A gift to the world from what we have. We’re offering part of our technology as a freemium offering to the security community as a free-for-personal-use module of adam:ONE®. With DNSharmony®, security admins can choose to aggregate the threat intelligence sources of their choice on-premise or at the cloud edge with the adam:ONE® DNS caching resolver.
The aggregated result provides both enhanced security by summing the power of multiple DNS filters, and resilience for mission critical operations in case of an outage with their primary DNS service.
A security ecosystem designed from first-principles on a Zero Trust philosophy.
This True Proactive approach proves to be immune against advanced attacks (such as the Solar Winds breach and Pegasus etc.) by killing attacks BEFORE they were able to execute and BEFORE they were detected by the world’s best current SASE solutions.
Yes. Zero Trust is possible on Layer2. And the consequence of this true-proactive technology is a breath of fresh air amidst the fog of legacy reactive systems that only gets you halfway there.
adam:ONE® is a ZeroTrust connectivity (ZTc) solution made practical by use of AI and stacking additional technologies such as DTTS® egress control and DNSharmony® threat intelligence aggregation.
At the core is a highly optimized DNS caching resolver. It operates in a hybrid Muscle-Brain configuration. While the Muscle is distributed on-premise or in your cloud edge networks, the Brain is centralized. This allows the performance and resilience of decentralized operation, while maintaining the benefit of centralized control. Additionally, custodial protection remains distributed to each node to eliminate the single-point-of-failure risks associated with cloud-only based solutions.
By operating out-of-band, protection is achieved without the need of any endpoint software installed on these assets. This allows for the protection of the myriad of IoT devices and all vulnerable control technologies used in critical infrastructure.
Full Layer2 visibility is achieved and facilitates automated device inventory. Default deny-all treatment for each asset is standard, making a true ZT posture an automatic benefit.
Individual policies with flexible rules can be applied per asset or group on a permanent or scheduled basis, as needed.
Seamless integration with 802.1X facilitates user based authentication and automated policy assignment. Additionally hardware based authentication for devices not compatible with human friendly authentication are used as default, extending your Zero Trust posture even to legacy devices in real-life environments.
Shadow IT is easily eliminated in the ZTc environment of adam:ONE®. Since all connections are denied by default, only assets and services approved by the security admin will continue to operate.
Multiple adam:ONE® elements are stacked in the adam:ONE® ecosystem to allow immense flexibility to the security admin.
Solving the design failures of legacy DNS based firewalls by implementing Don’t talk to strangers (DTTS)®, all leaks by direct IP connections are prevented. This allows for effective ZTc protection by DNS without the need to use any centralized proxies and without the need to break encryption. This is a huge win for security and privacy.
DTTS® also provides dynamic egress control that prevents circumvention, breaks C2 connections, and eliminates Data Exfiltration channels.
The default deny-all connection posture of ZTc is made practical by automated dynamic allow-listing powered by AI. ZTc Adaptive AI and ZTc Reflex AI provide two flavors to find the perfect balance between UX convenience vs. the hardness of your security posture. It is now practical to reduce your attack surface to Near Zero (7000:1) while maintaining a productive work environment for all your assets.
With ZTc policies of adam:ONE®, only connections requested by the verified user and verified to be safe are dynamically allowed - all others are denied by default. This practically resolves Human Factor risks by eliminating all phishing vectors. (Including spear phishing and smishing on mobile devices)
With DNSharmony®, security admins can choose to aggregate the Threat Intelligence Sources of their choice at the Muscle. The aggregated result provides both enhanced security, and resilience for mission critical operations in case of an outage with their primary DNS resolver.
Edge Application is flexible: The adam:ONE® Muscle can be baked natively into the OS of a device; be deployed at the network edge; live as a node in the cloud; forced onto mobile assets via secured tunnel; or applied at carrier level via dedicated APN. It could also be inserted mid-stream as a bridge device to augment current security frameworks without the need to displace existing infrastructure.
Build your adam:ONE® stack just the way you want it. The adam:ONE® caching resolver is a fully customizable technology platform. Multiple modules are combined to build your security stack just the way you want it.
Shape your security posture with fully customizable modules. All policies can be applied on a per-device basis.
Free or Commercial license. SEE MORE
The net result is preventing all C2 malware that use direct outbound connections as part of the attack vector from executing. As well as providing immunity against data extortion by preventing exfiltration of data from the protected network.
Allowed connections are automatically added to the dynamic allowlist and assets verified to the same node have access to connections from the same list. The same rule could be shared between other subscribed adam:ONE® nodes. This dynamic rule can be maintained by AI verification, or collapsed by temporal triggers once the need for access expired.
Primarily used for protecting HVAs with emphasis on mission critical security.
This eliminates the delay associated with ZTc Adaptive AI between connection requests and verification, as decisions are done on a real time reflex basis of the Reflex Policy. Conflict resolutions between overlapping categorizations are also handled by preset preferences for the specific reflex policy.
Primarily used for protecting HVAs with emphasis on fast human experience.
UBA allows assets to be authenticated by user vs hardware, and allows for policy assignments to automatically apply to the verified user.
The net result: Immunity to Pegasus Forced Entry* and other APTs are achieved via the ZeroTrust connectivity established through DTTS® and ZTc Adaptive AI Allowlisting of adam:ONE® in a dedicated cloud exit. *(This was achieved even before the threat became known).