Fognigma by Dexter Edward, LLC  

Herndon,  VA 
United States
https://fognigma.com

• Booth: 2662

Traceless Communications - with Fognigma

Secure, Traceless, Post-Quantum Encryption, Zero Trust Networks & Next Generation Mission Partner Environments

Commercial Off the Shelf (COTS) software, Fognigma, provides global rapidly deployable, fully scalable, on-demand, secure networks & Mission Partner Environments (MPE).

Each Fognigma network and next generation MPE provides turn-key communication solutions for voice, video, chat & messaging, telephony, and data without any commitments to contractor labor or services.

Rapidly deploy mission-ready networks around the world using the full range of Fognigma's IP space, complete with virtual desktops, encrypted chat and file servers, video conferencing, and other communication and collaboration tools. Stay off the radar, misdirect adversaries, regenerate entire networks on the fly, respond instantly to new threats, and complete your mission -- leaving no trace.

Command the Cloud. Dominate Cyber Operations.

Traceless Communications - with Fognigma.

Brands: Command the Cloud. Dominate Cyber Operations. Traceless Communications - with Fognigma.

 Videos

 Show Specials

• Stop by the Fognigma booth #2662 to learn more about our misattribution devices Wicket/Netcutter (Oct 19, 2022)

  Wicket

  Protection For Any IP Device

  Wickets are the perfect solution for protecting IoT and IP-enabled devices. Want to connect your VoIP phone to your Fognigma telephony system? Attach a Wicket to the phone to connect it to the Fognigma network automatically. Have multiple workstations and IoT devices that need protection? Simply place a wicket between your modem and router. Any device connected to that router’s WiFi connection is protected by the Fognigma network.

  Secure, Portable Access

  Wickets are small, easy to carry, and simple to set up. Even a non-technical user can completely secure and obfuscate his or her network activity, while at home or on travel, simply by connecting one side of the Wicket to whatever Internet access is available, and then plugging anything, from a VoIP phone to a wireless router, into the other side.

  From that moment on, everything that is connected to the Wicket is protected from observation, interception, and tracking. Wicket even obscures the user’s physical location, by connecting him or her to the Internet using Fognigma Exit Points that are disposable and can be deleted and recreated with new IP addresses and new physical locations, with no user interaction required.

  Device Locking

  The Wicket can be locked from the GUI remotely or by the user. Once locked, all sensitive information on the device is protected in an encrypted storage area and cannot be accessed until a PIN is entered to restore functionality.

  Remote Support

  Administrators can access the Wicket securely and remotely in order to reconfigure it or assist a user in getting it set up.

  Netcutter

  Remote Resource Access

  Netcutters connect to a Fognigma network and appear as an Exit Point. If they are installed in a remote, secure network, that means that authorized users of the associated Fognigma network can access resources on that remote network, just as if it were local to them. Administrators can also control access so that only certain resources on the remote network are available to users.

  Exit Points Anywhere

  Because Netcutter can connect to two networks simultaneously, using one to communicate with a Fognigma network and one to direct network traffic from inside the network, a Netcutter can be used to create a Fognigma Exit Point anywhere in the world with network connectivity; it can even work via cellular connection. Users connected to the Netcutter Exit appear to be using the Internet from wherever the Netcutter is physically located.

  Cellular Integration

  No Internet available? No problem. Users with 3G/4G cellular service can connect a Netcutter to a mobile phone to generate an Exit Point from the mobile phone’s network. When they connect to the cellular Exit Point, their web traffic will appear to be originating from that cellular network and location.

  VDI Integration

  Netcutters are also fully compatible with Fognigma-protected VDIs. With the preinstalled Exit Switcher application, VDI users can select the Netcutter Exit Point to monitor private resources remotely or appear to be using the Internet from the Netcutter’s location.

• Stop by the Fognigma booth #2662 to learn more about Erebus our Encrypted File Storage solution (Oct 19, 2022)

  Erebus Encrypted File Storage

  User-Specific Encryption at Rest

  Dedicated per-user Erebus web applications ensure all data is individually encrypted for all users who are assigned access to the content. As user permissions are modified, the data itself is modified to suit. Ensuring recently denied users can no longer decrypt the data.

  Disposable Content

  The hosting environment for Erebus is completely ephemeral. In that spirit we also make the data stored ephemeral. Users can define a time or use limitation on all content stored in Erebus. They can choose to have it self-delete in an hour or after even just 1 download.

  Simple & Seamless

  Users of Erebus can immediately take advantage of encrypted storage without any setup or fuss. A unique web URL is provided to every user, along with an account login. After logging in, a user can begin sharing and accessing encrypted content to any number of users or group of users.

• Stop by the Fognigma booth #2662 to learn more about Speakeasy our Secure VTC communication solution (Oct 19, 2022)

  Speakeasy Secure VTC

  Videoconferencing you control

  Many videoconference solutions require your users to connect to a third-party server. Their communications may be encrypted, but only to the server itself, and that server belongs to someone else… someone you may or may not be able to trust with your sensitive information. Speakeasy ensures that every part of your videoconference is hosted on machines you own and control. So, when you terminate a conference, you know that no third party has a recording.

  There when you need it, gone when you are finished

  Speakeasy conference rooms only exist for the time that they are in use, so you can save on the cost of resources by reducing the number of conferences during off hours, weekends, and holidays, so that you are never paying for a conference solution you aren’t using.

  Interact discreetly

  Every participant in a Speakeasy videoconference is issued a unique, single-use URL in order to access the conference. Because every participant is visiting a different URL, there is no way for an observer to tell that they are communicating with one another or even that they are participating in a videoconference at all.

  No trust required

  Because the URLs participants use to access Speakeasy conferences are unique and single-use, you can give them to anyone whether you trust them or not. When you are done speaking, their link goes away, and they will never know where your videoconference server is, and cannot reveal it to anyone, or attempt to reach it.

  Conference at enterprise scale

  Many videoconference solutions are limited to a small number of participants. Speakeasy conferences can scale to include hundreds of individual participants if required.

• Fognigma will be showcasing ZeroTrust Cloud Communication Solutions. Join our IT Manager, Zachary Beatty for this demo on Thursday, December 1st at 11:30am at the Innovation Showcase. (Oct 19, 2022)
  Fognigma will be showcasing ZeroTrust Cloud Communication Solutions. Join our IT Manager, Zachary Beatty for this demo on Thursday, December 1st at 11:30am at the Innovation Showcase. 

 Press Releases

• Fognigma: The Next Generation of Mission-Partner Environments (Oct 06, 2022)

  Establish on-demand voice, chat & messaging, video, telephony, and data communications within a day. Fognigma’s next generation mission partner environments (MPEs) allow you to establish a unique environment per individual in the partner organization, not just per relationship. These MPEs are fully-owned and operated by your organization, created within hours, and completely disposable. The architecture of Fognigma is designed with MPEs in mind, enabling them to endure malicious use and treacherous exploitation without any consequences to key infrastructure, other users, or missions.

  HOW IT WORKS

  1.   Install Fognigma

  • Install Fognigma locally or in the cloud, add accounts from one or more public cloud providers through the Fogngima interface, and begin deploying mission-ready networks and collaboration resources around the world. Once operational, Fognigma can deploy multiple highly complex, mission-specific networks in well under an hour.

  2. Deploy an MPE

  • Customize networking and security options from Fognigma’s simple interface in minutes and deploy an MPE suited for any mission. Fognigma automates provisioning of required machines and resources from public cloud infrastructure through a pool of disposable misattribution points and manages all network, security, and resource configurations in the background as the network is being constructed.

  3. Connect and collaborate seamlessly & safely

  • Connect to the MPE from virtually any device and immediately begin using collaboration tools from anywhere in the world. Per-user access controls allow administrators to limit access for every individual to any combination of network resources.

  4. Burn after use

  • When the mission is complete, destroy every trace of the ephemeral MPE with a single click.

  By leveraging public cloud infrastructure from several providers and data centers, Fognigma allows entities to deploy mission-ready networks and resources that can adapt rapidly to developing situations, new intel, and sudden threats. Fognigma’s cloud-centric approach facilitates coalition interoperability and eliminates roadblocks caused by infrastructure issues and service interruptions, enabling all partners to work efficiently no matter who or where they are.

  Mission Partner Environments In Action

  Real-world events require US forces to establish data sharing environments with non-traditional partners, with varying levels of trust and operational risks. In a highly contested environment with the potential for equipment loss or capture, every crisis is time-critical. The architecture of Fognigma provides out-of-the-box compatibility with local facilities, infrastructures, and environments without endangering them.

  1. Create an MPE

  • A US administrator installs the central Fognigma server in the public cloud and deploys an MPE to collaborate with multiple foreign entities and individuals in compromised locations, complete with videoconferencing servers, a file share, a messaging server, and a virtual desktop instance for every user.

  2. Create access for users and partners

  • The Fognigma administrator creates dedicated, disposable, disassociating access points for entities and specific users to authenticate and access designated MPE resources, customizing trust and access on a per-user basis.

  3. Connect to the MPE

  • Using existing infrastructure and devices, trusted and untrusted users anywhere in the world authenticate and gain instant access only to resources they are meant to see. Approved users can even be granted access to localized resources while within the MPE, no matter where they are in the world.

  4. Collaborate seamlessly and dynamically

  • Trusted users and mission partners begin collaborating within hours of receiving the Fognigma software for the first time, collaborating through videoconferencing, messaging, and telephony and exchanging files and data through access points and servers regenerated in new public IP spaces on a daily basis. As the mission develops, partnerships are created or terminated, and new threats are discovered, the administrator adds or removes resources and access points to instantly adapt.

  5. Destroy without a trace

  • When the mission is complete, the administrator destroys all associated access points, saves the collected data, and destroys the MRE as if it never existed. Attacks from former partners and outside malicious actors are rendered ineffective since user data and network location remained hidden for the entirety of the mission.

  Key Benefits

  • Allows users to conduct specific, temporary communication missions on the frontline without exposing fixed infrastructure to exterior parties.
  • Works with virtually any mobile device, legacy devices/systems, and Internet-only workstations like NIPR.
  • Allows full control of data, without service contracts or shared architecture.
  • Allows customization of access within a single MPE on a per-user basis, so even users within the same network can be blocked from ever knowing who or what else is there.
  • Ensures operational safety with resilient, self-preserving architecture that prevents a single point of compromise from affecting resources or users.

• Secure File Sharing in the Era of Remote Work (Oct 06, 2022)

  New world, new rules

  Two years after the onset of the COVID-19 pandemic, it’s clear that remote work isn’t going anywhere any time soon.

  Companies scrambled in 2020 to pivot to fully remote working environments, and while some have shifted back to in-office or even hybrid environments, the need remains for secure and remotely accessible resources like file servers and videoconferencing solutions for employees scattered across the country, and sometimes around the world.

  This abrupt shift to these decentralized collaboration environments opened created a world of opportunity for hackers. In the past, centralized headquarter environments granted a high degree of control to allow cybersecurity and IT professionals to manage company security more effectively.

  But today’s working world is riddled with new variables – unsecured home networks, IoT devices, the use of personal devices for work, and lack of individual understanding of best security practices and common threats, to name a few. And when 88% of data breaches are caused by human error (according to a study conducted by Stanford University), the risk is too high, especially for a resource like a file server, where large numbers of users are likely uploading and downloading files frequently.

  File servers in particular are a gold mine for malicious actors as much as they are essential to remote work environments. But can you keep them safe?

  Can yesterday’s solutions work in today’s remote world?

  Encryption is the most obvious solution for protecting file servers, but it has its downsides:

  • Time and effort. Private key infrastructure (PKI) can be an effective way to protect connections between an individual and another individual, group, or server, but is tedious to set up and maintain. A user must generate their own public and private key pair, store the private key safely, and share the private key with the person or server they’re trying to reach (use that person or server’s public key). Worse, to use the same encryption key on another device, the user would need a secure way to transfer the private key to the new device to ensure it can’t be captured in transit. While this may be a standard practice for familiar users, those unfamiliar with cybersecurity basics may find this method inaccessible. And with remote employees spread far and wide in questionably secure locations (sometimes across the world), IT support can be a costly and time-consuming nightmare for everyone involved.

  • Key ownership. Popular file-sharing services like Dropbox claim to use encryption to protect their users’ data, but they hold the encryption keys, and the encryption is broken at their central server. So if their servers are compromised by unauthorized access or insider attacks, any user communications with those servers could be leaked to a third party. In other words, if they’re compromised, so are you.

  The demands of the current remote work climate require a user-friendly solution that provides the best security features available and limits the potential for human error.

  Erebus: The encrypted file server for a remote world

  Erebus is a cloud-hosted secure file storage system that uses built-in patented encryption software (Conclave) to encrypt files and automate management user encryption keys.

  Security features at a glance

  • Symmetric and asymmetric (end-to-end) hybrid encryption

  • Perfect forward secrecy (PFS) protocol

  • Two layers of AES-256 encryption with 4096-bit initial key exchange

  • FIPS 140-2 validation

  • Immunity from IPv4, IPv6, DNS, and WebRTC attacks

  • User-specific encryption at rest

  Fully automatic encryption key management with Conclave

  Erebus uses Conclave encryption technology to automate the management of encryption keys for users and the Erebus server, eliminating the need for cumbersome manual key configuration, and by extension, the possibility of a data breach caused by human error.

  When Erebus access is activated for a user, the software generates a dedicated proxy instance that handles encryption keys between the Conclave server and Erebus server. Users receive the full protection Conclave has to offer, without needing to rely on tedious and complicated encryption configurations. Accessing and using Erebus is as simple as signing in and uploading or downloading files in just a few clicks – while Conclave handles the rest and keeps them protected.

  Secure access and file management

  Whether on a desktop or mobile device, Erebus users never access the file server directly. Instead, a dedicated third-party proxy instance is generated for each Erebus user. These instances act as intermediaries in the connection, ensuring potential snoopers are misdirected and the server is protected. Not even your own users need to know where the server is hosted, adding another layer of protection against human error and insider attacks.

  These user access URLs can be generated, re-generated, or destroyed in just a few clicks. Uploaded files can also be configured so they’re destroyed automatically after a certain amount of time or downloads.

  Simple and intuitive access control

  Erebus servers can be configured in minutes, and administrators can easily control user access to files and the capabilities within Erebus using groups and permission assignments.

  All data is individually encrypted for each user assigned access to specific files, so as user permissions are modified, the data itself is modified to suit that permission. This ensures that when user access is removed, users will no longer be able to decrypt the relevant data.

• Next-Generation Mission Partner Environment Security - Protection at Every Level (Oct 17, 2022)

  Introduction

  The recent shift to cloud-focused, data-driven Mission Partner Environments (MPEs) enables military organizations to operate and collaborate with other entities more freely, effectively, and securely at a lower cost. The ability to remain dynamic and responsive is vital to ensure the success of any operation.

  Shirking the limitations of network-centric traditional architecture also provides opportunities reimagine security implementations. Fognigma’s next-generation MPEs are designed with unique, proprietary security features, incorporating Zero Trust principles at every level to anticipate and eliminate threats.

  Protection at every level

  Zero Profile

  Internet-accessible mission resources are subject to constant monitoring and attack from sources around the world, particularly from hostile-state level entities. One of the most common initial methodologies used by attackers is to perform a port scan of a particular IP address or range of addresses, allowing them to view which network ports are open and compare the notational digital fingerprint of other machines with similar configurations.

  MPE resources can be protected from scan-based fingerprinting and monitoring by ignoring all requests to every port; however, this would render them inaccessible to friendly connections. Port knocking is a common method for circumventing this limitation, but it remains vulnerable to brute force attacks.

  Instead of a port-sequence knock, Zero Profile uses shared secrets, time-based tokens, and cryptographically strong hashing algorithms to create tokens that can only be used for a brief amount time by the designated host, while hiding that the tokens are ever received. Even if a malicious actor were to intercept a token and send it from their own address, the address of the actor would not match the hashed address of the legitimate sender, so the token would be rejected. Further, the time-sensitive token is only valid for a brief period of time before a new one is generated.

  Zero Profile is Fognigma’s first layer of defense, keeping MPEs off the radar entirely. It enables partners to operate in contested space without risk of discovery or correlation, appearing innocuous, stagnant, and completely closed off from connections.

  Charon

  The latest version of Fognigma introduces Charon, a Zero Trust feature that provides user-specific, end-to-end encryption of user data within a Fognigma VPN – like putting a safe inside of a safe.

  Charon exists as a data transport layer between Fognigma networks and the VPN clients used to access them, ensuring end-to-end encryption for destination traffic. Essentially, Charon creates a secondary VPN within the primary VPN to separate user data from anonymity data and protect it from exposure when in transport.

  This ensures that users are protected even from high-level insider attacks, an essential defense when operating with traditional and non-traditional partners with varying levels of trust.

  Automatic certificate revocation

  In addition to Charon, the latest Fognigma release also incorporates an automatic certificate generation and revocation system for user connections to Fognigma VPNs. When an approved user attempts to authenticate, the Fognigma engine generates a certificate to allow the connection.

  When the connection is terminated, either intentionally or by power or network issues, the certificate is automatically revoked instantly. A new certificate is issued the next time the user authenticates successfully.

  Certificates are signed only for a short amount of time, requiring frequent reidentification by clients. Frequently replacing these certificates prevents man in the middle attacks and helps ensure a single user cannot compromise a MPE.

  Disassociated proxy access system

  Fognigma’s patented Portal Proxy technology is used throughout the system to facilitate connections and access to resources while hiding the activity from observers. Portal Proxy leverages public PaaS infrastructure to generate disposable proxies used to:

  • Hide interactions between the Fognigma engine server and public cloud providers and virtual machines,
  • Allow users to access resources without knowing their locations by using disposable intermediaries, and
  • Transport user and server keys safely.

  Other security features

  • Dual layers of of AES 256-bit encryption using two separate cryptographic software libraries to protect routed data.
  • HTTPS traffic masking.
  • FIPS 140-2 compliant networks.
  • Fully automated per-user chat & file server encryption management.
  • Quantum encryption resistance ciphers.
  • IPv4 & IPv6 infrastructure.

  Fognigma is designed from the ground up to incorporate Zero Trust security measures, creating a secure workspace for mission partners to collaborate effectively and safely – with as little administrative effort as possible.

• Fognigma 3.0: Cyber Architecture for the Future (Oct 17, 2022)

  Design Your Defense with Fognigma

  With the rapid development of sophisticated cyber attack methodologies and the threat of weaponized quantum computing on the horizon, traditional security systems are being exploited continually. To operate safely and effectively in the digital battlespace, entities must adopt more sophisticated means of protection, without sacrificing efficiency or maneuverability.

  In v3.0, the architecture of Fognigma has been redesigned to address the greatest cybersecurity threats of today – and tomorrow.

  The latest Fognigma build embodies the core principles of Zero Trust, Moving Target Defense, Post-quantum Cryptography, and Software-defined Networking & Architecture. With v3.0, Fognigma is not just a cybersecurity or VPN tool – it’s an entire defense system that allows entities to leverage the public cloud to efficiently deploy custom-made cyber architectures and defense methodologies tailored for any purpose.

  The Architecture of Fognigma

  Charon: Layered Zero Trust Protection

  v3.0 introduces Charon, a new Zero Trust security element built into the Fognigma architecture. Charon is a WireGuard-based capability that provides, user-specific, end-to-end encryption of user data within a Fognigma VPN – like putting a safe inside of a safe.

  Charon serves as a transport layer between Fognigma’s VPN clients and the VPN exit, ensuring end-to-end encryption for all destination traffic outside the VPN. This peer-to-peer VPN is established within the primary VPN, separating user data from anonymity data, and is maintained to prevent destination traffic from being exposed while in transport. Even high-level malicious users are prevented from compromising user data.

  Charon is an extension of the core Zero Trust and least privilege principles found throughout Fognigma. Users can also access protected resources without ever needing to know where they are by using web-hosted, misattributed access points. Similarly, users can also authenticate with the central server without connecting to it directly.

  Fognigma is thoughtfully designed with Zero Trust principles at every step, allowing entities to operate in any environment and with anyone, without risk of a single point compromise affecting the network as a whole or any other users, even with a malicious user inside the network.

  Ephemeral Moving Target Defense

  One of Fognigma’s greatest strengths is its ability to remain totally invisible from the moment it’s installed. The central server never connects with public cloud providers directly, instead using disposable intermediaries to provision machines from providers and connect to them.

  By leveraging multiple public cloud providers in over 150 data centers around the world, Fognigma allows users to create microsegmented networks anywhere with virtually no administrative effort. Specific elements or even entire networks can be destroyed and rebuilt in minutes with different providers and in different locations, becoming drops in the ocean of activity in the public cloud.

  Users and the means they use to access networks and resources are also protected in a similar way. A single network can leverage any number or distinct network exit points around the world, allowing end users to instantly generate traffic anywhere with a single click. Disposable proxy instances ensure that interactions with resources in the network are hidden in user traffic.

  Fognigma is capable of maintaining a constant state of automated change and regeneration during operation, facilitating quick and effective responses to new threats.

  Post-quantum Cryptography

  In v3.0, the wolfSSL tunnels between elements of a Fognigma network now use NTRU’s lattice-based cryptography in the outermost encryption layer in lieu of RSA, Diffie–Hellman, and Elliptic-curve Diffie–Hellman key systems. The OpenVPN layer within it now incorporates tls-crypt to pre-shared secret keys to ensure authentication is required before the TLS layer is even established, and also includes the benefit of encrypting the TLS control channel. Charon’s WireGuard encryption also uses pre-shared keys.

  These new features add additional protection against man-in-the-middle attacks, empowering entities with layered protection against high-level threats in even the most hostile environments.

  Software-defined Networking & Architecture

  Fognigma embodies the principles of software-defined architecture and networking, automatically handling tedious administrative IT, networking, and encryption key generation and management tasks behind the scenes, only requiring administrators to make simple configurations through the interface before Fognigma takes over. Fognigma manages provisioning of required machines and resources from public cloud infrastructure and completes all networking, security, and resource configurations in the background as networks are being constructed.

  Deploy networks complete with end-to-end encrypted collaboration tools like file servers and videoconferencing through a few clicks or through a fully automated provisioning system. Collaborate freely without ever needing to worry about exchanging encryption keys or wasting labor time-consuming IT infrastructure and security tasks. Administrators simple deploy resources and access points and let Fognigma handle the rest.

  Fognigma software-defined perimeters make it the ultimate mission facilitator, granting entities the ability to design complex, mission-specific networks, resources, security measures, and per-user access control quickly and easily through a simple interface. Fognigma allows users to harness the potential of an entire world of cloud-based resources at the press of a button, using any device.

  Secure Your Future Now

  In Fognigma v3.0, the principles listed above are implemented out of the box, allowing entities to rapidly generate and tailor mission-specific networks and instantly respond to threats. Fognigma is not merely a VPN solution – it’s the factory that assembles them to your specifications, completely invisibly, with minimal effort, anywhere in the world.

  The architecture of Fognigma ensures immediate compatibility with local facilities, infrastructures, and environments – without ever endangering them. Collaborate with anyone, no matter who or where they are.

  Design defensive strategies, systems, and methodologies to address the threats of today and protect yourself from the threats of tomorrow.

 Products