Current affairs
Robust IT security systems for critical infrastructures
19/06/2024 - When the unexpected happens, applications and situation assessments of the responsible organizations must remain available. This requires protective measures that provide stable solutions for application security and infrastructure.
The professionalization of cybercrime continues to advance and will reach a new peak in the coming years, driven by AI (artificial intelligence) and other innovative technologies. Worrying developments, such as the increased exploitation of zero-days for targeted attacks, are just the tip of the iceberg, as cybercriminals and state actors will continue to perfect their methods in the future. It’s high time for organizations to invest in their security.
All authorities and companies can fall victim to cyberattacks. A DDoS attack (Distributed Denial of Service), for example, is one of the simplest types of attack and can deliberately paralyze entire infrastructures. The aim of these attacks is to disrupt application performance or availability. The attack vectors can vary and target the available bandwidth, application resources and memory, for example.
These DDoS attacks use an extremely large number of individual connections to bombard and paralyze a network with fake requests. The attackers are now porting this well-known attack scenario into the world of increasingly widespread virtual network infrastructures. This also means that advanced attacks will target the control plane of the infrastructure. The bandwidth required here to cause damage is rather low, so that common protective mechanisms are ineffective. In most cases there is no advance warning for countermeasures (zero-day attack).
How can the network be securely protected against these attacks?
atmedia encryptors protect against these attacks, which can overwhelm networks and critical infrastructures by manipulating the control plane. The control plane manages and orchestrates the entire virtual infrastructure. This is where configuration bases are defined, user and role access are provided, and applications are placed so that they can be run with associated services - a kind of air traffic control for applications. If the control plane is compromised, an attacker has the opportunity to change access rights and other configurations and thus cause considerable damage. These malicious activities can lead to data loss, but also to more serious attacks resulting in a complete failure of the entire infrastructure.
The atmedia systems protect themselves and the underlying infrastructure through integrity and replay protection implemented entirely in FPGA hardware (Field Programmable Gate Array). This protection against active attacks on devices and the network is indispensable, as it plays just as important a role in sensitive, highly available and complex applications and infrastructures as the actual encryption approved by the BSI.
The resilience and availability of the infrastructure are sustainably increased.
The best protection against attacks is always to firmly anchor security in the design of new solutions and, in particular, to minimize the complexity of critical functions. This was taken into account in our products right from the start and is a positive benefit to us today.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
Future-proof IT infrastructures with atmedia products
19/12/2023 - Authorities and companies need secure and powerful IT infrastructures for demanding requirements such as digital transformation. Even under exceptional circumstances - such as a cyber-attack - at least the underlying network infrastructure must continue to operate at a sufficient level.
It is incredibly simple to design IT infrastructures securely and efficiently at the same time with atmedia encryptors. By using the systems, security features are added to the WAN architecture which increase cyber resilience and offer an effective protection against attacks. The technology makes it possible to continue to operate the network with a sufficient level of security if vulnerabilities become known and then to gradually return to regular operations. The atmedia products expand the topology by the so-called basic protection, which maintains network operations until the known vulnerabilities (e.g. zero days) have been fixed. The communication function of the WAN network is retained, because the parts of the IT infrastructure affected by an attack can be specifically isolated. The focus here is on the ability to react in an emergency and not on full protection against cyber-attacks.
In addition, our products are quantum computer resistant today and there is no urgent need to implement immature PQC candidates. It is also possible to adjust the device-specific bandwidth depending on new requirements. All products are of course "Made in Germany" and approved by the Federal Office for Information Security for classified information.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
Michael Böffel new Managing Director
01/08/2022 - Michael Böffel, who held different positions at IABG mbH and secunet Security Networks AG has been appointed Managing Director of atmedia GmbH on 1. July 2022.
Michael Böffel looks back to more than 20 years of experience in the field of IT Security with excellent technical and management competencies and prime market knowledge. In his last position, he has been responsible for the successful restructuring of the Infokom division of IABG.
"We are certain to profit from his profound knowledge and his great reputation in the IT security market and wish him every success in his duties", said Friedrich and Hofmeyer.
"I am very looking forward to this new challenge. atmedia has big potential for a dynamic corporate development. With great commitment, I will work with the management and the employees on the successful realization of the company's objectives", said Böffel.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
Worlds fastest IP network encryptor
12/04/2021 - The atmedia 100G Encryptor encrypts layer 3 IP and layer 2 Ethernet networks at highest throughput of 100 gbps per direction.
Most available VPN systems on the market realize an IP network encryption with software solutions running on standard processors. The atmedia 100G Encryptor however uses special custom made FPGA hardware for the encryption and decryption of user data at full line rate and allows all security relevant components to be fully evaluated by third parties.
The device supports multiple operation modes for IP tunnel, Ethernet tunnel and IP or Ethernet transport encryption and is able to protect all layer 3 and layer 2 networks.
All management data (key exchange, remote management and monitoring) are protected against attacks on the protocols and the underlying cryptography by a combination of asymmetric and symmetric encryption algorithms. This makes the atmedia encryption systems resistant against future threats by quantum computers by now.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
First 100G Ethernet Encryption with BSI approval
27/02/2020 - The atmedia 100G Ethernet Encryptor has been evaluated and approved by the Federal Office for Information Security (BSI) for the transmission of classified data.
The device protects 100 gbps Ethernet (100GBASE) connections against tapping and manipulation. The AES-GCM encryption operates at 100G line speed in store&forward mode. This prevents any manipulated data from entering the local network. Not only the user data but the whole inband-communication as well is protected with AES-GCM in hardware in order to prevent active attacks (against key exchange or via denial-of-service).
The atmedia 100G system is the fastest encryptor for layer 2/3 networks built in Germany. All security relevant parts are being developed by atmedia and produced in Germany. To achieve a maximum level of security and flexibility, the system does not use MACSEC but latest FPGA technology that can be upgraded and evaluated.
Due to the extremely high throughput and the very low latency, the 100G encryptor will be suited best for highly secure storage and data interconnections of data centres.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
New 4x10G model available in the atmedia product range
23/12/2019 - The atmedia product range for the simple and efficient protection of Ethernet and IP networks has been extended.
The A40G encryptor is now available in a new 4x10G multilink variant with four pairs of SFP/SFP+ interfaces. Using four standard interfaces, the A4x10G device offers full flexibility for the choice of interfaces in the fourfold 1G and fourfold 10G modes. The technical data of the A4x10G device correspond to the A40G device.
The encryption speed of the atmedia A100M platform can be extended from 100mbps to 1gbps by a license upgrade and there is a new fibre option available.
All new models have been approved by the German Federal Office for Information Security (BSI) for VS-NfD, EU RESTRICTED and NATO RESTRICTED.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
New atmedia 40G Encryptor approved for classified data by the German BSI
12/02/2018 - The new 40G model of the atmedia Ethernet Encryptor has been approved by the German Federal Office for Information Security (BSI) for VS-NfD, EU RESTRICTED and NATO RESTRICTED. The 40G system is based on the new hardware platform of the atmedia Ethernet encryption devices introduced in 2017.
The A40G encryptor is the first Ethernet Encryptor in the market, that is able to encrypt native 40G Ethernet links (40GBASE-R) or up to four separate 10G Ethernet links (10GBASE-R). The high scalability makes the device optimal for customers planning to enter the 40G world.
The A40G encryptor uses the same chassis form factor as the 1G/10G devices (1RU). For interfacing with fibre or copper, standard QSFP+ modules are used.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
New hardware generation of the atmedia encryptors
09/21/2017 - The hardware platform of the atmedia Ethernet encryption devices has been modernized fundamentally. External changes are barely visible by the users but there has been a complete redesign of the internal encryption hardware which has been available on the market for more than 10 years. Beside a renewed long lasting availability, the new generation offers license enabled speed upgrades from 100M to 1G and from 1G to 10G and an advanced protection against manipulation that even works if the devices are not commissioned during transportation.
The new hardware variants A100MC, A100M, A1G und A10G, together with the new firmware release 3.3.1, have been approved by the German Federal Office for Information Security (BSI) for VS-NfD, EU RESTRICTED and NATO RESTRICTED.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
EU security approval for atmedia network encryptors
04/21/2016 - The atmedia Ethernet encryption devices have been approved by the Council of the European Union for the transmission of EU classified data at level RESTREINT UE/EU RESTRICTED.
Following a successful second party evaluation by the Netherlands National Communications Security Agency, the Council of the European Union has approved releases 3.2 and 3.3 of the atmedia network encryptors for protecting EU classified networks at level RESTREINT UE/EU RESTRICTED.
This approval enables the atmedia network encryptors to be used by all EU agencies and EU member states. In addition to the EU approval, the atmedia encryptors are also approved by the German BSI for the protection of national restricted classified data and by NATO for NATO RESTRICTED networks.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
BSI approves new security functions of atmedia network encryptors
11/17/2014 - The new firmware version 3.3 of the atmedia encryptors has been evaluated and approved by the Federal Office for Information Security (BSI) for the transmission of classified data.
The approved firmware enables the atmedia encryption devices to encrypt data not only over layer 2 Ethernet but over any MPLS, IPv4 or IPv6 network at speeds from a few mbps up to 10 gbps with maximum security and reliability. The new IP mode is ideal for the encryption of any mobile or satellite communication. Optimizations developed by atmedia and realized in FPGA hardware guarantee high bandwidth efficiency and maximum data protection. The optional atmedia TFS mode additionally offers a complete protection against analysis of transmitted data and any kind of data leakage (data loss prevention). Data are protected in all transmission modes against manipulation and replay with AES-GCM.
The atmedia encryptors realize the network and encryption functionality with programmable FPGA hardware. All modules are completely developed and implemented by atmedia. The efficient use of FPGAs for data security is a significant quality feature. In the past, complex network functions like TFS or AES-GCM had to be implemented on crypto processors (ASICs), where an independent security evaluation had been insufficient or impossible at all. However, a complete evaluation of security devices is essential and a basic requirement for any approval by the BSI.
The atmedia encryptors are manufactured in Germany. The company atmedia is independent and privately owned.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
Current trends in high-speed network encryption
06/13/2014 - In mid of June Christoph Jaggi and inside-it.ch published "Layer 2-Encryptors for Metro and Carrier Ethernet, An Introduction", which gives a very interesting overview of trends and mechanisms for securing WAN connections against espionage and manipulation.
Remarkably this publication addresses many of the key aspects atmedia put an emphasis on, during the development of its crypto products.
One of the main features is the encryption in combination with secure integrity protection for transmitted user data and network information (Ethernet and IP header). This protects the customers' network against active and passive attacks and realises a "perfect firewall". atmedia is the first vendor, offering Traffic Flow Security mode not only for military users (known under the generic term TRANSEC), but for all public customers and private companies. The atmedia TFS mode works over any Ethernet and IP network and guarantees a complete protection against analysis of transmitted data. It also protects the local network against any kind of data leakage via the WAN link.
The atmedia encryptors have been evaluated and approved for the transmissions of classified data (restricted level) by the Federal Office for Information Security (BSI). Many of the protection measures mentioned in the publication, e.g. secure key generation, tamper protection and integrity protection are basic requirements for an approval by the BSI.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
New compact Ethernet encryptor for mobile scenarios
06/07/2013 - The atmedia multipoint product range has been extended by the new atmedia 100M compact encryptor.
The compact encryptor offers the same network and encryption functionality as the well-known 19" 100M encryptor. Because of its compact design it qualifies also for the use in small branches or for the connection of remote security relevant systems like automatic teller machines, access control systems or other steering or monitoring systems.
The new version 3.3 firmware supports transparent layer 2 network interconnections over arbitrary WAN connections, including IPv4 and IPv6 networks.
Mounting kits are available for the safe mounting of 100M compact systems into rack systems, DIN rail systems or for wall fastening.
Like all atmedia multipoint systems, the 100M compact systems offer GCM integrity- and replay-protection. This protection against active network attacks is essential. Integrity- and replay-protection play an even more important role than data encryption for critical control and monitoring applications.
The 100M compact encryptor has been approved by the Federal Office for Information Security (BSI) for security levels VS-NfD, EU restrint and NATO restricted.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
Secure Layer 2 tunnel over IP and MPLS networks
09/11/2012 - The new version 3.3 firmware of the atmedia Ethernet encryptors supports the secure tunnelling of Layer 2 Ethernet LANs over IP based WANs.
The use of Ethernet Layer 2 WAN connections is increasing rapidly. Some areas however remain limited to routed IP connections even today. Customers using mobile and satellite communication will rely completely on IP services now and in the future.
The interconnection of LANs over routed IP Networks causes problems regarding routing, data separation and the use of virtualization technologies, demanding layer 2 transparency. Since encryption of IP connections is mandatory today, the operation of an efficient and redundant LAN interconnection is very demanding.
With the new version 3.3 of atmedia encryption systems, there is now a simple, efficient and secure solution available to overcome the limitations of IP based interconnections.
This solution encrypts and signs the Ethernet data coming in from the local LAN on layer 2. The encrypted layer 2 packets will then be encapsulated into IP frames and sent out via the WAN link. The remote side receives the IP packets and strips away the encapsulation. After the check of the signature, the Ethernet data will then be decrypted and sent to the remote LAN. The result is a fully transparent and secure connection between the two LANs, operating at wire speed.
The solution can be implemented over any layer 2, IP V4, IP V6 or IP/MPLS based WAN connection. The new firmware 3.3 will be available from Q4/2012 for the current atmedia encryption devices (100M, 1G and 10G).
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
atmedia Multipoint Encryption approved for transmission of classified data
05/10/2011 - The new multipoint version 3.2 has been approved by the Federal Office for Information Security (BSI) for the transmission of restricted data.
Following an intensive evaluation, the BSI has approved the new version 3.2 of the Ethernet Encryption product line for security levels VS-NfD, EU restrint and NATO restricted.
Special attention in the evaluation had been paid to the unique integrity- and replay-protection features of the system. These are essential for the use of layer 2 encryption in multipoint networks.
The BSI approval enables authorities and companies with a high demand for network security to effectively protect their WANs.
The already approved hardware platforms for point-to-point links will be supported largely by the firmware, enabling the customers to switch to multipoint by a simple firmware upgrade only.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
atmedia Ethernet Multipoint Encryption with integrity protection
06/23/2010 - Worlds first Ethernet Multipoint Encryption with 10 gigabit and AES GCM integrity protection support released.
With the new version 3.2 of its Ethernet Encryption product line, atmedia GmbH released the world’s first interoperable multipoint encryption system for all Ethernet speeds from 10 mbps to 10 gbps.
Since the atmedia encryption system uses AES Galois Counter Mode (AES-GCM), Ethernet multipoint networks can be protected against manipulation- and replay-attacks for the first time. This high level of protection could be guaranteed by less performing and less efficient IPSec solutions only up to now.
Another product feature is the seamless support of Ethernet broadcast and multicast scenarios. This greatly improves the efficient and secure implementation of bandwidth and quality demanding services like voice, video, terminal access and storage over WANs.
The atmedia Ethernet multipoint encryption solution enables a significant simplification of WAN infrastructures leading to a considerable cost reduction. Network services with different quality requirements can be aggregated to a single secure WAN link. With the support of MPLS and IP V6, the investment into network security will be protected for the future.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
atmedia 10G High-Speed Encryption approved for classified data by the BSI
03/19/2010 - The atmedia 10G Encryptor has been approved by the Federal Office for Information Security (BSI) for the transmission of classified data according to the classification level "VS - Nur fuer den Dienstgebrauch (VS-NfD)", EU and NATO restricted.
For the first time, the atmedia encryption system allows to encrypt fastest Ethernet network links up to 10 gbps efficiently and plausibly secure.
In contrary to IPSec based solutions, the 10G devices are working at full wire speed and with minimal delay and jitter. This guarantees that there is no impact at all on real-time services or terminal services.
The encryption at network layer 2 makes the system the perfect solution for the protection of complex MPLS networks or IP V6 based networks.
In addition to the Ethernet layer 2 encryption, the 10G Encryptor offers a special operating mode, optimized for data center interconnections. A certified combination of the atmedia Encryptor and a TDM Multiplexor allows the approved encryption of storage networks like FibreChannel, Ficon oder Escon links.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.
atmedia and secunet start cooperation
07/17/2008 - secunet extends its SINA high security solution family to include a Layer 2 encryption system. The new SINA L2 devices achieve encryption rates of up to 10 GBits/s, enabling data transmission in near real time. With SINA L2, secunet meets the specific requirements of the market, where Layer 2 and IP encryption are increasingly used in combination. SINA L2 is the result of a joint venture by Essen-based secunet Security Networks AG and atmedia GmbH from Saarbruecken.
While the previous IPSec VPN products from the SINA family ensure flexible encryption for use in any IP network configurations including suitable client products, the L2 components are designed for point-to-point encryption in dedicated networks (MAN, WAN, SAN) and offer the best possible protection in this area. They can be connected to existing network infrastructures without any changes through encryption at network level (Layer 2).
SINA L2 is based on a platform from atmedia GmbH in Saarbruecken and is supplied as an OEM product. Integration into the highly scalable SINA Management offers customers a standardized view of all of their security components, together with effective configuration and key distribution. The partnership between atmedia and secunet was contractually established on July 14.
For further information please contact us via email crypt@atmedia.de or by phone +49 681 842477.