Excalibur

Welcome to Cyber-Security as a Service!

Fundamental breakthrough in securing all your applications, services, systems and websites by cloud-based real-time streaming

No more passwords, exploits or the need for constant updates

All you need is your smartphone and a browser

What is Excalibur

Excalibur utilizes the user’s smartphone to act as a secure hardware token for any and all authentication and authorization needs. The ultimate goal is to move all forms of authentication and authorization away from passwords, replace them seamlessly with smartphone-based strong but user friendly multi-factor authentication. Excalibur's unique value is in providing backward compatibility with all the applications, Operating Systems (OS) and services used today thus creating a bridge between the password-based present and password-free future.

One of the core innovations of Excalibur is its ability to defeat all attacks on credentials as Excalibur is able to automatically change a password on each login. In the Excalibur user flow – the password is no longer entered by the user – the user never even knows the password, it is just a random string used in the background, seamlessly injected into the login process by Excalibur. The user instead just interacts with the smartphone – using it to provide various authentication factors as required by the defined security policy.

location_icon

Precise geolocation

location_icon

On-device biometry

location_icon

PIN code fallback

location_icon

Ownership factor

...
Our Mission

Everything that is connectable is hackable.

The bigger the attack surface the more statistically probable to occur. Attack surface is already not manageable, think of what will happen once truly everything is connected (5G).

Cyber security is a rocket science, so just hop on and enjoy the ride.

...
Our Vision

The only solution is eliminating direct end-to-end connectivity.

Hide everything behind dedicated always updated continuously audited strongly authenticating cloud service with minimal attack surface and complete auditability of every interaction

Welcome to Cyber-Security as a Service!

...
Our Plan

Privileged Access Management ( PAM )

By utilizing and expanding concepts known and used by Enterprise grade PAM systems

Excalibur PAM connects to targets over the SSH tunnels ( Excalibur Cloud Tunnel )

Status Quo

Problems

Gateway problem

  • Exposed resources
  • Exposed services are protected  by firewalls / WAFs / rule based IPS etc
  • Security is provided by filtering networ traffic which is like trying to find the needle in a haystack
  • The exposed gateway must be always updated, but because it is on-premise there always will be delays

VPN problem

  • Exposed resources
  • Exposed services are protected  by firewalls / WAFs  / rule based IPS etc
  • VPN servers are continuously hammered by attacks, exploits and thus security updates are never ending
  • Once VPN is breached, internal resources are immediately exposed

Solution

Cloud tunnel + PAM

Excalibur Cloud Tunnel

  • Topology independent
  • Connecting from inside out thus able to connect thru any NAT or most firewalls

  • SSH tunnel
  • SSH is well known and trusted Strong mutual authentication Exposes only specific application ports

  • TRESK
  • Tunnel Resolver Component takes care of orchestrating tunnels in a cryptographically safe way so that only the right user can connect to the right target

  • PAM ( Privileged Access Management )
  • Excalibur utilizes and expands concepts known and used by Enterprise grade PAM systems Excalibur PAM connects to targets over the SSH tunnels

No more direct connectivity 

  • No more exposed company resources
  • In cloud protocol termination
  • Protocols used to connect to protected resources are terminated in cloud. Vulnerabilities are thus hidden

  • Minimal attack surface
  • It is our attack surface now not your problem anymore 

  • No more attacks on your infrastructure
  • Your firewall can now block all incoming connections as no resources are exposed anymore

  • Access streaming
  • Users are strongly MFA authenticated. Access to tunneled resources is provided via fully interactive streaming directly to the user browser All sessions are by default recorded and indexed by user activity for full auditability Can't hack a protected resource thru "pictures" :)

Features

Unique value proposition

Dynamic passwords

Complete legacy compatibility with every system you use today, if Excalibur does not directly integrate the given system user is able to temporarily show password on his token after authentication factor verification. Password gets automatically changed after a short time period.

  • Random password
  • Changed before each authentication
  • Passwords are automatically changed by Excalibur before each authentication and subsequently injected into authentication process.

  • No expiration
  • No regular manual changes required
  • Users do not interact with passwords anymore

Geolocation

Excalibur as a home-office enabler

  • Extra security binded to location
  • Sensor fusion geolocation used as another authentication factor.

  • Self registration from home
  • Self-service home geofence registration - powered by peer verification.

  • Precise micro-granular geolocation
  • Unique home address(es) for each employee.

  • Secure work from home
  • Location access controlled per user down to building level precision.

Recording

Excalibur indroduces "Streamed access management" ( SAM ). It's just like Privileged Access Management but for ALL access!

All user activity is monitored, recorded and indexed, fully searchable with zero deniability of actions.

  • All activity is recorded
  • Access resources behind any firewall / NAT via tunnel
  • HTTP / HTTPS, RDP, SSH, VNC, TELNET
  • Access to resources is streamed directly to web browser
  • Resources are no longer exposed, no way to attack protected resources

Peer verification

Any Excalibur authenticated action can be configured to use 4-eye verification aka peer verification .

  • 4-eye principle anywhere you need it
  • Extra security
  • Require confirmation by additional individual on any action such as login to a sensitive system, registration of a new user etc.

  • Fully configurable
  • The action can be verified by any colleague or a manager of the given user or service desk.

Remote Peer verification

Peer verification supports also remote scenarios. User requesting access (peer verification) and the user confirming access can be on physically different locations.

  • Remote 4-eye principle
  • Detailly Logged
  • Every verification is logged - it is clear who confirmed what request, thus managers and/or the security operation center can keep track of them.

  • No more human element risks

References

Our Clients

logo_tatra_banka

Tatrabanka

Tatra banka was founded in 1990 and since then, it has won more than 130 awards granted by 30 awarding authorities.

logo_susr

Statistical office

The Statistical Office of the Slovak Republic is central body of state administration of the Slovak Republic for the branch of statistics.

logo_nbs

Slovak National Bank

National Bank of Slovakia is the central bank of Slovakia, which is a member of the European Union and the European System of Central Banks.

logo_soitron

Soitron

We believe that companies can gain a competitive advantage thanks to our technological innovations.

RECOGNITIONS

ITU Telekom world Startup awards Rice Wayra Telekom inovation contest Intel business Intel global WIPO Hubraum Krakow EIT Startup activation Hubraum cyber security Cisco Horizon 2020 Kaspersky Panasonic Deniz Bank Svet Zdravia Volkswagen Tuborg

Contact

Contact Us

Our Address

Hraničná 12, 05801 Poprad, Slovakia