Introduction to SeaCat
SeaCat technology is purpose-built for high numbers of Client connections (e.g. mobile Application, IoT devices). SeaCat provides strong security for Applications used on different kinds of endpoint devices (e.g. mobile phones, smart IoT/M2M devices, handhelds, tablets, and computers). It provides secure endpoint connectivity over Public Networks and protects Application backends from cyber threats. As such, SeaCat-based solutions reduce the attack surface of these environments and devices.
SeaCat is designed for enterprise environments to secure large-scale B2C (consumer), B2B (business) and B2E (employee) Applications and large-scale IoT Applications.
Key design principles:
- Easy implementation;
- High level of protection against cyber threats on the application level;
- Transparent for the Application developers (e.g. no need to modify Application functionalities);
- Pleasant User security experience when other traditional instruments fail (e.g. VPN for B2C mobile Applications);
- Independent of network topology, segmentation, and data network protocol (e.g. HTTPS, JDBC, …);
- High data throughput;
- No Single Point of Failure (SPoF);
- Public Key Infrastructure (PKI) administration;
- No Application security compromises (e.g. on endpoints with an old cryptographic library).
SeaCat is at the core of the following security-oriented products:
- SeaCat Mobile Secure Gateway for iOS, Android, Windows Mobile Applications
- SeaCat IoT Application Security Platform for IoT and M2M Applications
- In-App VPN
- SeaCat Agent
SeaCat consists of following main components:
- SeaCat SDK
- SeaCat Gateway
SeaCat SDK is a software library, which is designed to be integrated with a protected mobile, IoT or M2M Application.
SeaCat SDK provides:
- Security for Client Connection between the Application to respective Application Backends
- Unique Client identification due to integrated Certificate Authority and PKI support (no user login needed for that);
- Strong FIPS 140-2 compliant encryption support on all devices, independent of operating system capabilities (e.g. mobiles with the old cryptographic library, IoT/M2M devices) thanks to OpenSSL cryptographic module integration;
- Endpoints data security (e.g. key pairs, Application data) owing to local secure Permanent Storage;
- Secure data transport between an Application and a SeaCat Gateway over unsecured Public Networks;
- Secure Client onboarding sequence;
- Automation of all important cryptographic procedures such as renewals and revocations of Client Certificates.
SeaCat Gateway is a server software that acts as a security gate between a Public Network and a Private Network and to orchestrate Clients. It is typically deployed in the Demilitarized Zone as a cloud or on-premise appliance. It forwards valid and authorized Client requests to respective Application Backends via HTTP, MQTT, and other protocols. It is built using POSIX standard and runs on various Linux and Apple Mac OS X operating systems. All major virtualization platforms are supported.
SeaCat Gateway provides:
- Protection from cyber-attacks (e.g. volumetric DDoS, robots probing, ports scanning) thanks to isolating Application Backends from Public Networks;
- Protection from unauthorized access to Application Backend due to inbound Client Connections authentication;
- High Availability of Application Backends thanks to the redundancy of all used components;
- Load resistance by traffic Load-Balancing between Clients and SeaCat Gateways;
- High data throughput thanks to easy Scalability (e.g. hundreds of thousands Concurrent Client Connections);
- Support for Disaster Recovery plans and requirements;
- Unique user Identification;
- Client behaviour analysis;
- Access Management;
- Certificate Authority;
- Audit log to connect to the Security Information and Event Management (SIEM) or Network Security Center (NOC);
- Application Programming Interface (API);
- Load Balancing for Application Backend.
Client Connection is a network link similar to Secure Socket Layer Virtual Private Network (SSL VPN) between a SeaCat Gateway and a SeaCat SDK (typically in a Public Network). It ensures confidentiality, integrity, authenticity and non-repudiation of transferred data.
Client Connection provides:
- Protection from interception or other data traffic manipulation by SSL Mutual Authentication;
- Increase in communication speed due to reduced HTTP protocol overhead and Client Connection persistency;
- Server pushing ability owing to Client Connection persistency and MQTT support;
- Authorize cryptography thanks to TLS 1.2, FIPS 140-2 compliant encryption.
Host Connection is a network link between a SeaCat Gateway and an Application Backend (typically in a Private Network).
Host Connection provides:
- Support for HTTP, HTTPS and MQTT protocols;
- Sticky session by pinning to a particular SeaCat Gateway and an Application Backend instance;
- Load resistance by traffic Load Balancing between SeaCat Gateways and Application Hosts.
For more details about SeaCat functionality go to How It Works chapter.