Skip to content
Close
Arqit_New_Brand_General (7)

NetworkSecure™

Integrated, automated, on-demand quantum-safe protection of VPN data communications

NetworkSecure

Arqit NetworkSecure is a lightweight software application that hardens VPN communications against both traditional man-in-the-middle attacks and Store Now, Decrypt Later1 quantum attacks. 

1SNDL attacks –Encrypted data is harvested today and stored by adversaries with the intent to decrypt it in the future when quantum computers reach sufficient maturity.

Arqit_New_Brand_General (56)
Arqit_New_Brand_General (47)

Through a simple integration with existing network infrastructure, NetworkSecure allows organisations to easily and cost-effectively adopt a defence-in-depth approach, complying with the latest cybersecurity recommendations from standards bodies like NIST, and protecting themselves from devastating future breaches.

NetworkSecure is available to integrate with various OEM Firewalls including those from Juniper and Fortinet, and open source VPN technologies such as StrongSwan.
Arqit_New_Brand_General (20)

Arqit NetworkSecure for VPN

A simple agent to future-proof VPN security

1
Secure your data
Secure high-value data-in-transit by hardening existing VPN channels
2
Standards compliant
Uses a NIST-recommended approach and conforms with NIST standards
3
Easy to use
Overlays onto your existing infrastructure and is simple to install and administrate

Solution overview: Arqit NetworkSecure™

Integrates with: 

Quantum-safe VPN tunnel enabled by Arqit SKA-Platform™

Diagram_4

 

Solution

NetworkSecure is an easy to deploy and manage application that integrates seamlessly with a customer’s network infrastructure to provide on-demand quantum-safe symmetric keys brokered by Arqit’s SKA-Platform.

The keys are consumed by network devices to provide an additional layer of encryption security, protecting data in transit against PKI-related attacks and the quantum threat, both of which exploit weaknesses in public key cryptography.

 

Arqit_New_Brand_General (64)

Arqit_New_Brand_General (38)

Benefits

  • Immediately hardens network communications and keeps data secure, preventing devastating SNDL attacks that carry significant financial, compliance, and reputational risk
  • Simple, small-footprint overlay to existing infrastructure, avoiding rip-and-replace by integrating seamlessly with existing network protocols
  • Minimal management overhead, with data easily exportable to existing SIEMs/XRD solutions
  • Enables compliance with National Security Memorandum NSM-10 and NSA CSfC Symmetric Key Management Requirements Annex 2.1
  • Conforms to NIST standards for cryptography e.g. AES-256, as well as NSA’s recommended use of pre-shared keys to protect against the quantum threat
  • Easy-to-use Arqit cloud console for advanced configuration management e.g. endpoint logical grouping and endpoint policies
  • Negligible performance and latency impact

Get NetworkSecure

Book a Call

Our pillars of quantum-safety

Trust •  Quantum-safe data-in-transit protection for IPsec VPN protocols
•  Split-trust key agreement such that SKA-Platform has no knowledge of the data encryption keys
•  Strong, active, continuous authentication
•  Short-lived, forward-secrecy authentication keys
•  Future-proof into the quantum era
•  Data keys rotated to optimise security
Compliance

•  Works alongside existing PKI-based methods
•  Export log information to third party tools
•  Complies with international standards on cryptography and key management including NIST ML-KEM, NSM-10, FIPS 140-3, and more
•  Employs standard ETSI 014, Cisco SKIP and strongSwan vici key interfaces. Compatible with RFC 8784.
•  Complies with NSA’s recommended use for dynamic pre-shared keys to protect against quantum threats
Agility •  Flexible creation of logical security groups and endpoint policies
•  Allow, deny, and quarantine endpoints.
•  Crypto agile – underlying cryptographic primitives and algorithms can easily be switched
•  Centralised configuration, policy management and rule enforcement
•  Supports multiple network topologies -point-to-point, hub-and-spoke, mesh- and scale to thousands of devices
Simplicity •  Integrates seamlessly with Next Gen Firewalls (NGFWs) (e.g. Fortinet FortiGate, Juniper SRX, Cisco SKIP network devices) and open-source IPsec VPN technologies such as strongSwan
•  Over-the-air bootstrap method
•  Immediately hardens network communications
Easy to use cloud console for NetworkSecure configuration management
Negligible performance and latency impact

Arqit_New_Brand_General (54)

Highest grade DIT for any use case

NetworkSecure provides a simple, fast and effective method to upgrade existing enterprise, telco and tactical defence networks to protect data-in-transit traffic against quantum threats.

NetworkSecure integrates at multiple layers of the OSI stack, providing quantum-safe keys for the TLS layer to protect application layer protocols, Layer 3 IPsec VPNs, Layer 2 MACsec for high bandwidth point-to-point links and Layer 1 OTNsec to protect global fibre backbone networks.  

Symmetric-based authentication additionally simplifies, strengthens or even replaces existing authentication mechanisms used within network protocols by providing an alternative to PKI certificates, public/private key pairs and static pre-shared keys, streamlining management of credentials and reducing complexity.

VPNs and the evolution to SD-WAN

NetworkSecure enhances the security of IPsec VPNs which are ubiquitously deployed across telecom, enterprise and government networks.

Traditional VPNs are migrating to Zero-Trust Network Access (ZTNA) solutions for granular policy-based private application access and organisations are adopting SSE and SASE integrated cloud security services like SD-WAN for dynamic and scalable network connectivity. NetworkSecure can augment these services to protect critical management traffic on the control plane against attacks alongside data traffic between branch sites, to and from data centres and private/public clouds.  

Arqit_New_Brand_General (57)

Arqit_New_Brand_General (45)

Complementary positioning with QKD and PQAs

Arqit’s solution is complementary to organisations that have invested in QKD solutions. Whilst QKD systems provide the strongest level of security against MITM attacks, their current distance limitations and high hardware costs make it currently unviable for efficient end-to-end quantum-safe communications at scale. Arqit's software can be deployed alongside QKD solutions to expand coverage or plug in the gaps for network hops where QKD systems are not able to be deployed.

Arqit utilises NIST PQAs and standards-based cryptography to implement defence-in-depth security and enables industry and regulatory compliance for data protection.

Find out more

Brochure