ST. LOUIS, Jan. 21, 2022 (GLOBE NEWSWIRE) — Cybersecurity experts say that a software-free technology designed by St Louis company Q-Net Security could be the solution to securing against the Log4j vulnerability.
“Because Log4j is a nearly ubiquitous piece of software, it is itself a component in many security tools. But you can’t often secure software with more software – one reason why the Log4j vulnerability is so challenging to fix using traditional approaches” says Dr. Johnathan Mell, Assistant Professor at the University of Central Florida.
“Because Q-Net’s HardSec doesn’t run any software, it’s completely invulnerable to the Log4j flaw.
Unlike traditional software-based cybersecurity, the Q-Box from Q-Net Security runs entirely on hardware. It utilizes a specialized chip called an FPGA that can only be programmed using physical access to its pins.
“Installing Q-Net in your network creates an impenetrable physical barrier that cannot be compromised remotely,” says Dr. Ron Indeck, CEO of Q-Net Security, and the retired founding Director of the Center for Security Technologies at Washington University.
“This can reduce the impact of the Log4j vulnerability, stop the spread of any breaches, and as it is interoperable with nearly every device today, will buy time for an organization to fix their overall security position”.
“The Log4Shell vulnerability reveals just how fragile software can be. We must utilize new approaches to cybersecurity such as HardSec,” says Melissa Hathaway, leader of the Cyberspace Policy Review under President Barack Obama.
“Regardless of the age of the operating system, properly configured HardSec can protect modern and legacy networks alike,” says renowned hacker Marc Rogers, VP of Cybersecurity at Okta and Head of Security for the world’s largest hacker convention, DEF CON.
Experts see HardSec as the key to protecting critical infrastructure from cyberattacks in the future.
“When critical infrastructure goes offline, it can mean your power goes out, your water doesn’t run, and your fuel tanks run dry. Q-Net Security’s hardware security can be installed without the usual downtime and never needs to be patched – simply plug-and-play and walk away,” says Dr. Branko Terzic, former Commissioner of the US Federal Energy Regulatory Commission.
“No software is ever truly secure,” says Dr Indeck. “We see HardSec as the only provably-secure way to protect against software vulnerabilities like Log4j.”
—
Dr. Mell’s opinions are his own and do not represent any official position of UCF.
Contact Information: Jayde Lovell, +1 347 698 3291
