In-Band Security Is Bad

It continues to surprise me how many people still do not know about the Kaspersky Russian Spyware fiasco.  In short, Kaspersky is one of the most widely-installed anti-virus software in the world.  Many people knowingly added it to their computers despite the software makers being from Russia and despite the fact that such companies have no protection against government interference.

Shockingly (not really), it turns out that the Russian government used Kaspersky to spy on massive numbers of computers – including many sensitive computers in our government and military.  While this is a bad action, it is a symptom of a much larger issue and that is an issue of complete trust.

All modern security software runs in-band – meaning that every piece of data can flow through somebody else’s system and there is nothing a person or company can do about it.  Whether the provider is using a cloud-based solution, automatic updates or running specialized hardware, customers have no choice but to expose their entire worlds and hope for the best.

This is NOT a good idea.

Out-of-Band Protection Is The Future

Bear, on the other hand, firmly believes that all security should run out-of-band and that data does not need to be seen in order to be protected.  To this end, Bear runs a distinct management channel that can reside on separate controlling devices.  This system can still maintain device and communications security but the data on those devices and networks never crosses into a Bear system.

This is how security needs to work.  If Bear got compromised the worst that happens is that the security on protected systems stops being as effective.  There can be no data compromise because a customer’s data never goes into a Bear administrative device.  With Bear, people simply need to trust that we can protect their networks but they do not need to expose everything they do and want to be protected.

Doesn’t that make more sense?