R&D Projects
Research and Development projects within OneFirewall
Encrypted communication (SOCS)
Signal Open Source (Server, Mobile) - Java/Kotlin. Docker compose, Unix VMs
Develop the capability for secure and private communication within an organization, similar to WhatsApp, but built upon the Signal open-source framework. This solution would support the customization of encryption algorithms to meet specific organizational needs in house, for encrypted and bespoke cryptographic algorithms over a public internet.
Utilizing Knox capabilities for hardware encryption, the solution was deployed to two customers for stress testing. It operates on physical servers with eight dedicated VMs under VMware, ensuring isolation and secure public-facing access for mobile devices and desktop applications. The deployment achieved fully secure, exclusive communication, with 100% encrypted transmission over the public internet for voice, file sharing, and text communication.
Scalable Threat Distribution
NodeJS, Python, Microservices, plugins for current SIEM and firewall devices in the market
Enable comprehensive threat-sharing capabilities across a global, scalable, and dynamic network of firewalls and SIEM solutions, operating under an open alliance framework. This approach transcends reliance on a single vendor or technology, fostering collaboration between private and public organizations to deliver real-time intelligence on malicious actors.
We successfully aggregated over 50 million combined threat intelligence data points from more than 500 diverse sources, continuously feeding real-time information. This system enables malicious connection prevention within 30 seconds, and in some cases, as quickly as 5 seconds. Currently, we maintain 59 active sources at any given time, processing over 1 billion data points per month to ensure robust and efficient threat mitigation.
Cybersecurity Trust algorithm
Python, NodeJS and Frontend (Browser version)
A sophisticated cybercrime scoring system designed to analyze attack signals, identify the originating device or appliance, and trace the source actor from the data feed. The score distills this information into a single numerical value, representing the trust level and confidence in identifying the malicious actor, all while preserving anonymity.
We chose not to base our solution on simple logic. Instead, we developed a sophisticated matrix that integrates multiple data points to calculate a coordinated trust score. Today, we can assign a numerical trust score to each internet asset—IPv4, domain, URL, or file—derived from a complex evaluation process. This process considers factors such as the credibility of the source (“Who said so?”), the supporting data (“Based on what information?”), the timing (“When was it reported?”), corroborating insights from other sources (“What did other members say?”), and the trustworthiness of each individual element in the puzzle.
Closed VPN
OpenVPN, Kotlin (Android), Swift (iOS) and multiplafrom desktop application
Develop an open-source project based on the widely recognized OpenVPN protocol, enabling organizations worldwide to establish secure communication channels over public internet infrastructure. This solution ensures the protection of data exchanged between customers, employees, and central data centers, fostering universal accessibility and trust in secure communication practices.
CloseVPN is an innovative project built on the OpenVPN framework, designed to facilitate secure communication by integrating third-party cyberattack intelligence feeds. It ensures protection for users on any device, whether inside or outside the organization. So far, we have achieved seamless internet connectivity through a dedicated VPN server fortified against malicious attacks. Additionally, CloseVPN actively prevents access to websites identified as phishing threats, offering users enhanced security and peace of mind during online activities.
Secure DNS with realtime feeds
Bind9, python, bash, and linux VM, AWS
Leverage an open-source project like BIND9 to enable fast and interoperable DNS query resolution, designed to identify and mitigate phishing campaigns targeting organizations. This solution enhances DNS security by efficiently detecting malicious domains and preventing phishing attempts, ensuring robust protection against cyber threats.
We have successfully deployed and served customers without any issues, utilizing two data centers located in London and Frankfurt. Over the past two years, the solution has been operational and highly effective, preventing access and mitigating attacks from approximately 40,000 unique threat actors. It delivers superior protection compared to current alternatives such as Cloudflare and Quad9, providing enhanced security and reliability for our clients.
Mobile Protection (OFA Mobile)
Android (Kotlin), Swift (iOS), local VPN - tunneling
A solution capable of blocking malicious connections within a mobile application by leveraging device-level routing capabilities, all without requiring jailbreaking or rooting of the mobile devices. This approach uses a predefined list of malicious actors to ensure secure and seamless operation.
We successfully deployed the service with two customers, demonstrating its effectiveness in protecting against malicious actors directly on mobile devices. Notably, we achieved prevention capabilities within 40 seconds on these devices. For instance, if an attacker targets Organization X, the solution can block the attacker’s inbound and outbound communications on an employee’s mobile device at Organization Y within 40 seconds, ensuring rapid and comprehensive protection across connected networks.