Lynxspring

Lynx CyperPro Graphic

LYNX CyberPRO® Security

LYNX CyberPRO® is the solution for organizations looking to add additional cyber security protection and control for remote access of their networked devices. LYNX CyberPRO® works within existing IT infrastructures – without relying on public IP addresses, VPN connections or non-managed cellular connections.

LYNX CyberPRO® is a VPN alternative that combines flexibility, security and ease-of-use. Unlike a VPN, LYNX CyberPRO® requires no changes to the network to be deployed. It can be installed, configured and used by staff without in-depth IT training, yet provides the security and API access IT professionals demand.

LYNX CyberPRO®, a collaboration between Lynxspring, Inc. and Netop, Inc., is designed to accommodate human-to-machine and machine-to-machine environments. LYNX CyberPRO® is a firewall friendly, easy-to-use solution that securely connects remote users with individual networked devices without extending the entire network.

LYNX CyberPRO® ADDRESSES MULTIPLE AREAS OF CYBER PROTECTION

Reduces the Attack Surface

  • Removes all devices from the public Internet; closes all ports and eliminates the need to add and manage users to the VPN access directory
  • Hardens and maintains the integrity of the corporate firewall; allows authorized users-including third-party contractors--secure remote access to the appropriate systems
  • Single point access versus multiple points
  • Restricts access to specific, authorized systems only
  • Minimizes the number of devices on the Internet; avoids a proliferation of direct-to-Internet devices

Secures the Connection

  • Sophisticated encryption; SSL encryption and enterprise-grade administration capabilities
  • User logs into the encrypted LYNX CyberPRO® cloud and is authenticated via distinct checkpoints; after positive verification a list of available keys is presented
  • Consists of two layers of verification (device and cloud)

Manages and Audits User Access and Rights

  • Users must log into selected key, and once authenticated, presented with a list of devices and randomly generated ports
  • Users do not use IP addresses: only the randomly generated ports the key provides
  • All communication interactions require authentication and authorization
  • An audit log is created for each session and records all user and network activity

HOW DOES LYNX CyberPRO® WORK?

Lynx CyberPro Overview Diagram

LYNX CyberPRO® includes three modules: Connector, Cloud, and KEY. The first step is the creation of a unique account in the LYNX CyberPRO® Secure Cloud environment. Once this account is established, the KEY is configured to communicate directly to the Cloud via specific URL, username, password and domain (Lynxspring pre-configures Hardware KEYs for easy installation for customers using the LYNX CyberPRO® Hosted solution).

Lynx CyperPro Key Diagram

The LYNX CyberPRO® KEY is installed “behind” the firewall on the same LAN segment as your chosen endpoint(s). KEYs require an outbound connection to the Internet for remote access to be enabled, but no changes to network topology are required.

An account administrator must configure the KEY with the IP address and desired port(s) for their chosen endpoint devices. Only the account administrator has the ability to add or delete endpoints from the solution. LYNX CyberPRO® supports a wide variety of devices as endpoints, requiring only that they listen on a known port and communicate with the LAN via Ethernet IP.

Lynx CyberPro Secure Cloud Diagram

The KEY communicates with the Cloud through a periodic “heartbeat.” In a similar fashion, the Connector sends a message to the Cloud environment when a user (or an application with API access) requests access to a specific KEY. Secure connectivity is provided on demand, preserving valuable bandwidth when not in use.

The LYNX CyberPRO® Secure Cloud acts as a switchboard, routing traffic between the Connector and KEY. When a user launches the Connector, the Cloud first authenticates the user to ensure they are authorized and then displays the list of KEYs associated with that specific Cloud account (those available for connectivity). An organization’s Cloud account can have a single KEY or thousands depending on specific need. The user selects the appropriate KEY and requests the creation of a secure tunnel for further communication.

Lynx CyberPro Connector Diagram

To establish the tunnel, both Connector and KEY send outbound TCP traffic to the Cloud. However, the cloud environment is not a termination point for the tunnel. Data flowing between Connector and KEY uses 256-bit AES encryption. The Cloud routes the traffic, but cannot decrypt the traffic. The KEY requires separate user authentication to establish the tunnel. No KEY credentials are stored within the cloud.

Once authenticated by the KEY, the Connector displays the list of endpoints configured on that specific KEY. Users are provided information within the Connector to facilitate communication through the KEY to the endpoint.

WHY CHOOSE LYNX CYBERPRO?

Developed by Lynxspring in conjunction with Netop, a leader in secure remote software solutions used by half of the Fortune 100, LYNX CyberPRO® is the industry’s first cyber-threat protection solution designed specifically to protect building automation and energy management systems. Incorporating industry proven IT security technology and methods, LYNX CyberPRO® hardens your corporate firewall by removing exposed devices and ports from the public Internet. It creates additional layers of protection and pre-emptive threat protection for the devices and systems across a building network by securing, managing, controlling, tracking and monitoring account access and activities. The solution supports building automation protocols with TCP/IP networks and ensures rapid and manageable remote connectivity while simultaneously reducing attack surfaces and improving system security.

Easy-to-Use

LYNX CyberPRO® has been designed from the ground up to provide a high level of technical sophistication with an easy-to-use interface. The solution does not require technical certification or in-depth product training to install, configure or use. Installation and configuration do not require changes to existing network topology or network user directories. The solution can be deployed in a matter of minutes.

Firewall Friendly

LYNX CyberPRO® uses outbound communication through a secure cloud environment to create an encrypted tunnel between a client computer and a remote networked device. The use of outbound traffic means no insecure firewall exceptions or port forwarding rules. The solution works using most network default settings and does not require the assistance of a network administrator to install or configure.

Military Grade Security

Lynxspring utilizes Netop’s security system ensuring the confidentiality of data flowing through the solution – multiple authentication points are required, data is encrypted. LYNX CyberPRO® is hosted in SSAE16 audited facilities with 24/7 security monitoring and regular penetration testing. Customers also have the option of self-hosting LYNX CyberPRO® in their cloud environment.

Flexible

LYNX CyberPRO® is available as a software only solution for organizations with existing hardware infrastructure, or Lynxspring can provide a software + hardware solution for easy deployment. Once deployed, organizations can use the software of their choice through the LYNX CyberPRO® tunnel.

LYNX CyberPRO® is designed to operate with wired, wireless, cellular or satellite based connectivity – including low bandwidth, high latency connections. With support for Windows, Linux and Mac, LYNX CyberPRO® can operate in the most basic network environment, or the most complex – including software defined networks (SDN).

Lynxspring will host the LYNX CyberPRO® Cloud environment or provide the software for a fully self-hosted solution. API access and a software development kit (SDK) allow an endless number of combinations and use-cases.

Reduces the Attack Surface

  • Removes all devices from the public Internet; closes all ports and eliminates the need to add and manage users to the VPN access directory
  • Hardens and maintains the integrity of the corporate firewall; allows authorized users-including third-party contractors--secure remote access to the appropriate systems
  • Single point access versus multiple points
  • Restricts access to specific, authorized systems only
  • Minimizes the number of devices on the Internet; avoids a proliferation of direct-to-Internet devices

Secures the Connection

  • Sophisticated encryption; SSL encryption and enterprise-grade administration capabilities
  • User logs into the encrypted LYNX CyberPRO® cloud and is authenticated via distinct checkpoints; after positive verification a list of available keys is presented
  • Consists of two layers of verification (device and cloud)

Manages User Access & Rights

  • Users must log into selected key, and once authenticated, presented with a list of devices and randomly generated ports
  • Users do not use IP addresses: only the randomly generated ports the key provides
  • All communication interactions require authentication and authorization

Audit

  • An audit log is created for each session and records all

Assets

  • LYNX CyberPRO® White Paper
  • LYNX CyberPRO® Overview
  • LYNX CyberPRO® for IT
  • LYNX CyberPRO® for Owners
  • LYNX CyberPRO® for Contractors

These and other documents are available at: www.lynxcyberpro.com

LYNX CyberPRO® Offers Cyber Security for Building Control Systems (Video)

These and other documents are available at: www.lynxcyberpro.com