Isometric business people talking conference meeting room. Team work process. Business management teamwork meeting and brainstorming. Vector illustration

Fognigma: Protecting from the Inside

The Threat is Inside the Building!

Often, Cybersecurity is thought of as a process of looking out to the world and searching, scanning, and bracing for what might be out there. It’s an ongoing process – a valiant mission – to plan for the worst. It’s a constant battle against external threats discovering things about you and using those discoverings against you. Unfortunately, if you are only looking for and protecting against external threats, you’re only doing part of your job. Cybersecurity should always be viewed as looking in two directions at once: external and internal. It is imperative you don’t ignore the possibility of internal threats.

Internal threats, of course, come from inside your organization. They are your employees, your coworkers, and sometimes even your friends. It is hard to imagine they would willingly do anything to betray your organization. But wait! Internal threats are not always the criminal, calculated schemes that feed our movies and television shows. Many times, internal breaches are due to a variety pack of non-nefarious reasons. Let’s explore more, shall we?

Non-Malicious Insider Threats

Quite often, the employees who become non-malicious insider threats (NMIT) don’t even know they are doing anything wrong. These are the people who check work email on public computers and then forget to log out of their applications. These are the employees who do work while at coffeeshops on unsecure networks. These are the ones forwarding work emails to their personal email addresses, so they can continue working from home.

checking email

Or perhaps the employees are, in fact, willfully doing something wrong, but they justify it as necessary to get their job done.  The Government Research Council (GRC) did a study on government employees’ use of approved mobile devices. The GRC found around one-third of respondents were using personal devices to do business work on. Of that third, 94% of DoD and military employees, and 64% of civilian employees, were using personal devices that had not been approved by their agency.

Better cybersecurity education can really go a long way to stopping many NMITs from forming in any organization. Employees should be taught not only what is acceptable and what isn’t, but also why certain online behaviors are dangerous. They should be taught how immense their impact is in the organization’s cyber security plan and how cyber security is a company-wide endeavor.

There is one other way to severely hamper both malicious and non-malicious insider threats, something Fognigma excels at: granular user controls.

Fognigma Networks Protect Against Insider Threats

Fognigma gifts network administrators with granular user controls. Quite simply, granular user controls allow the admin complete control over every little aspect of a user’s permissions inside a Fognigma-created Mission Partner Network (MPN). From which components to which files to which entry and exit points, admins will be able to make sure each user has access to only those things they need to access. This method of precise control is accomplished by creating groups.

Groups exist for each part of a Fognigma network. With just a few mouse clicks, users are added to very specific groups, which give them access to specific components, features, and even entry and exit points. And just as easy as they are added, users can be removed from groups.

We can explain this better by using an example. Our example company is called The Company and boasts 400 happy (and imaginary) employees. The Company has deployed Fognigma and is enjoying the protection and anonymity it provides. A new employee is hired: Jay. The Company’s HR team is on point and have already completed an IAM (Identity and Access Management)  assessment for Jay. As a new accountant, Jay needs access to certain things and shouldn’t see other things.

Admin Controls

The network admin who handles all permissions begins adding Jay to groups inside their MPN. He gets added to the company-wide telephony system group, the company-wide message server group, and the company-wide file share group. Jay is then added to the accounting fileshare group and accounting private channel on the company-wide message server group – each consisting of the CEO and the four-person accounting department. No other employees can access these groups, which thus limits the exposure of sensitive financial data to just 1.25% of the company.

Jay is not added, however, to the dev file share or the dev private messaging channel group (which Jay doesn’t even know exists). Jay doesn’t need access to any of the development team’s research or discussion. Not that he would (he’s a good dude), but this limited access prevents Jay from even contemplating leaking company development secrets – he just can’t get to them.

And here comes the really cool part. Imagine, after a few months, Jay realizes a new computer process would greatly help accounting with their accounts payable work flow. He mentions it to the CEO, who loves the idea. A new private messaging channel group is formed. Inside that group are Jay, the CFO, and two developers assigned to the task. No one else in the company can access this messaging group. Inside, these four employees can discuss and develop the new process.

Fognigma Networks

Three months later, the process is rolled out for the company to use. The accounting department is thrilled. The private messaging group is no longer needed, so is easily  deleted. And the rest of the company? Well, they didn’t need to know about any of this, so they didn’t. Everyone is containerized within their own little spheres, preventing each user from having too much access to what goes on inside the company.

This example serves to illustrate just a fraction of how Fognigma’s use of groups can limit user access and temptation. And by limiting access, Fognigma’s granular user controls prevent problems before they even can develop.


How Fognigma Can Aid an Elderly Network Structure

An Elderly Network Structure is Rife with Vulnerabilities

Many times, there is an inherent problem with how government and/or larger/older agencies build their infrastructure. It makes sense how it happens, so it seems like it should be able to be prevented. But alas, normally budget and time prevent the proper formation and revision of infrastructure. What are we talking about here? In a word: Frankenstein’s monster.

Frankenstein’s monster, as everyone knows, was put together by using bits from various systems (a nicer way of saying body parts, which works better for this analogy). Attached as needed and jerry-rigged together, all the components eventually formed one functioning whole. In Frankenstein, the whole (monster) worked fine, but was rejected by society. That is, it worked but was quite vulnerable to outside threats. See where we going with that?

Frankenstein Parts
Parts form to create a network infrastructure

Unfortunately, the infrastructure of many larger and older agencies has also been put together as needed over time. Also, many times software applications are built or adapted to do one task in the organization, and it’s just easier and more cost effective to continue as per (business as) usual than migrate data into new programs and processes. The longer the agency exists, the more parts might get retrofitted together in a tenuous web that works . . . but just barely.

Frankenstein in Armor

Now, try to imagine fitting Frankenstein’s monster with a custom suit of armor. It might seem easy to surround the creature’s piecemeal form, but it won’t offer all the components perfect protection. Once an enemy knows how to penetrate your armor, the whole monster is going down. It’s the same with cybersecurity for our example agencies with antiquation issues. You might be able to get some form of network security around the network, but it really won’t completely protect the components.

That’s because each component has its own unique features (read: issues) and doesn’t always talk to other programs well.  We’ve all had that experience of saving a file from one program the only way possible and then having to do a bunch of leg work to import it into the program you actually use to analyze the data. Again, it works . . . but just barely. And if anything goes wrong along the way, the whole system falls apart.

data integration
Integrating data into various programs

So, what can the Fognigma enterprise software do to help? In short, it can make sure all your processes, software, and data (no matter how antiquated and/or unique) are protected from evildoers and available to your users.

Fognigma Surrounds Your Current Network with Encryption and Invisibility

The deployment option for Fognigma we’ll feature here is the Hybrid Deployment. This takes your existing network (which you already have working and running the software you need) and surrounds it in a cloaked shield of security. Your network will now be behind an ever changeable, always adapting, cloud-based network with two layers of AES-256 encryption between components.

What makes a Fognigma Mission Partner Network (MPN) different is that it’s built in parts across multiple cloud providers, with these parts working as one network. As a result, you have an invisible network built on public cloud infrastructure. A network you can manually or schedule-y burn down and rebuild whenever you want. You are replacing the armor around Frankenstein’s monster repeatedly in different configurations.

And don’t worry about the parts after burning. An MPN is made up of randomly leased pieces across multiple cloud networks. When you burn down your MPN, those fragments get wiped and returned to the pool to be used (and further overwritten) by some other project. When you rebuild your MPN, you’re using all new, randomly leased cloud bits. This is what makes your network invisible: the parts are random, and they change to other random parts. Interlocutors won’t even know to look for something to invade and exploit.

So, does Fognigma fix your antiquated process and/or software? Nope, only your agency can do that. What Fognigma can do is make sure the old vulnerabilities of your network are enveloped in a protective coating of encrypted, traceless, random goodness. To tie this back to our original example of Frankenstein’s monster… okay, so there really isn’t a way to tie it in. Frankenstein’s monster is never given the ability to blend into normal society and become invisible. But wait! Since this is fiction and we can set our own rules, Fognigma wrapping up your network is like Frankenstein’s monster wrapping himself in ever-changing armor and then draping all that in Harry Potter’s invisibility cloak (assuming it was long enough). Boom – puttin’ on the Ritz!


Fognigma in the Intelligence Community

Fognigma Encrypts and Protects your Inter-Agency Collaboration & Intelligence Community

Fognigma is an enterprise software product perfectly suited to enhance and protect the information and communications of those in the Intelligence Community by creating Mission Partner Networks (MPN). Not only does Fognigma shroud comms in encryption and invisibility, but it also allows for secure inter-agency collaboration on whatever the mission entails.

Inter-Agency Collaboration
Inter-Agency Collaboration

Fognigma’s MPNs are built from randomly leased virtual machines which function as one unified network. Users from multiple agencies can quickly be added to this new network, making sure missions aren’t delayed. Inside the MPN, everyone can share and communicate, accomplishing mission objectives even faster. And then, when the mission is over, the MPN can be burned down as if it never existed.

Fognigma Protects Agents at Desks and in the Field

And it goes a bit beyond thinking of an intelligence community full of people in offices on desktop computers. Agents need to be able to go into the field and still access the MPN and be secure. Fognigma MPNs easily extend their encryption powers to mobile devices. And when an untrusted person needs to communicate securely with the team, an administrator can deploy a Portal Proxy (a secure, disposable way for a user to access an MPN without ever needing to know where that MPN is) in under a minute, and then delete it just as quickly when the untrusted person no longer needs access.

Encryption on Mobile Device
Encryption on mobile device

Now think about this statistic: according to a 2017 University of Phoenix survey, 51% of vacationers think their computers are just as secure on vacation as they are at home. Not saying your team members aren’t up-to-date on the limits of some forms of cybersecurity, but it’s still a chilling warning on how many view mobile cybersecurity. It especially applies to untrusted assets.

Use Case: A Mission Partner Network In Action

Let’s examine an example, because stories are fun:

A center like the CTIIC (Cyber Threat Information Integration Center), which we’ll call The Center, needs a multinational taskforce of agencies to investigate cyberthreats in Section 31. Three agencies are involved in this collaboration: one in the US, one in the UK, and one in Japan. Fognigma creates an MPN uniting these agencies, integrating a messaging server, a secure telephony system, and virtual desktops (VDIs) for every agent (including those in the field). With the MPN active, agents can collaborate on tracking down the nature of the cyberthreats.


On day thirteen, an employee of a small delivery company is convinced by an agent to provide information he has on the threats. We’ll call him Mr. Green. Using a Portal Proxy, Mr. Green is allowed very limited and controlled access to the MPN, so he can share his information. After the intel is recorded, the Portal Proxy is burned down and ceases to exist. At no time could Mr. Green access any information on the MPN not specifically shared with him.

intelligence community collaboration with mission partner networks
MPN Agency Collaboration

Mr. Green’s information is corroborated, warrants are issued, and arrests are made. The cyberthreat is no more. All three agencies celebrate in a secure chat, thank each other for their help, and log off of the MPN. The Administrator writes a few last notes in her report and, like the Portal Proxy used to talk to Mr. Green, burns the MPN to the ground. While it was in use, The Center’s MPN was never able to be seen, never able to be traced, and now that the operation is concluded, there’s not a shred of evidence it ever existed in the first place.

Mission accomplished.

In closing, we present the words of Paulo Shakarian (Entrepreneurial Professor at Arizona State University and CEO/Founder of CYR3CON), “You can have fantastic cybersecurity, but if you’re using IT systems to share information with a partner whose cybersecurity isn’t up to snuff, then your protection measures don’t mean very much.”1 Fognigma not only protects your agency’s comms and collaboration, but also protects and secures the work you do with other organizations through the encrypted and invisible wonder: the Mission-Partner Network.


1 Cameron, Dell. “Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password,” Gizmodo. Gizmodo Media Group, 31 May 2017. Web. 15 March 2018.

Isometric personal data protection web banner concept. Cyber security and privacy. Traffic Encryption, VPN, Privacy Protection Antivirus. Vector illustration

Fognigma: In Brief

Fognigma Makes Your Communication and Collaboration Invisible

Fognigma is a super-secure communication tool that automatically builds and creates encrypted, cloaked networks (called Mission Partner Networks, or MPNs for short), which allow total protection and anonymity of communication traffic. Basically, with Fognigma, you can communicate with your team without any worry of leaks, hacks, or traces. Fognigma turns you into a communications ninja – strong, undetectable, and able to vanish in an instant.

Your Fognigma-created MPN is a randomly generated set of components which work together and are spread out across multiple clouds. No one can tell where your network exists, because it exists in parts in many places at once. And communication between parts is secured using two layers of AES-256 encryption.

Mission Partner Network
A Mission Partner Network created by Fognigma

At the heart of your network is the Wheel. The Wheel is the central hub where all your communication tools (telephony, voice and video conferencing, chat messaging, file transfer, remote workstations, etc.) live. The Administrator has complete control over which tools are available and to whom.

Data, Users, and Traffic are All Encrypted and Disassociated

Users securely connect to the Wheel by going through an entry point of your network and then through zero to three dissociating joints (depending on how you’ve built your MPN). Dissociating joints help to anonymize your connection and can be located in a different region or cloud. Upon exiting the Wheel, users again go through one or more dissociating joints (also, possibly in different regions or clouds). This makes discovering the actual location of the user impossible.

Encrypted Traffic
Encrypted Data, Traffic, & Users

Data, video, chat, files, speech, and any other information transmitted through a Fognigma-created network go through these same dissociating joints. And the entire network is protected by cascading AES-256 encryption between components.  Also, each Wheel is uniquely keyed, so even if someone could break the encryption of one Wheel, no other Wheels would be compromised.

Fognigma Creates Secure Networks in Mere Minutes

Administrators can use Fognigma to quickly launch a network within minutes. They can monitor use and manage assets, while letting the network handle its own maintenance. The MPN can also randomly move components across regions and clouds to avoid threats. And if you have a less-than-trustworthy contact that needs to be added, it can easily and safely be done (with restrictions on access, so as not to jeopardize your data, users, or network).

And just as fog can come and go in an instant, so can a Fognigma MPN. When it has overstayed its welcome (or as a routine cybersecurity program), an MPN can be completely burned to the ground as if it never existed at all. And no one can ever find what was never there!