SoftBank Corp. Uses SandboxAQ’s AQtive Guard to Identify Undetected Security Vulnerabilities in Existing IT Infrastructure
Palo Alto, CA, April 11, 2024 – SandboxAQ announced today the successful deployment of its AQtive Guard cryptography management platform by the Advanced Research Group of the telecommunications giant SoftBank Corp. (“SoftBank”). This followed extensive testing of AQtive Guard’s abilities to discover cryptographic and certificate-based vulnerabilities to AI-based and quantum computer-based cyber attacks against IT systems, including networks, end-points, and applications.
As part of the validation process, SoftBank leveraged AQtive Guard to monitor a local government network for potential cryptographic vulnerabilities. As a result, it discovered several government servers were using non-recommended encryption methods or sending unencrypted traffic, and detected several vulnerable certificates that required updates.
Thanks to AQtive Guard, the SoftBank team was able to then take the appropriate actions to resolve those issues. AQtive Guard’s unified platform gave SoftBank a comprehensive view of the network’s security posture and verified its ability to discover and flag cryptographic vulnerabilities throughout the network. In addition, newly added features, such as single sign-on integration, audit logging, horizontal scaling, high availability, and seamless ticketing integration provided essential elements for deploying enterprise-class solutions at scale.
In the U.S., the National Institute of Standards and Technology (“NIST”) is promoting the "Migration to Post-Quantum Cryptography” project in anticipation of the appearance of a quantum computer capable of decrypting the 2048-bit RSA cipher by 2030, and will determine the cryptographic algorithms to be adopted as PQC in 2024. Additionally, migrating to these new cryptosystems, deployed via cryptographic agility, can help with adoption of Zero Trust Architecture (“ZTA”).
In 2022, the U.S. Presidential Executive Order directed government agencies to inventory IT systems using encryption vulnerable to quantum computers. A comprehensive inventory of such IT systems vulnerable to quantum computing technology will be necessary for future migration planning. It is essential to have a robust cryptography monitoring and management solution in place, especially given the diversity of applications, IT infrastructure and tools deployed in both public and private enterprises, to begin the inevitable journey to a secure post- quantum cryptography posture.
SoftBank and SandboxAQ have previously partnered on several successful PQC-related projects. In March 2022, the companies collaborated to jointly implement a next-generation cryptosystem resilient to cyber attacks from quantum computers and verify the use of PQC for practical applications, such as VPNs. In February 2023, the companies collaborated to jointly verify hybrid-mode quantum-safe technology. The proof of concept confirmed that combining elliptic curve cryptography (ECC) and PQC algorithms in a hybrid approach could be applied to existing networks with minimal impact.