Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
B2B: business to business
E2E encryption: End-to-end encryption
GSM: Global System for Mobile Communications
Haas: Hardware As A Service
Hardening computing: Making devices more safe & locked down
ICT: Information and Communications Technology
IDS: Intrusion detection system
IPS: Intrusion prevension system
MMS: Multimedia Messaging Service
PGP: Pretty Good Privacy
RTC: Real-Time Communication (multimedia and audio via VoIP)
Saas: Software As A Service
SMS: Short Message Service
VoIP: Voice Over IP
VPN: Virtual Private network
Because proof of trust is better than blind faith. The cybersecurity level of any closed source or black box solution cannot be verified, hence their "cybersecurity level" is purely a vision / illusion created by the companies marketing department. Be careful.
Mothership(s) included. Third party server / backend solutions which are not under your control and physically located in a unknown place & country. Massive information leakage + Unknown usage of your data. Perfect for state and/or privately funded IT criminals.
CyberSecurity? Anonymity? Privacy? You. Your family. Your customers. Your clients. Blind trust required. These sorts of solutions costs a lot of money yet cannot ever form a truly trustworthy platform since they cannot be verified. So what have you really gained?
Imagine buying an apartment that has extra doors in each room which you are unable to open. Yet unknown persons travel through them all the time. Why worry?
This is pretty much the standard how big companies go about solving their cybersecurity needs in todays world. In short: You pay a lot of money to get a system that is not yours to begin with. You are not able to verify the market departmens big cybersecurity promises + the server part is missing from your corner.
The attack vector that these solutions contain and the unverifiable security promises that these tools make cannot form a verifiably trustworthy platform. This is clear from both a philosophical standpoint and from looking at the never ending stream of breach/bug reports coming in on a daily basis.
All Zen-mode solutions can be verified by a third party, even by you yourself (thanks to our all open source approach).
Our standalone solutions can be hosted at the customers site(s) or at our secure sites. The Customer decides.
Trust your devices and work Anonymously & Securely from anywhere. We can prove it. Anytime. Anywhere.
By placing all Software & Hardware under customer control: The customer holds all the keys.
No mothership and no strings attached. All our solutions are verifiably secure and self-hosting. Your end-devices are only talking back to your / our secure servers using multiple layers of encryption.
Secure solutions accompanied by our OPSEC training = Intelligently behaving IT users using secure tools = Verifiable privacy.
What you see it what you get. Anybody can verify that we have no backdoors and that our secure solutions are correctly implemented.
All our code is available and recompilable to form the same end product, bit by bit. All packages are gpg signed and hashed. Any unwanted changes will not go unnoticed.
Removing attack vectors. No black boxes or leaky & unverifiable solutions. No Microsoft / Apple / Google / XYZ proprietary products and none of their App stores or update services.
No unknown thirdparty cloud / hardware provider with direct hardware & software access (possibly even clear-text access)...
No commercials and no meta-data slurping. Hence, disabling all easy ways in + most exploits. Your data is safe by default.
Via hardened and verifiable open source solutions shipped & maintaned by open source specialists.
Since we are not using any closed source solutions (only verified open source solutions coming from us), the normal bugs / exploits won't work on our systems (Windows / Mac / Android etc), thus disabling most exploits right off the bat. To further minimize the exploit vectors we harden the OS, use strict Intrusion Detection and Preventions Systems (IDS + IPS) accompanied by Tripwire rules + active monitoring.
All of our solutions use the best available end-to-end + filesystem encryption + a tailored stealthy communication suite.
Thus preventing any man in the middle / eavesdroppers from listening or getting access to your private communication / data at rest.
In other words, it does not even matter how
you got connected: Work securely through any network on the
(LAN, LTE, 3G, 4G, WIFI etc).
Via using your existing infrastructure or hosting your server(s) at our secure site(s).
If you choose to place your server(s) at our site(s), then you are also protected by the Finnish ICT laws.
Sane ICT laws + our secure site(s) + encrypted filesystems = your server's cannot disappear from under your feet + your data is safe. For more information see our Secure Infrastructure overview
Via encrypting & anonymizing your network activity using Zen-mode's VPN.
Hide your real IP and network actions via using Zen-mode's fast & secure VPN. Your ISP / adversaries can only see that you have a secure connection to our VPN, after that your trail goes cold...
Q/A: So are these secure system hard to use? No
Our tools are as easy to use as any Android or Windows device. Normal GUIs with normal work flow. Minimal learning curve required.
However, to stay secure you might need to update your way of working. Meaning basic Operations security (included in our Cybersec training programs).
X.509 is an cryptography standard for a Public Key Infrastructure (PKI) to manage digital certificates and public-key encryption and a key part of the Transport Layer Security protocol used to secure web and email communication but it's also used in offline applications (electronic signatures etc).
The X.509 public key contains information like: the domain(s) which it is certifying (which must match where it is being used), the validity period of the public key, the issuer and the organization / invidudal who it was generated for etc.
For more info see the X.509 Certificate Wiki page.
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are cryptographic protocols that provide communi- cations security over a computer network (commonly referred to as "SSL").
SSL is the defacto standard for web related
It is used by a wide range of applications such as web browsers (securing your bank access via https etc), e-mails (encrypting your user & password data while sending & receiving your mail), instant messaging, and voice-over-IP (VoIP) etc.
For more info see the TLS/SSL protocols Wiki page.
RSA is one of the oldest and most well tested Public-Key Cryptosystems which is still in use today (Published in 1977).
A Public-Key Cryptosystems is
build up from two halves:
(A) a public-key and (B) a secret key (both containing a large prime number). To successfully decrypt / encrypt data one must have access to both of these halves (which together form the key)
RSA was created by Ron (R)ivest, Adi (S)hamir, and Leonard (A)dleman.
For more info see the RSA Wiki page.
The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is a subset of the Rijndael cipher which can use different key and block sizes. NIST selected three key lengths: 128, 192 and 256 bits, each with a block size of 128 bits.
The Rijndael cipher was developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen.
For more info see the AES Wiki page.
Pretty Good Privacy (PGP) is an encryption solution that provides (A) cryptographic privacy and (B) authentication for data communication. PGP is the defacto standard for signing, encrypting, and decrypting e-mails and other data.
For PGP to be really useful one needs to have some form of a Public Key Infrastructure in place (to receive, send and verify your recipents public-key(s)) + a secure host to store your secret key(s) on.
PGP was created by Phil Zimmermann in 1991.
For more info see the PGP Wiki page.
ZRTP (Zimmermann Real-time Transport Protocol) is a cryptographic key-agreement protocol to (a) negotiate the keys for encryption between two end points and to (b) check for possible man-in-the-middle attacks in a Voice over Internet Protocol (VoIP) applications.
ZRTP was developed by Phil Zimmermann, with help from Bryce Wilcox-O'Hearn, Colin Plumb, Jon Callas and Alan Johnston (Published 2006)
For more info see the ZRTP Wiki page.
Goal: Zero third party leakage via open source and self-reliance
Zen-mode's VPN, your companies VPN, Zen-mode's Tor Bridge relay
We have multiple ways to preserve your IP security & anonymity, all with different good / bad side effects. You can trivially switch between the different network modes depending on your needs.
A VPN is great way to help secure your network presence but is a VPN all that need to stay secure? No.
For you to be as safe as possible your whole platform + tool chain should be verifiably safe (think: verified open source solutions). The more closed source or unverifiable tools you have, the more questionable you whole tool chain is. This is why we are Zen-mode only use open source solutions.
Scale: Worst 0 Medium 2 Best 3
For a quick intro what Zen-mode is all about visit our our Home page.
To watch our solutions come alive, checkout our Products page.