How Network Masking Works

Our network masking products dynamically mask the network addresses of all devices directly connected to their ports. For example, the MAC addresses are randomly generated, may be regenerated within very short intervals, and are resolved cryptographically.

Wire speed performance is achieved by modifying specific portions of network packets using digital signal processing techniques. The network masking function itself requires no MAC address and leaves no signature detectable to the cyber attacker. This effectively blinds the cyber attacker by masking the identity and presence of firewalls, industrial control devices such as SCADA systems, servers, virtual machine managers, LAN segments, IDS and other critical devices while maintaining full network compatibility and performance.

Network masking forces the attacker to use more active techniques that can be easily identified by intrusion detection and prevention systems (IDS / IPS). A network masking device could also coordinate with other masking devices to modify network packets in such a way as to lure, repel, or isolate an attacker.

Our network masking technology is protected by United States Patent 7712130, issued May 4, 2010 as well as patents in other countries.