web analytics

NetSfere Launches Quantum-Resilient Messaging Platform for Enterprise and Government Use – Source: www.securityweek.com

netsfere-launches-quantum-resilient-messaging-platform-for-enterprise-and-government-use-–-source:-wwwsecurityweek.com
Rate this post

Source: www.securityweek.com – Author: Kevin Townsend

Communications services provider NetSfere has upgraded its platform to use a combination of NIST recommended and NSA required ML-KEM and AES algorithms.

The NSA has specified, “CNSSP 15 states that by January 1, 2027, all new acquisitions for National
Security Systems (NSS) will be required to be CNSA 2.0 compliant unless otherwise noted.” Removing the less common acronyms, this says the encryption policy wonks at the NSA require most government agencies, military and intelligence operators and sectors of the critical infrastructure should only be able to buy new services or products that are NIST PQC compliant within less than two years from now.

While the organizations themselves have until 2035 to complete their migration to NIST standard quantum-resilient encryption, vendors wishing to sell their goods into the NSS market have only until January 1, 2027, to ensure their products already employ NIST standard PQC.

We are seeing, and will increasingly see, new product announcements stressing their PQC creds. On March 18, 2025, HP announced new quantum ready printers. On March 24, 2025, NetSfere announced “the world’s first and only quantum-proof secure communication platform”. It is primarily the company’s existing communication platform upgraded to quantum-readiness and therefore available to the NSS market both now and after 2027.

Within the platform, NetSfere has put special emphasis into its end-to-end encrypted messaging able to handle text, voice and video. The firm sees mobile chats increasingly emerging from personal comms into a major part of business communication, and it offers the enterprise a way to incorporate mobile messaging into the organization in a secure and manageable format.

The key factor is that this is true end-to-end encryption with quantum ready algorithms. Keys are shared from source to destination, using FIPS 203 ML-KEM (Kyber). The message is encrypted with AES 256, which – while not a new symmetric algorithm – is considered by NIST to be quantum resistant.

NIST also urges that crypto agility be built into the migration to QPC. It is the nature of cryptographic algorithms to sooner or later be broken. For example, in August 2022, it emerged that one of the finalists in NIST’s competition to find new quantum-proof algorithms had already been broken by a combination of AI and a classic PC.

Crypto agility requires that if the algorithm in use is broken or fails for any reason, it can be easily swapped out for an alternative (unbroken) algorithm. Right now there is no standardized quantum proof key encapsulation mechanism available as a backup to ML-KEM, although HQC has been chosen by NIST to become one.

Advertisement. Scroll to continue reading.

“We don’t believe that ML-KEM is going to be broken anytime soon,” Anurag Lal, CEO at NetSfere, told SecurityWeek. “But the good news is that we built NetSfere with a crypto agile platform, allowing us to move from one algorithm to another efficiently and seamlessly. So, if there is ever a need to swap out ML-KEM and an alternative to swap in – whether it is HQC or anything else – we are confident that we have the agility to do that.”

The NetSfere platform is a ‘product’ paid for, and therefore loosely ‘owned’ by, individual companies. This provides numerous advantages to both the users and NetSfere. For example, platform management is controlled by the customer, not by the provider. This allows versatility and flexibility – for example, in the use of MFA. Most delivery of one-time MFA is via a mobile device. This can be problematic for secure mobile messaging. If the phone is stolen, the attacker has access to both the means of communicating, and the one-time code that supposedly proves he is the genuine user. NIST has gone further and deprecated the use of SMS to deliver MFA at all.

NetSfere offers delivery by email, which – done properly – could be more secure. But it may not be realistic or efficient for a traveling businessperson needing a quick and urgent response from the office. So, NetSfere still offers the choice of MFA sent direct to the phone (SMS). The choice is a risk management decision, but one made and implemented by the company – on demand – rather than by NetSfere.

Another advantage of user ownership for both the user and NetSfere is that each company owns, keeps and is responsible for its own encryption keys. NetSfere never sees the keys and cannot be forced or persuaded to hand over what it hasn’t got to law enforcement. While this approach ensures true end-to-end encryption, it also counters the current problem of individual national governments demanding a backdoor into that end-to-end encryption. 

The UK government, for example, has required Apple (under the Investigatory Powers Act) to give backdoor access for data encrypted between the user and iCloud. The Apple service is called Advanced Data Protection (ADP). Rather than provide the keys or a backdoor, Apple has discontinued its ADP service for the UK – a solution that benefits no-one.

If a similar situation arose between any government and NetSfere, the firm could reply, “We don’t have the keys, we don’t own them, they are owned and kept by the customer. If you have a legal right to demand the keys from the customer, just do so.” This should keep most people happy: there is no requirement for a backdoor, while law enforcement can still get legal access.

NetSfere has announced a quantum-proof, end-to-end encrypted enterprise messaging system that is administered by the enterprise. It is primarily designed for in-company communications but can also be used for secure messaging to outsiders. Its purpose is to combine the business use and advantages of mobile messaging with maximum security. During 2025, we will see more and more providers rapidly implementing the use of quantum proof cryptography in both new and existing products to secure their users and maintain the option of selling into the huge NSS market from 2027.

Related: What Microsoft’s Majorana 1 Chip Means for Quantum Decryption

Related: QuSecure Banks $28M Series A for Post-Quantum Cryptography Tech

Related: Cyber Insights 2025: Quantum and the Threat to Encryption

Related: Post-Quantum Cryptography Standards Officially Announced by NIST – a History and Explanation

Original Post URL: https://www.securityweek.com/netsfere-launches-quantum-resilient-messaging-platform-for-enterprise-and-government-use/

Category & Tags: Data Protection,Privacy,encryption,Quantum,Quantum cryptography – Data Protection,Privacy,encryption,Quantum,Quantum cryptography

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Secure Software Development Lifecycle Fundamentals by Codrut Andrei
Secure Software Development Lifecycle Fundamentals...
BUTTERWORTH-HEINEMANN
Security Operations Center Guidebook – A Practical Guide for a Successful SOC
Security Operations Center Guidebook –...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
National Cyber Security
Cyber Security Toolkit for Boards – Helping board members to get to grips with cyber security by NCSC
Cyber Security Toolkit for Boards...
Harvard Business Review
Boards Are Having the Wrong Conversations About Cybersecurity – Board interactions with the CISO are lacking – by Lucia Millica and Keri Pearlson – Harvard Business Review
Boards Are Having the Wrong...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos