AC – Access Control requires that protected data is only readable by authenticated and authorized users or software systems. XQ’s policy-based key distribution ensures that only authenticated and authorized users and software programs are able to access encryption keys. XQ supports a number of techniques from security tokens, cookies, IP whitelisting and IP geo-fencing to control access to data.

AU – Audit and Accountability requires that there is a log of all transactions to ensure compliance. XQ’s policy-based key distribution logs every event including all failed key requests (i.e. it’s impossible to do anything without generating a log entry in the XQ system). All of the XQ logs are indexed to enable search/sort functionality.

Enforce data-centric protection and privacy from the edge of the internet to the cloud. 

XQ is an API-based zero-trust data platform that focuses on protecting data rather than networks. XQ is very scalable, interoperable, and crypto-agile. 

XQ creates unique benefits for data across systems providing data provenance and making it ideal for protecting personally identifiable information in regulated industries.

Fundamental Differences and Benefits 

 1. Data Control 

XQ never has the client’s data and can never read it. The client retains control of their data at all times. Fundamentally,

Microsoft is a vertically integrated solution storing the data and keys in one system. The Microsoft system is built for network protection when the network is owned. It does not help monitor and control data outside the network after the data leaves the network. XQ does.

Data ingestion for on-prem Microsoft sources or Azure cloud sources is relatively easy. Ingestion from all other 3rd-party sources requires sending data to Log Analytics via Syslog in the common event format (CEF). Data is stored in the Azure

SQL Database, a fully-managed database service. This means any data that is not in the CEF, such as custom application logs, is not ingestible by Sentinel unless it is first converted to CEF. And since custom application logs are always changing, this would be a difficult maintenance task. If your custom application logs, especially custom applications living in other cloud environments, are important to you then Sentinel is not a good choice. Sentinel comes with 90 days of storage included in the price, just like Log Analytics. Extra storage is available at an additional cost. The maximum retention time for storage inside of Azure is 730 days.

2. Worldwide Data Provenance 

XQ data is only accessible in authorized geo-locations by authorized entities. 

Microsoft does not provide geolocation information and data control 

3. Security Strength 

XQ’s data-centric zero-trust solution is designed for distributed key generation and multi-node internet-scale interoperability.

Microsoft uses traditional HSM based encryption and key generation 

4. Interoperability 

XQ allows point to multipoint secure data interoperability outside of the client network. 

Microsoft is focused on Microsoft tools. It is not a valid solution for multi-cloud and multi-environment systems. Sentinel can only be deployed on Azure.

Sentinel plays well with anything inside the Azure stack. Microsoft includes a SOAR as part of the solution and uses playbooks to automate tasks and responses to alerts and detections. This is done using Azure Logic Apps as the connectors between Sentinel and other components or services. Pre-built playbooks exist with more than 200+ connectors so you can build your own actions. However, automating tasks for anything outside of Azure, such as AWS or Google Cloud Platform (GCP), will be much more difficult and require a great deal of effort and coding. For customers that are 100% Azure, Sentinel has a great deal of flexibility, but for customers with a multi-cloud environment, it may not be the best fit.

5. Edge

XQ works from edge applications and can be embedded in any app. Microsoft still offers no comparable approach.

6. Scalability 

XQ can scale to millions and billions of transmissions each with its own key generated at the edge from quantum entropy.

Sentinel is a traditional central HSM solution.

For organizations with a broad mix of Microsoft and non-Microsoft technologies, Sentinel could be more trouble than it’s worth. Onboarding custom application logs will be especially difficult. And automating tasks and responses in other cloud providers such as AWS and GCP will be equally troublesome.

COSTS

Sentinel comes with all features enabled. But Sentinel alone isn’t all you need to purchase. First, you must pay for the data to be ingested into a Log Analytics workspace, which has its own pricing: https://azure.microsoft.com/en-us/pricing/details/monitor.

After you pay for data ingestion and storage of your Log Analytics workspace, you’re not finished. You then must pay Sentinel’s ingest pricing and storage costs. You’ll find Sentinel costs (separate and additive to the Log Analytics costs) here:

https://azure.microsoft.com/en-us/pricing/details/azuresentinel.

While Sentinel’s license includes all features, it does have some pricing pitfalls you need to consider. The biggest charge to watch for is the additional cost associated with exceeding your reserve pricing. Since Sentinel pricing is reserve-based, exceeding your reserve puts you into an “on-demand” pricing structure, which can quickly escalate if you significantly exceed your reserve. This model presents a challenge for customers with bursty data needs—either you over-provision for the majority of the time, or you pay occasional penalties for exceeding your reserve. It’s challenging

Is Microsoft Azure Sentinel a Next-Gen SIEM worthy of consideration?

Yes, if your organization is exclusively or predominantly in the Microsoft ecosystem. No, if your organization relies on a broad mix of technologies and cloud services.

From a VWAN perspective, XQ offers a completely expanded level of applicability - non-Azure WANs and systems and an order of magnitude reduction in management complexity. Also, the ability to use Microsoft VWAN but own the keys and keep them in a separate location reduces risk dramatically.

Express Route is interesting but requires the ownership of a private network for Operation. XQ creates private connections over public networks as well as private networks.

XQ Technical OvervIew 

The XQ platform focuses on protecting data rather than the network or link as is normally the case. XQ is a highly scalable, interoperable, crypto-agile, and zero-trust solution. XQ uses application endpoint identity authentication and quantum entropy to seed applications at the edge. In this implementation, each piece of data knows who can read it, when it can be read, where it can be read and how long it is active for and logs each interaction. This provides instant insights into adversary and policy violations and records logs for complete data compliance. More importantly, it empowers the systems to ingest data from sources over untrusted networks.

Mainframes Computers (such as IBM and SAP) are often designed with only enterprise users in mind. Thus many companies who send data from mainframes directly to consumers or to other systems often face challenges with scaling (too many requests) and security (unknown requests). For example, supporting consumer mobile connectivity to mainframes is a problem specifically for enterprises who have large number of consumers such as airlines, financial institutions and retail.

Solution Mainframe to App Gateway

Many mainframe users are deploying application gateways to function as a front-end processor to mobile consumers. Typically these gateways will pool mainframes and cache content which is then available to consumers to view. Consumers can then complete transactions where the app gateway then inputs it back to the mainframe. Example, airlines utilize app gateways to enable customers to view airplane seats on their mobile devices. Only when a customer purchases a ticket does the gateway update the mainframe.

XQ Value Data Protection For App Gateway To Mobile Devices

One of the security challenges when implementing app gateways that extend to consumer mobile devices is security. As the end systems are often unknown, supporting GPPR compliance can be difficult and data theft is a common problem. XQ’s ability to enforce geofencing and data tracking, as well as session-based encryption, can help companies who have implemented app gateways.

XQ Message is enabling everyone from technology leaders to start ups to engage in knowledge sharing in a secure manner. XQ can ensure that not only are email and files encrypted, but that only authenticated recipients can decrypt messages. Additionally, enterprises can create role or project based encryption that enables seamless sharing yet ensures that forwarded or stolen messages are undecipherable. 

What Makes Us Different

XQ is first to market with a new type of quantum number (qRNG) based edge encryption secure communication and data. XQ is able to encrypt data in existing services, eliminating costly systems upgrades and changes. More importantly, XQ enables enterprises to decide who can read corporate data even if it is outside their network.

XQ Message is empowering financial, insurance, telecommunication, legal and medical institutions,  and government agencies to secure their external communications, marketing, and data to customers. Enterprises are able to continue to utilize email for these types of communications by enforcing different policies for different functions. Marketing messages can have a simple expiry while transaction data must require customer identity authentication. For more sensitive information, XQ can also support geo-tagged read receipts and additional message passwords that only the sender and receiver know. From a risk mitigation perspective, every consumer message has a different encryption key ensuring that if a breach does happen, its limited to a few individuals and not the entire customer list. The range of applications span direct marketing and password reset to tax documentation and transaction validation. 

It is also first to market with a new type of quantum encryption architecture that ensures every message has a different key. XQ’s protocol is able to encrypt communications even within preexisting secure data and communication infrastructures, eliminating costly systems upgrades and changes. XQ enables enterprises to distribute secure messages across all existing email and mobile services.

PRIVACY FOR YOU AND ME

  XQ never stores your messages. XQ won't read your messages because we never have your data - neither will anybody else. The encrypted content stays within your Slack and we provide the logic to encrypt and decrypt the messages.

  We are dedicated to your right to privacy. XQ Message was founded by tech and security industry veterans eager to change the world. We started XQ Message with the goal of creating a company focused on your right to privacy. We believe it is your digital human right to be safe online, so we set out to build a system unlike any other to protect your emails and messages. XQ Message is the first quantum safe messaging platform available to the public. With our patent pending technology we've made sending a message securely super simple.

 Find out more about us Visit https://xqmsg.com

XQ’s protocol is able to piggyback on existing digital infrastructures, enabling users to change their behavior or habits. Clients use their preexisting email applications on mobile or desktop that they are already familiar with such as Gmail, Outlook and Slack. All encryption & decryption is done on the user’s device and is completed on entry, while the encrypted data and keys are always kept separate.

XQ is able to help Fortune 1000 companies protect sensitive data that is transferred to partners via the ability to enforce access policies to email and file content.  Enterprises can define policies by the email domain of their partner thus a company responsible for cleaning offices can have different policies from another handling financial data.

XQ can ensure that not only are the email and file encrypted, but they are also only being opened by the intended recipient using two-factor authentication.  Moreover, enterprises can create role or project-based encryption keys which enable seamless sharing within a group yet ensure that forwarded messages are indecipherable.

XQ is able to help enterprises continue to utilize email for marketing and transaction functions by enforcing different policies for different functions.  For example, marketing messages can have a simple expiry while transaction data must require customer identity authentication. From a risk mitigation perspective, every consumer message has a different encryption key ensuring that if a breach does happen, it's limited to a few individuals and not the entire customer list. 

XQ supports a number of key compliance features such as message-based encryption/revocation, identity verification, policy-based expiration, geo-read receipts, and support of cloud-based KMS, including Amazon’s KMS. Additionally, XQ enables enterprises to add a per-message password that is only known to the sender and receiver for privileged communications.