top of page
threema-20201210-194025-image copie.jpg

Everything starts with a 
seed
.

Sans titre - 12_Plan de travail 1.png

considers security an integral part of its solution. It never relies on a single component to provide all protection. Instead,
Seedz takes the multi-layered defence-in-depth (DiD) approach to security, where one failed component doesn’t fully compromise the overall system security.
 
Using the DiD approach provides sufficient reaction time to address any newly discovered security issues while still keeping customer data secure. Seedz complies with recommendations and industry standards to ensure the software and hardware development process is held state of the art. Seedz is planning a annual security audit of its systems by an independent third party security consulting company.

Seedz

SEEDZ_Security v1.png
Image de Skyler Gerald

Security is an integral part of our solution.

1

SECURE

CRYPTO

PROCESSOR

Seedz DataWeeder is equipped with a secure crypto-processor, significantly increasing the security of the devices deployed in the field, including their tamper resistance. Such crypto-processors act as a key security subsystem of the edge devices respective DataWeeder(s). They typically have special tamper-detecting containments and zero its secrets in case tampering is detected. Crypto-processors also feature special conductive shields to make it difficult to block reading their internal states. Seedz crypto-processor substantially improves the security of our edge devices. 

​

DataWeeder offers also the possibility of quantum-safe network encryption and secure quantum key generation as well as a quantum random number generation upon request.

2

SECURE

SYSTEM 

ENVIRONMENT

In addition to crypto routines, such processors usually feature persistent and versatile memory, allowing storage of various keys, such as endorsement, storage, identity, as well as platform configuration.

The secure crypto-processor on each DataWeeder provides the following features:

​

1. Trusted boot environment

2. Encryption of system and data partitions

3. Authentication checks with DataWeeder server-connector

4. Verification of firmware updates

​

3

SMART

PROXY

SOLUTION

Seedz deploys intelligent server software to verify the validity of IEC60870-5-104 packets, minimising the risk of successful attacks on SCADA systems via compromised edge devices. The ‘smart’ filtering is very flexible, allowing future expansion of rules that filter out dangerous traffic.

​

Seedz constantly monitors traffic flows between edge devices and SCADA and uses this information to train machine learning (ML) algorithms to flag unusual, erroneous, or dangerous traffic patterns.

 

Seedz uses Interface Definition Language (IDL), allowing the development of language and location-independent interfaces for distributed objects. Thus we can migrate into or away from existing infrastructures or middleware solutions such as CORBA et al.

4

MACHINE

LEARNING

SOLUTION

Seedz uses machine learning in multiple ways. One of the major features of ML is focused on security. So we use ML to make sure the integrity of our platform is intact.


The ML algorithms regularly analyse signals from our logs to ensure we don’t see anything unusual. Another ML project is related to the security of client infrastructure. We use ML to learn the type of traffic that passes through our secure network and detect unusual patterns. For example, a breached edge device tries to exploit SCADA via what appears to be a standard protocol.

​

Seedz's machine learning solution will enable the cybernetic requirements needed in the future for sector coupling, to be able to digitalise the power grid bottom-up and integrate renewable energies to the maximum.

5

AUTOMATIC

CERTIFICATE

MANAGEMENT

Seedz deploys automatic certificate management (ACM) system for online devices, following state of the art security practices. By managing all aspects of the certificate lifecycle in an automated manner, the system eliminates a whole class of costly human errors, where certificates are not updated in time or simply misconfigured.

 

Deploying integrated crypto-processors, along with ACM greatly increases the security of the solution and contributes to the overall defence-in-depth security strategy pursued by Seedz.

6

RELENTLESS

TESTING &

AUTOMATION

One thing that places Seedz in as most innovative, is our relentless focus on testing and automation. We believe this is the only way to achieve better security, fewer bugs, and ship better, scalable, and more adaptive and customer friendly products. We put a lot of effort into designing tests for our software and hardware, based on which we continuously test and integrate both server and edge equipment.

 

We also work closely with German manufacturers to minimise security risks related to the production process. We also design our update processes to be as hassle-free as possible, while keeping our solution secure and within the guidelines and the required certification rules.

7

CONTINUOUS

INTEGRATION &

DELIVERY

We are fans of Continuous Integration (CI) and Continuous Delivery (CD), which is great approach to the software deployed in production. CI/CD favours a constant flow of small, evolutionary changes to the deployed software rather than ‘revolution’ in terms of major versions with breaking features.

 

Gitlab CI is our go-to CI/CD product. Gitlab CI is integrated into Gitlab software, offering a full DevSecOps cycle solution to companies and organisations around the world. Seedz maintains its instance of Gitlab and runs its fleet of CI nodes, allowing full control over CI/CD process, as well as reducing reliance on external services.

Sans%252520titre%252520-%2525201112_Plan
SEEDZ_TERRITORY-02_edited.png
SEEDZ_TERRITORY-04.png
bottom of page