There's a new kid in town in the remote access market: Software-defined perimeter startup BlastWave moved out of stealth mode this week, unveiling its BlastShield service and partnership with systems integrator ATxTel.

Based in Palo Alto, California, BlastWave quietly launched in November 2020, and now has 13 employees and eight customers. CEO Tom Sego says BlastShield, the company's flagship product, is a zero-trust network access tool that serves as an alternative to traditional VPNs. Prior to BlastWave, Sego was co-founder and CEO of SunVault, co-founder and CMO at DiVitas Networks, and he also led global sales support at Apple. He's joined on the leadership team by BlastWave CTO Peter Alm, former CTO of Ekkono Solutions and a co-founder of Netintact AB, which was acquired by Procera Networks in 2009.

Figure 1: Tom Sego, CEO of BlastWave.
(Source: BlastWave)

BlastWave's main product, BlastShield, is passwordless and provides both North/South and East/West network traffic protection, says Sego.

"It's a zero-trust network access tool that has a passwordless multi-factor authentication component built in, it has zero-trust network access so you can securely and remotely connect to anywhere on the planet, and it also has built-in micro-segmentation," he said.

To log on to the service, the user receives a one-time invitation key that they can use to authenticate BlastShield on their mobile device, or they can do authentication via a FIDO2 key, which is a USB security key. Essentially, users scan a QR code on their computer with their mobile device to activate the service; Sego likens the ease of the authentication process to using Apple Pay.

"We put together a solution that essentially allows you to control, remotely, any devices that run over any packet-based network as a single, unified layer," says Sego. "We do this in a way that allows you to secure this as if everything were on a local area network."

BlastShield hides on-premises and cloud workloads from both external and internal threats, says BlastWave, and also conceals the organization's infrastructure from bad actors via software-defined micro-segmentation.

BlastWave chose a passwordless approach to remote access because compromised credentials are the easiest way for bad actors to gain access to an organization's data and infrastructure, says Sego. Hackers find compromised credentials so tasty, in fact, that Verizon dubbed them the "glazed donut of data types" in this year's Data Breach Investigations Report (DBIR).

Suzanne Widup, co-author of the DBIR report and senior principal of Threat Intel for Verizon Business, told Light Reading earlier this year: "It's true, everyone likes credentials if they can get them because they can do so much throughout your organization by pretending to be someone. They can look like someone internal and won't set all the alarm bells off."

BlastWave is also teaming up with ATxTel, a lab infrastructure, instrumentation and systems integration company, which will resell BlastShield to its network equipment manufacturer, chipset and cloud/service providers customers.

BlastShield can be deployed on virtual machines, via the cloud, on x86 devices or as a host agent. BlastWave also has a free version of BlastShield, called SD-VPN, for companies that want a try-before-you-buy approach.

"[BlastShield] deploys as an overlay, so you don't have to rip and replace, rearchitect things or create your own virtual private cloud," says Sego.

— Kelsey Kusterer Ziser, Senior Editor, Light Reading