Xiid's SealedChannel is a patent-pending reverse channel technology designed and built to minimize the typical attack surface in hybrid environments.
In fact, when there is a need to access certain critical information from outside the corporate network perimeter, companies usually adopt either one of the two following techniques:
In fact, if you copy/replicate/synchronize your data to the cloud, now attackers have two targets: the original location of your data (insiders' job) and the copy residing in the cloud. If, on the other hand, you are allowing inbound traffic through your firewall, now any attacker can reach their target from anywhere on the Internet, and restricting such traffic by IP rules is not always possible nor effective.
But what if there was a way for you to avoid both of the above mentioned threats?
Xiid's SealedChannels enables you to do exactly that. No copy of your information outside the perimeter of your network, no inbound "hole" on your firewall, and yet the full capability to use and consume the protected information safely and from anywhere (Cloud, Internet, ...).
Why not a reverse VPN (a virtual private network initiated from inside the protected network towards an outside terminator) then? There are several profound technical reasons, but if we had to pick just one, the most obvious is that - once established - a VPN allows generic TCP/UDP traffic; if any of the VPN nodes outside the firewall are compromised, the attacker may use such nodes to indiscriminately try any IP-based attack towards the inside network.
This risk is obviously inexistent with Xiid's SealedChannel technology; in fact, even in the extremely unlikely event that a request collector may be compromised, the attacker still has no way to inject arbitrary TCP/UDP traffic towards the inside network; the attacker would only be able to craft text payloads are leave them on the Collector, hoping that the Agent would pick them up. The Agent, in turn, has full authority over the contents of such payloads, and if they don't strictly follow Xiid's proprietary protocol will simply discard them. Plus, anything contained in such payloads will always be treated by the Agent as pure passive data, the Agent simply doesn't contain any binary code that could be exploited to allow execution of arbitrary code contained in the payloads picked up by the request collector.