HYDRA has been touted as a paradigm shift in technology by the likes of the NSA's SPOCK program, received numerous awards and certifications, and easily survives widely publicized for-cash hacker challenges as well as automated testing such as Nessus and metaSploit.

Sentinel Systems Corporation successfully demonstrated their most audacious security claims to several commercial interests and government agencies through the DoD’s Security Proof of Concept (SPOCK) program. The resulting report demonstrated NSA V2’s cooperation with industry and government system integrators to jointly verify the security-related functions of HYDRA. The full report is available as a controlled document upon request from Sentinel Systems Corporation. Here are some quotes from the report:

  • “This product represents a true paradigm shift in Server technology. It is a ground up design using security as the paramount concern.”

  • “Our conclusion, based on comments made by the participants during this exercise, is a clear positive response.”

  • “This solution provides the capability to host complete Web Services and process transactions more securely than other Web Servers because it does not rely on a traditional OS/Applications architecture to execute it’s responsibilities. It represents a new class of Hardware/Software that is especially designed to take maximum advantage of embedded technology.”

  • “The developer’s design approach eliminates the need for periodic patching, security upgrades, etc.. Specifically, the solution has been designed from the ‘Ground Up’, including only features which support a heightened security environment. This translates to ease of configuration, reduced skill sets to administer, etc.”

  • “We found indications that the traditional patches required to ‘beef up’ Server Operating Systems to respond to vulnerabilities may never be necessary with this type of design.”

Internet Financial Services, an offshore financial provider, writes, "Because we have clients around the world, there is no acceptable hour for our private Web site to crash. And the database behind the site must be totally secure. In the 12 months we have tested and used HYDRA for our Web site, the server has never crashed. And over that same year, despite our intrusion detection software logging as many as 100 attacks every hour, no hacker has ever penetrated HYDRA's defenses."

HYDRA is Common Criteria and FIPS 140 certified (see CM #328, 3DES #126, SHA-1 #110, and CC Evaluation).