Endpoint security is the perpetual bête noire of IT security compliance. Ask anyone tasked with securing them. Endpoints are a problem. They’re hard to secure. It’s even harder to govern their usage. People want to work where they want to work using whatever device they choose. Security measures tend to restrict productivity. No amount of hand-wringing will make it not so. Yet, solutions are emerging to mitigate potentially serious endpoint security risks.
Creating a secure endpoint infrastructure is the mission of Hysolate, an early stage company started within Israel’s renowned Team8 company creation platform. Hysolate offers a way to resolve the conflict between endpoint security and information worker productivity. The company is just now coming out of stealth mode, earning a slot as one of the 10 finalists in the RSA Innovation Sandbox Content.
IT Security Compliance through a Virtual “Air Gap”
Hysolate’s software establishes multiple operating systems on the same device using virtual machines that run on top of a bare metal hypervisor platform. Each OS is for a different use case, with degrees of security and restrictions applied according to custom security policies. For instance, one VM might be for general Internet use, with only a few restrictions. It operates in complete “air gap” style isolation from a second VM that runs corporate apps and can only access the corporate network and from a third VM used only for sensitive data access.
“Let’s say you go to the coffee shop and use their wi-fi on your Hysolate-equipped device,” said Dan Dinnar, Co-Founder of Hysolate. “If you open a browser window on your ‘sensitive’ VM and try to access your personal online bank account, the machine will tell you no, you can’t, but it will then automatically open the site on a browser from the Personal/Internet VM. The process is totally transparent to the end user.” In this way, as Dinnar explained, the worker can use the same device wherever he or she goes, but enjoys policy-compliant endpoint security in all locations and network contexts. “We let users have their own environment without limiting connectivity, productivity or usability,” Dinnar added.
The Hysolate platform also provides a management server that enables the IT department to establish granular security policies for each VM on the user’s machine. With the management server, administrators can design a “blueprint” for a security policy on the device. For example, What network segments can the user access in the “sensitive” VM versus the “Corporate”? Can a user copy and paste data between VMs? To which VM should USB devices or Cameras connect?
Multiple Operating Systems on a Single Device
One advantage of the Hysolate approach to is enable the end user to run more than one version of an operating system on the same machine, and in a seamless experience. That way, if the organization mandates Windows 7 Enterprise for the Corporate VM, that policy can be implemented easily. However, if the user wants Windows 10 for their Personal/Internet VM, he or she can also run that OS in parallel.
Hysolate is now expanding its customer base in the financial, technology, telco and other markets. “Working together with leading organizations as design partners has been a learning experience,” Dinnar noted. “But it’s very gratifying to see your concept validated in such large, geographically distributed enterprises.”
Hysolate was launched by Team8, a cybersecurity powerhouse and company creation platform that was founded by former leaders from Israel’s Technology and Intelligence Unit, 8200 (Israel’s NSA). Team8’s mission is to build category-leading companies that challenge the biggest problems in cybersecurity and give organizations the advantage over cyber attackers. It is supported by leading investors and partners, including Microsoft, Intel, Cisco, Qualcomm, AT&T, Accenture and Eric Schmidt’s Innovation Endeavors.