New version of LynxSecure adds secure bare-metal networking and
advanced cloud-based threat detection capabilities
San Jose, CA, Wednesday, 24 February 2016 – Lynx Software Technologies unveiled the LynxSecure 5.3 Separation Kernel Hypervisor at Embedded World, Nuremberg, and announced a powerful new capability that extends the principle of domain separation to the network connection. At the same time, in partnership with Webroot, they revealed real time cloud-based threat detection for guest operating systems hosted by LynxSecure. LynxSecure 5.3 is being demonstrated in the Lynx booth at both the Embedded World Conference in Nuremberg, Germany from February 23rd to 25th (hall 4A, booth 338) and at the RSA Conference in San Francisco, USA from February 29th to March 3rd (south hall, booth 732)
Commenting, Robert Day, Vice President, Marketing at Lynx Software Technologies, said, “The success of connected cars, connected infrastructure and other safety-critical IoT applications rests on the resolution of two key security challenges. The first is the robust protection of not only the gateways and endpoints, but also the lines of communication between them, and then from the gateway out over the Internet. The second is real time threat detection, as well as containment. With today’s announcement, we are delivering both – opening the path to a new generation of connected vehicles, a vast array of safety critical infrastructure and for further industrial and mainstream IT deployments.”
LynxSecure 5.3 is a DoD certified secure virtualization solution based on separation kernel technology. When deployed in an IoT gateway, LynxSecure implements the robust separation of domains, ensuring that the Operational Technology (OT) network hosting the IoT endpoints is securely isolated from the wider Information Technology (IT) network. With a tiny trusted code-base, LynxSecure provides IoT endpoints and gateways with the protection they need by reducing the attack surface exploitable by malicious agents to an absolute minimum, and securely controlling any communications between the OT and IT domains.
LynxSecure 5.3 is the enabling platform for LSA.connect, a secure network encryption component built using LynxSecure bare metal applications (LSAs). In its simplest configuration, LSA.Connect can be used to encrypt network traffic without exposing a large attack surface to malicious agents by housing the network encryption algorithms in their own secure domain, away from both the operating system connected to the internet and the encryption keys themselves. In a more sophisticated configuration, LSA.connect can be used to extend the principle of domain separation to the network, by supporting multiple isolated encryption tunnels over a single physical network connection, again each housed in their own isolated domains (see Figure 1).
Will Keegan, Director of Software Security at Lynx, said, “The large attack surfaces present in monolithic operating systems such as Linux expose both the connected IoT devices and also the network encryption algorithms to the potential for exploitation by malicious agents. The combination of LynxSecure and LSA.connect offer isolated domains for each network, and separate bare-metal encryption which changes the connected IoT gateway from being a point of attack to a point of defence. As an example of multi-stream communications, a connected car could take advantage of separate domains to implement firmware updates, the communication of telematics data, and the transfer of downloadable content for in-vehicle infotainment (IVI), all using dedicated secure encryption tunnels.”
Figure 1- Bare Metal Encryption offers multi-stream secure IoT communication
Advanced Cloud-based Threat detection
Lynx is also partnering with Webroot® and combining its IoT Security Toolkit with LynxSecure to provide real-time threat intelligence services and intelligent cybersecurity device agents for the protection of critical IoT and IIoT systems against rootkits and other Advanced Persistent Threats (APT). By embedding components of the Webroot IoT Security Toolkit inside their own domain on LynxSecure, threats can be detected, identified and removed without the constraints or risks inherent in running solutions at the operating system level.
John Sirianni, Vice President, Strategic Partnerships, IoT, at Webroot, commented “Combining LynxSecure with our IoT Security Toolkit linked to our Webroot Threat Intelligence Platform can address the ‘detection gap’ where malicious attacks can remain invisible for months after first infection. Our real-time detection technology, housed in its own isolated LynxSecure domain, identifies the moment the threat first enters a system, and allows security teams and security systems to quickly assess the threat, and analyse itbefore it can do any damage.”
Both the secure communication and the threat detection technologies are being extensively discussed at the Embedded World conference programme. On Tuesday, 23 February at 12.00 Robert Day together with Dan Isaacs of Xilinx will be addressing secure communications in a paper called “Architecting Cybersecure IoT Systems Using New Programmable SoC Multi-layer Security”. On Thursday 25 February, at 10.00, Will Keegan of Lynx will be talking about “The Connected Embedded Devices of the IoT: A Playground for Malicious Agents, or an Opportunity for Manufacturers to Innovate?”
David Dufour of Webroot will take the detection gap as his theme in a paper on Tuesday at 10.30 about “Securing IoT Devices Using Big Data and Contextual Analytics”. At 13.30 on Thursday, Robert Day and David Dufour will follow up with a paper on “Securing the IoT – Combining Platform Protection with Cloud-based Threat Intelligence“.
LynxSecure 5.3 is already available on the Intel Architecture and will be released on ARM platforms in 2016.
Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world. Our award-winning SecureAnywhere® endpoint solutions and BrightCloud® Threat Intelligence Services protect tens of millions of devices across businesses, home users, and the Internet of Things. Trusted and integrated by market-leading companies, including Cisco, F5 Networks, Palo Alto Networks, A10 Networks, Aruba Networks, and more. Webroot is headquartered in Colorado and operates globally across North America, Europe, and Asia.
About LynxSecure and LynxSecure Applications
The LynxSecure Separation Kernel hypervisor brings unique protection characteristics to intelligent devices, gateways and cloud infrastructure. It combines military-grade security with hard real-time scheduling, offering unique differentiation against traditional virtualization solutions. The separation kernel and “Type-0” hypervisor is an award winning bare-metal architecture, designed from the ground up, that differentiates from type 1 hypervisors by removing the un-needed functionality from the “security sensitive” hypervisor mode, yet virtualizes guest OSes in a tiny stand-alone package.
LynxSecure provides an independent runtime environment and libraries to build high assurance LynxSecure applications (LSAs) that run directly on the CPU cores without relying on the assistance of a guest operating system. LSAs are extremely useful for computing environments that require assurance that application logic is correct. By removing the complex dependencies on an operating system, verifying correctness of these high assurance applications becomes drastically simpler.
About Lynx Software Technologies
Lynx Software Technologies, a world leader in the embedded software market, is committed to providing the highest levels of safety and security in its RTOS and virtualization products. The latest product in the portfolio, the award winning LynxSecure offers a secure separation kernel and embedded hypervisor that forms a platform for the development of highly secure systems. Since it was established in 1988, Lynx Software Technologies has created technology that has been successfully deployed in thousands of designs and millions of products made by leading communications, avionics, aerospace/defense, and consumer electronics companies. Lynx headquarters are located in San Jose, CA. For more information, visit www.lynx.com.
Lynx Software Technologies is a trademark and LynxOS is a registered trademark of Lynx Software Technologies, Inc. Other brand or product names are registered trademarks or trademarks of the respective holders.