LYNX MOSA.ic for Avionics Now Supports 11th Generation Intel® Core™ Processors
San Jose, CA – 5 October, 2021 –
Mission critical software provider enables companies like Kontron...
A US-centric survey by the Ponemon Institute in January 2020 highlighted that attacks against endpoints are growing while detection is getting harder. Some of the datapoints which were of particular interest include the following:
The National Security Agency/Central Security Service (NSA/CSS) Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS data. This will provide the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years. Comparable approaches will be embraced by a diverse set of Enterprises that, in the post COVID-19 era, must maintain security levels with an increased number of employees working completely or more regularly from remote locations on networks with questionable security levels.
Sending metadata up into the cloud as opposed to data that is traceable back to a specific individual.
Some data are better made locally, in real-time, as opposed to being sent to the cloud for processing.
A fraction of the data being sent to the cloud is being mined effectively for analysis... but it is all being stored, which costs the enterprise a significant amount of money.
The integration of robust data analytics...
Average cost of a breach (2019)
of successful attacks are zero-day
Days to fully apply a patch
Lynx is supporting a US customer who is creating a CSfC compliant platform. The program is based on Dell 5590 Laptop with support for Windows 10 and Ubuntu 18.04 LTS running on LynxSecure. In normal operation, a user plugs in the laptop into Ethernet LAN and boots the machine. A session manager is loaded. If a LAN is detected, an authentication option with be launched to load a “protected session”. The user logs into protected sessions using network authentication and/or physical security tokens.
The system supports the following system functionality
By adding a partition dedicated to host an “unprotected Windows” instance, the Lynx technology will still enforce the protected Windows to only connect via VPN, while the user’s unprotected Win10 can have normal web access.
The LynxSecure separation kernel is able to allocate hardware resources (CPU cores, memory and IO) to specific virtual machines in a fine-grained way. Once those allocations are made and the system boots, they cannot be adjusted. Unlike other hypervisors there is no helper OS. In a laptop application, this means that this type of platform offers
After the secure boot of the system and the immutable boot-time hardware partitioning, strict isolation of applications is enforced
Because of the system security being enforced all of the time