Lynx Software Technologies Partners with Google Cloud to Support Google Anthos Bare Metal and Google Visual Inspection AI Service
Lynx Software Technologies Partners with Google Cloud to Support Google Anthos Bare Metal and...
The COVID-19 crisis has caused a prolonged work from home period, with some companies like Twitter and Fujitsu offering workers the opportunity to work from home permanently. While this is relatively easy to state, CIOs and CISOs have to adjust their IT networks to support this environment. For users handling sensitive or classified information, a traditional endpoint system cannot be trusted when leaving the confines of the corporate/classified network.
Hackers have been quick to take advantage of this shift. In just 10 cyber incidents during 2021, over $600 million in cash was stolen or taken as ransom. Tens of millions of citizen records were stolen, 40,000 businesses’ IT operations put at risk, one billion airline passenger details compromised and at least one bank was effectively shut down for over a week.
Traditional operating systems such as Windows, MacOS or Linux/Android that run on endpoints are vulnerable to cyber-attacks, and security updates and anti-virus software cannot be relied on to protect the endpoint. A compromised OS allows the threats full access to the endpoint, the sensitive data residing on the endpoint and even the encryption keys that are used to protect the data.
Sending metadata up into the cloud as opposed to data that is traceable back to a specific individual.
Some data are better made locally, in real-time, as opposed to being sent to the cloud for processing.
A fraction of the data being sent to the cloud is being mined effectively for analysis... but it is all being stored, which costs the enterprise a significant amount of money.
The integration of robust data analytics...
Average cost of a breach in US companies (2021)
Percentage of data breaches due to malicious or accidental incidents from insiders
Days to recognize a breach has taken place (2021)
In addition to the isolation and security functionalities offered by LynxSecure Separation Kernel Hypervisor, Lynx-MfE provides the following functionality:
Virtual KVM functionality allows end-users to switch their physical keyboard, video, and mouse between VMs using hot-keys.
In certain situations, it is useful to delay the power-on of a specific VM until another VM has reached a certain power-on state. The staging of the VMs' power-on sequence is provided by Lynx-MfE's staged-boot functionality.
Lynx-MfE includes support for a Pre-Boot Authenticator.
Over the Air (OTA) Updates
This features allows an administrator to remotely update the VM root disk, the Certificate ISO image or a LynxSecure image. Lynx-MfE supports 2 distinct types of updates.
The figure below shows a typical secure edge solution based on Lynx-MfE
The Lynx solution for secure laptops have fundamental advantages as compared to the systems that are built using traditional hypervisors. These include:
Least privilege architecture
This architecture does not include a privileged operating system that when compromised, can open up the system to vulnerabilities. This architecture does not have a hypervisor administrator login or an administrative user.
Immutable hardware partitioning
The system’s configuration, including the partitioning of hardware resources, interconnects between VMs and peripheral assignment is done prior to boot time. A bad actor cannot do dynamic OS modification or try to execute code from the unsecure operating system into the secure operating system.