For users handling sensitive or classified information, a traditional endpoint system cannot be trusted when leaving the corporate/classified network’s confines. The COVID-19 crisis has caused a prolonged work from home period, with some companies like Twitter and Fujitsu offering workers the opportunity to work from home permanently. While this is relatively easy to state, CIOs and CISOs have to adjust their IT networks to support this environment. Hackers have been quick to take advantage of this shift. The figure to the right, taken from the McAfee Labs COVID19 Threat Report published in July 2020 shows how the attacks have increased by market sector. Lynx also carried out its own survey, the results of which are summarized here.

Traditional operating systems such as Windows, MacOS or Linux/Android that run on endpoints are vulnerable to cyber-attacks, and security updates and anti-virus software cannot be relied on to protect the endpoint. Traditional IT endpoint security solutions rely on either patching the endpoint OS or anti-virus applications that run on the endpoint OS. Either way, a compromised OS allows the threats full access to the endpoint. The sensitive data residing on the endpoint and even the encryption keys that are used to protect the data. This limits the usefulness of portable endpoint solutions such as laptops or tablets, as the sensitive information could be compromised as soon as the endpoint is connected to the outside world, either via an IT network or through connections such as USB memory sticks.

The solution consists of the following elements:

1. LynxSecure Separation Kernel Hypervisor; Hardware-enforced separation and virtualization properties of LynxSecure allow for separate secure domains to exist. Two main domains are constructed:

• One that is not secure, connected to the outside world, and handling clear-text unclassified data
• A second domain used for handling sensitive or classified data, with no connection to the outside world. Any data transfer to and from this domain is controlled and encrypted, and any sensitive information that is stored on the endpoint is also encrypted.

Both domains can run standard operating systems and applications, but the OS and applications in the secure domain are isolated from any network borne outside threats.

2. Lynx Multi-Node Management; Lynx offers manageability to perform provisioning and enable the update and upgrade of operating systems and other software functionality running in virtual machines. Lynx’s platform provides tools to integrate with the current MDM (Mobile Device Management) solutions. LynxSafe supports this capability on the device itself, keeping the relevant APIs, messaging and integration required to execute on security workflows without compromising security.

3. Inline Disc Encryption; Allows for encryption at the storage speed for the data stored on the disk. This means that even if the endpoint is ever broken into, or stolen, the data is never exposed to a third party.

The platform is extensible to support the most stringent certification requirements such as CSfC (Commercial Solution for Classified applications) defined by the United States Government’s National Security Agency (NSA). The process enables commercial products to be used in layered solutions to protect highly classified information

DISCUSSING THE MISSION CRITICAL EDGE

VP of Product Management Pavan Singh discusses the Mission Critical Edge and Digital Transformation in the age of COVID with Chris Preimesberger, Editor of eWeek online magazine. 

Get More Information

What to Expect

The information you provide will help Lynx to better understand your requirements at the high level and we will be able to do research on your behalf and be well prepared for our next interaction.

Your information is always considered completely confidential and is not shared with anyone outside of Lynx Software Technologies without your expressed permission. We respond to these form inputs within 1-2 business days.