Securing Worldwide Digital Assets at the Speed of Light
The Vir2us VMunity Enterprise Platform provides the technology required to protect network endpoints through Nano-isolation and a three dimensional COS matrix. This Platform delivers a secure computing ecosystem by employing the following features:
- Secure sealed Ring 0 Hypervisor inaccessible to attackers
- Virtual isolated computing environments
- A secure minimum trusted computing base
- A reduced attack surface limited to a single environment
- Trusted Platform module below the sealed virtual Hypervisor
By enclosing this Nano-isolation framework around the existing flawed computer architecture, the legacy infrastructure gains a layer of redundancy. Nano-isolation within a single virtual computing environment will provide granular isolation to reduce the attack surface to a single file and/or single application. This granularity allows real time monitoring of system state while improving system performance by 10X or better over the most popular security solutions.
In the instance where an attacker enters the system, the threat will be contained within a single virtual computing environment, which is discarded every time a process is executed. Thus, unauthorized access to Hypervisor-protected user resources is denied and the threat is not allowed to persist or virally propagate, effectively eliminating advanced persistent threats.
Superior Resource Management
The VMunity architecture manages virtual computing environments in a controlled manner. Virtual environments (Master Templates) are managed, validated and tracked by the VMunity controller. By default, virtual environments are discarded after every use, thus malware is not restored from virtual images. User data is isolated from OS and application Master Templates and accessed through a “Reference Monitor” modeled digital airlock based on validated OS and applications sources and rules engine.
Resources are tightly managed or eliminated: no folders are shared, configuration files are not shared by VMs, no backdoors are allowed, network connections are isolated and communications are handled with mandatory access controls such as sHype developed by IBM. Virtual environment resources are managed such that Denial of Service attacks that attempt to starve system resources are controlled and limited with maximum thresholds to ensure reliability.
The VMunity Platform assumes that endpoints will become penetrated, but that secure recovery, containment and resiliency can be attained. Once automated, the VMunity Platform will create a secure computing architecture by leveraging the tools of containerization in the following manner:
- Enhance the resiliency of computing resources
- Allow the enforcement of least privileges
- Enable real time continuous monitoring
The net result is an automated, lower-cost platform that can significantly reduce the heavy overhead imposed by current cyber security defenses.