Cybersecurity features
Never loose control of endpoints after a ransomware attack. Always be able to reinstall Windows or Linux unattended even though the system is completely blocked.
Ransomware attacks are now prevalent in the cyberworld. A successful attack will block both your data and your computers. Ultimately, the very first impact, beside your reputation, is productivity loss; your systems and your employees cannot perform their duty. You will obviously recover the data from your backup, but what about the computer assets, particularly those that are distributed?
The NearEDGE Boot component sits outside the operating system and is therefore immune to a ransomware lock. It is always able to provide remote access from the Control center, allowing it to perform a complete re-installation of the Windows / Linux operating system. After this re-installation, the computer is back into a normal, clean state.
A compromised computer should be immediately quarantined. The best action is to stop it and prevent further damage to your other resources, including the ones that are hosted in the cloud.
It is not a question of if but when; one day, some of your endpoints will be compromised. This is a fact of digital life. When this happens on a local computer, the simple and immediate action is to pull its power cord (or Ethernet if it is wired) to protect the rest of your assets. But how will you prevent remote compromised Endpoints to access distributed cloud resources? Or be used as a jump board to make further damage and/or exfiltrate data.
Upon receiving an instruction from the Control center, the Runtime component will immediately reboot the operating system. The Boot component will then take control and block the OS. The malicious software then becomes quarantined.
Encrypting the disk is one of the must have cybersecurity measure. But do not leave this to the user. Lock and unlock the disk for them without them even noticing.
Protecting the data at rest, i.e. encrypting on disk, is crucial when Endpoints are outside security perimeters. Leaving this to the user or the operating system (which may be compromised) can leave data unprotected.
Using the disk's hardware capability to encrypt the data, the Boot component unlocks the disk at start time without no user intervention. No more PIN keying using a code written on a sticky note. This takes place before the operating system, using an unlocking key acquired from the Control center. This solution provides the following benefits:
- The operating system plays no role, so even if it is compromised, a hacker can not recover the unlocking key. The key is never stored in the computer
- The Control center can revoke the use of the key and thus permanently prevent the disk from being unlocked
- No trace is visible that the disk can be locked
VPN can be troublesome. They also connect all of our teleworkers home LAN to your LAN. Eliminate all this by simply not using a VPN for IT operation.
VPNs are great tools to protect from the outside world. They prevent eavesdropping, manipulation and all sorts of attack to the data in transit that connects trusted sites. But what if one of site can not be trusted, such as a home network or a customer's premise? Most VPN solution come with a built-in firewall, which must be properly configured to let the legitimate traffic to transit and block other traffic. But what if this firewall becomes mis- or de-configured down the road?
Instead of using a VPN technology, the Runtime components and Access gateways use a Websocket channel. This channel is inherently secure by design since it only transports TCP connections originating from the Access gateway side, installed at your NOC. With this, you can be sure that:
- It is not possible to establish connections from the remote site to anything in your NOC
- A connection from the NOC can not bleed beyond the remote endpoint
When an employee leaves the company an item on the TODO list is to prevent him, or her to use a computer. You need to do the same for teleworkers leaving the company.
Employees eventually cease to work for the organization. They may be let go or they may resign, but in any case sensitive data must be made inaccessible. This data usually lives outside the remote Endpoints but it is not always the case; some may live on the local disk of the remote Endpoint. The best remediation is to simply lock down the computer immediately.
As part of the normal IT suspension procedure, the process simply need to revoke the permission to run the operating system at the remote Endpoint. The Runtime component will immediately reboot the operating system and the Boot component will take control. At that point, the operating system stop and protected.