TrustedDesktop

Comprehensive endpoint security solution and efficient desktop management

Today´s information systems still lack efficient protection against both out-sider and insider threats. Targeted malware attacks and data leakages are the most visible examples of these increasing threats. Thus, time has come for a more comprehensive approach to endpoint security. Today, IT infrastructures are shared, distributed, and heterogeneous. They extend into cloud computing. 360° security concepts have become essential, yet they should not add extra complexity or limitations in use.

TrustedDesktop provides an all-new level of protection both against attacks from outside and against data leakages from inside. Sirrix is first to comprehensively implement the notion of trustworthy systems as a fundamental concept for IT infrastructures.

Solution

TrustedDesktop is a secure virtualized desktop solution with practical information flow control. Its basic principle is the strong isolation of critical applications and corporate workflows as well as the reliable enforcement of security policies.

Its innovative technology enables a comprehensive and auditable lifecycle protection of all enterprise data. The overall system guarantees that protected information is only processed by trustworthy components. Thus, any data leakage by malicious or accidental errors is prevented efficiently.

At the same time, the TrustedObjectsManager (TOM) combines a system-wide security policy management with an easy to use deployment, configuration and provisioning system for the entire infrastructure, including networks, clients and desktop images.

Architecture

The core component of TrustedDesktop is the TURAYA.SecurityKernel. The SecurityKernel virtualizes different operating systems into individual isolated areas (compartments) running in parallel on the same client machine.

Every compartment can be allocated independently to a Trusted Virtual Domain (TVD), each spanning a distributed, but closed virtual processing area. Data leaving a compartment is seamlessly encrypted and can only by accessed in a local or remote compartment that belongs to the same TVD. This concept is revolutionary as it enables for the first time efficient information flow control for enterprise systems working with legacy operating systems. This is made possible by the TURAYA.SecurityKernel technology along with the integration of TrustedComputing technology.

TrustedDesktop provides many security and functional features, enhancing the enterprise security and increasing the efficiency of workflows:

• Comprehensive data leakage prevention with transparent file encryption.The solution transparently encrypts data leaving a secured compartment and restricts the access to other compartments of the same TVD. This includes transparent encryption of data on removable storage (USB, HDD) or data stored on remote locations (NFS,SMB). Thus, it provides offline transport capabilities for exchanged data.
  
  A transfer of unencrypted data between different TVDs is only possible if explicitly allowed by the security policy.
• Intelligent VPN client enables secure links between compartments belonging to the same Trusted Virtual Domain and to dedicated networks.
• Full hard disk encryption, sealed to the TPM security chip. In contrast to other solutions, the encryption key is never seen by the operating system and thus, no viruses, trojan horses or other malware can leak or change sensitive key material.

Trusted Computing provides hardware-based security

TrustedDesktop is based on a SecurityKernel with the Trusted Platform Module (TPM) acting as a hardware anchor for fullsystem integrity. The solution withstands even physical attacks like malicious code injection or attempts to steal sensitive key material.

TrustedDesktop saves real money: With a single license, a full-coverage solution is employed, including hard disk encryption, VPN client, data leakage prevention and desktop virtualization.