TrustedDesktop

Comprehensive endpoint security solution and efficient desktop management

Today's information systems still lack effictive protection against both outsider and insider threats. Targeted malware attacks and data leakages are the most visible examples of these increasing threats. The time has come for a more comprehensive approach to endpoint security. Today, IT infrastructures are shared, distributed and heterogeneous. They extend into cloud computing. 360° security concepts have become essential, yet they should not add extra complexity or restrict use.

TrustedDesktop provides an all new level of protection both against attacks from outside and against data leakages from inside. Sirrix is the first to comprehensively implement the idea of trustworthy systems as a fundamental concept for IT infrastructures.

Solution

TrustedDesktop is a secure virtualized desktop solution with practical information flow control. Its basic principle is strong isolation of critical applications and corporate workflows as well as reliable enforcement of security policies.
Its innovative technology enables comprehensive and auditable lifecycle protection of all enterprise data. The overall system ensures that protected information is only processed by trustworthy components. Any data leakage due to malicious or accidental errors is effectively prevented.

The TrustedObjectsManager (TOM) combines a system-wide security policy management with an easy-to-use deployment, configuration and provisioning system for the entire infrastructure, including networks, clients and desktop images.

Architecture

The core component of TrustedDesktop is the TURAYA.SecurityKernel. The SecurityKernel virtualizes different operating systems into individual isolated areas (compartments) running in parallel on the same client machine.
Every compartment can be independently allocated to a Trusted Virtual Domain (TVD), each spanning a distributed, but closed virtual processing area. Data leaving a compartment is seamlessly encrypted and can only be accessed in a local or remote compartment that belongs to the same TVD.
This concept is revolutionary since it enables, for the first time, efficient information flow control for enterprise systems working with legacy operating systems. This is made possible by the TURAYA.SecurityKernel technology in combination with the integration of TrustedComputing technology.

TrustedDesktop provides many security and functional features, enhancing enterprise security and increasing the efficiency of workflows:

  • Comprehensive data leakage prevention with transparent file encryption. The solution transparently encrypts data leaving a secured compartment and restricts access to other compartments of the same TVD. This includes transparent encryption of data on removable storage (USB, HDD) or data stored on remote locations (NFS,SMB). It essentially provides offline transport capabilities for exchanged data.
  • Transfer of unencrypted data between different TVDs is only possible if it is explicitly allowed by the security policy.
  • Intelligent VPN client enables secure links between compartments belonging to the same Trusted Virtual Domain and to dedicated networks.
  • Full hard disk encryption, sealed to the TPM security chip. In contrast to other solutions, the encryption key is never seen by the operating system and thus, no viruses, Trojans or other malware can leak or change sensitive key material. Trusted Computing provides hardware-based security. TrustedDesktop is based on a SecurityKernel with the Trusted Platform Module (TPM) acting as a hardware anchor for full system integrity. The solution withstands even physical attacks such as malicious code injection or attempts to steal sensitive key material. TrustedDesktop saves real money: A single license provides a full-coverage solution, including hard disk encryption, VPN client, data leakage prevention and desktop virtualization.