The 10 Commandments of Hardware-Enforced Isolation using the Byos µGateway

1

Hardware-Enforced Isolation through the Byos µGateway provides isolated physical modules; the µGateway has its own WiFi antenna and System-on-Chip, meaning it doesn’t share its network card with the host. Attackers cannot compromise the host through the same known vulnerabilities in common network cards because the host is not directly connected to the Network.

2

As an independent Hardware-Enforced isolation device, the Byos µGateway provides stability by not relying on the Host OS. If the host has an OS failure, Byos will remain fully functional, whereas security software may crash because of its reliance on the OS, downgrading the host security.

3

Hardware-Enforced Isolation using the Byos µGateway has no OS incompatibility; the µGateway speaks TCP/IP and is recognized by the host as USB-ethernet gadget, making it fully independent of the age or OS of the host computer. Newer software is incompatible with older OS.

4

Hardware-Enforced Isolation provides full CPU and RAM isolation, preventing network threats from accessing stored information in the host RAM or CPU. Software security solutions are prone to information leakage because they share RAM and CPU with the host.

5

During a malware infection, Hardware-Enforced Isolation remains unaffected because Byos µGateway resides outside of the host, micro-segmenting the Host from the rest of the network. While residing in the host, malware can silently disable the functionality of security software, going unnoticed by the user and security teams.

6

Hardware-Enforced Isolation using the Byos µGateway will alert network administrators of outgoing traffic connections in the presence of Malware. Malware can be injected by remote code execution vulnerabilities that have existed even in the presence of security software like VPNs and Secure Web Gateways.

7

With Hardware-Enforced Isolation using the Byos µGateway the user’s computer is protected from compromised servers on the same network.

8

The Byos µGateway does not share computing resources from user’s machine (RAM, Processing power, etc.). It also does not require no user knowledge - plug it in and connect.

9

As an isolated hardware device, the Byos µGateway is more difficult to reverse engineer than a software binary. Software is vulnerable to cracking, whereas a hardware device limits possible attack methods hackers may take to exploit the users information. Physical tampering protections are built into the hardware, protecting the core of the device.

10

IT has full control over the functionality of an external Hardware Device, without user interaction. Security under some operating systems might be lower than expected.

Hardware-Enforced Isolation and the NASA breach