Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Quick Tour of Ceedo Safe Browsing and Remote Access Protection.

Published byChristina Harrison Modified over 6 years ago

Similar presentations

Presentation on theme: "A Quick Tour of Ceedo Safe Browsing and Remote Access Protection."— Presentation transcript:

1 A Quick Tour of Ceedo Safe Browsing and Remote Access Protection

2 (contractors, offshore, BYOC)
When connecting to or from unsafe locations, the end-point\data center is exposed. Organizational Resources Data theft Machine hijacking Ransomware (Cryptolocker) Compromised infrastructure Privacy (session leftovers) etc. Corporate Desktop Unmanaged PC (contractors, offshore, BYOC)

3 Conceptually… If you could some how create a barrier – an abstraction layer – in the PC stack, you could: Applications Hard Disk Another HDD Operating System Desktop Environment Applications Desktop Environment Operating System Hard Disk Defend the OS and Apps

4 Abstraction Layer = Virtualization

5 Ceedo’s virtualization engines - overview
Disk virtualization Ceedo has an internal VHD-based virtual disk-mounting system Disks are mounted through internal OS<->disk interface Disks can be mounted with no mount point and into RAM Create child disks, merge disks, etc. Hard Disk Operating System Desktop Environment Applications VHD Process virtualization Process-centric isolation Every operation a specified process tries to execute is manipulated and redirected Virtualization is inherited by child processes For instance, if a virtualized browser opens PDF Reader, the PDF reader will be virtualized too Hard Disk VHD Operating System Desktop Environment Applications

6 How do we isolate windows components?
Think of regular firewalls: Internet\network firewalls allow companies to decide which applications can have incoming or outgoing connections to the network depending on rules Now think of PCs: Our Kernel Firewall allows companies to decide which applications can have access to the OS and other apps! Completely isolating apps depending on rules

7 Remote Access Protection and Safe Browsing
Hard Disk VHD Operating System Desktop Environment Applications Remote Access Protection and Safe Browsing connecting to or from unsafe locations

8 Isolation – from the inside out
Traditional anti malware solutions are mostly based on signature recognition and heuristics. This means that if the attack vector is new or smart enough – you are exposed. Isolation protects the machine by blocking any untrusted software or infected web pages from touching the machine (MITM/MITB). Window title 3/14/2011 3:00PM

9 Isolation – from the outside in
Traditional remote computing relay mostly on communication-centric measures (tunnels, 2FA, etc.). But if the client is compromised, nothing is secure. Isolation prevents the compromised machine from accessing any data generated during a remote session. Window title 3/14/2011 3:00PM

10 Ceedo’s extra security and privacy tools
Nothing is written to the machine and all generated data can be removed entirely at the end of the session. To add an extra layer of protection, the “bubble” runs from a hidden location stored inside an encrypted container. And to seal the environment we also deal with environment permissions (AC), process enforcement, and more…

11 What we do – in process isolation context
Run isolated applications (installed to the host or encapsulated) Protected from the client and protecting the client Leave zero-footprint and/or keep data encrypted Remove all session data after shutdown, or store it in encrypted containers Allowing safe browsing and secure computing To and from unsecure locations keeping privacy and safety

12 How we do it Isolate processes by redirecting all R/W functions
For instance: app writes document to C:\, we divert it to X:\ Capture all R/W data in a hidden disposable VHD volume Optional load VHD as RAM-disk and/or with zero-mount point Leverage native NTFS permissions (AC) Launch processes with “Run-As” using separate user account

13 Components in process isolation context
VHD based isolated environment (optional: with encapsulated applications) Application launcher (host/encapsulated) Kernel “firewall” – intercept and divert R/W operations form virtualized processes Virtual user with separate elevation and NTFS security configurations. Kernel functions “firewall”

14 Components in process isolation context
VHDs and data can be stored inside encrypted containers locked to a specific machine. Environment can force processes to terminate based on MD5 and Certificate Thumbnail (black\whitelist) All components undergo integrity check to protect against tampering Remote wipe\deactivation Kernel functions “firewall”

15 Thank You

Download ppt "A Quick Tour of Ceedo Safe Browsing and Remote Access Protection."

Similar presentations

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Call Center Call Center on a Stick Ceedo for Call Center Presentation.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Call Center Call Center on a Stick Ceedo for Call Center Presentation.
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Workspace Concept and Technology Overview Ceedo Client Workspace.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Workspace Concept and Technology Overview Ceedo Client Workspace.
Dynamic Desktop Composition. Modular desktop composition at file-level What is Ceedo Desktop? A smart driver that intercepts and redirects R/W functions.

Dynamic Desktop Composition. Modular desktop composition at file-level What is Ceedo Desktop? A smart driver that intercepts and redirects R/W functions.
© 2011 All rights reserved to Ceedo. Ceedo - Flexible Computing Certificate-Based Authentication (CBA - 2FA) The organization MUST be able to positively.

© 2011 All rights reserved to Ceedo. Ceedo - Flexible Computing Certificate-Based Authentication (CBA - 2FA) The organization MUST be able to positively.
© 2012 All rights reserved to Ceedo. Enhanced Mobility with Tighter Security.

© 2012 All rights reserved to Ceedo. Enhanced Mobility with Tighter Security.
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Offerings For Service Providers Ceedo Client Workspace Virtualization.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Offerings For Service Providers Ceedo Client Workspace Virtualization.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Understand Virtualized Clients 10753 Windows Operating System Fundamentals LESSON 2.4.

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
File sharing. Connect the two win 7 systems with LAN card Open the network.

File sharing. Connect the two win 7 systems with LAN card Open the network.
Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.
Agenda Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.

Agenda Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN

Similar presentations

Ads by Google