HP uses virtual machine technology to secure sensitive data
Privileged data and credentials are prime targets for attackers. Protecting this information is a challenge, particularly as systems have moved to the cloud and networks have become more diverse.
Larger organizations have often turned to things like privileged access workstations, but that means that access can only be made from a limited number of machines. HP Wolf Security has launched a new Sure Access Enterprise (SAE) product to protect users with rights to access sensitive data, systems, and applications but allow them to use a normal endpoint.
SAE uses HP's task isolation technology to run each privileged access session within its own, hardware-enforced virtual machine (VM). This isolates the session from any malware in the endpoint operating system and means users are free to conduct privileged, non-privileged, and personal activities securely from one machine.
"The idea being that even if your desktop OS has become compromised for whatever reason, then malware within that desktop OS couldn't extract the document from the from the protected VM. It couldn't scrape the screen it can't inject keystrokes or otherwise interfere with that particular user activity," says Dr Ian Pratt, global head of security for personal systems at HP. "We need less software to actually do the virtualization these days, so now it's possible that on a typical laptop, you can have as many as 10s of virtual machines running. You're able to create virtual machines in milliseconds and really be able to do so without noticeable performance impact on the user."
Sure Access Enterprise features strong integrations with Privileged Access Management (PAM) solutions (like CyberArk and BeyondTrust), IPSec remote access tunnels and multi-factor authentication. There's also centralized management to enable separation of duties and flexible policy options -- such as locking connections to specific PCs or users or requiring HP Sure View activation for privacy.
There's hardware root of trust, supported by the latest Intel technologies, to prevent malware from bypassing security controls, and encrypted, tamper-resistant session logging to track access, without recording sensitive data or credentials, easing compliance.
Though SAE is currently aimed at more security mature organizations, Dr Pratt says, "We obviously think the bigger market is for organizations, which haven't deployed privileged access workstations. But also outside of that I think, ultimately, there are even personal use cases, I certainly use a protected VM when I'm logging into my personal bank."
You can find out more on the HP site.
Image credit: peshkova / depositphotos