Proactive protection is all about securing your platform from outside the application, without the need to modify it.
Ensuring that the “Golden images stays golden”.
We believe security and enhancements should be additive and non-intrusive.
In short whatever is the use case, security should “just work” –
- No deterioration in functionality
- No / little performance overhead of security
- User gets to choose what he wants to enable
- No restrictions
We have 3 main paradigms of Proactive protection,
Proactive Protection – Data
- Cell Isolation : Different functionalities running in separate execution blocks called Cells.
- Secure storage and partition access control: Restrict cell access to what is important.
- Modularity reduces the attack service
- Optional DAR (Data At Rest) Encryption
Proactive Protection – Kernel
- Hardening by L1 Hypervisor
- Page table access / authentication
- Minimum TCB
Proactive Protection – Network
- Defence grade secure VPN derived from D4 Secure
- Non-bypassable Network filter and firewall
- Optional VPN Encryption (DIT – Data In Transit)