Privileged data and credentials are prime targets for attackers. Protecting this information is a challenge, especially as systems have moved to the cloud and networks have become more diverse.
Larger organizations have often turned to things like privileged access workstations, but that means access can only be from a limited number of computers. HP Wolf Security has launched a new Sure Access Enterprise (SAE) product to protect users with access rights to sensitive data, systems and applications, but allow them to use a normal endpoint.
SAE uses HP’s task isolation technology to run each session with privileged access in its own hardware-enforced virtual machine (VM). This isolates the session from any malware in the endpoint’s operating system and means users can securely perform privileged, non-privileged and personal activities from one computer.
“The idea is that even if your desktop operating system was compromised for some reason, malware in that desktop operating system would not be able to extract the document from the protected VM. It couldn’t scratch the screen, it couldn’t insert keystrokes or otherwise interfere with that particular user activity,” says Dr. Ian Pratt, Global Head of Security for Personal Systems at HP. “We need less software these days to actually do virtualization, hence it’s now possible to run virtual machines for up to 10s on a typical laptop. You can create virtual machines in milliseconds and really are able to do it without any noticeable performance hit to the user.”
Sure Access Enterprise offers strong integrations with Privileged Access Management (PAM) solutions (like CyberArk and BeyondTrust), IPSec remote access tunneling, and multi-factor authentication. There’s also centralized management to allow for segregation of duties and flexible policy options – like blocking connections to specific PCs or users, or requiring HP Sure View activation for privacy.
There’s a hardware root-of-trust powered by the latest Intel technologies to prevent malware from bypassing security controls and encrypted, tamper-proof session logging to track access without recording sensitive data or credentials, which facilitates compliance.
Although SAE is currently aimed at more security-ready organizations, says Dr. Pratt: “Obviously we think the larger market is for organizations that haven’t deployed privileged access workstations. In some cases, I definitely use a protected VM when logging into my personal bank.”
Visit the HP website for more information.
Photo credit: peshkova / depositphotos