Back in May 2021 we launched our first version of Hysolate Free, as a Free Forever sandbox for isolating risky activities. We were delighted with the large number of users who signed up and found the solution helpful, but we realized that something was missing. Hysolate Free was a great solution for users looking to isolate risky activities in a separate VM but it didn’t provide a solution for users who wanted to do the opposite: protect sensitive assets or data in an isolated workspace.
Mixed usage on endpoints puts sensitive assets at risk
Your Windows device probably has access to risky content from email, untrusted websites, messaging applications, etc. At the same time, that same endpoint device may also be accessing sensitive data/systems. Even if you have standard endpoint security solutions, malware could still launch on your endpoint and gain access to those sensitive assets. Human error can also lead to sensitive data being shared with the wrong recipients/publicly.
Examples of such sensitive access/data/systems include:
- Privileged IT systems such as the AWS console or Azure portal
- Client information, e.g. on BI apps, Splunk or Elasticsearch
- HR data accessible via systems like Workday or Bamboo
- Financial apps such as online banking and exchanges
- Sensitive documents stored on a file storage service
- A client/work system accessed via a VPN or VDI connection
With 70% of attacks still taking place on the endpoint, and mixed usage issues becoming even more common in the last two years, more needs to be done to secure sensitive access at the endpoint.
Introducing Hysolate Free for Sensitive Access
Hysolate Free isolates access to sensitive websites, documents, and apps in a secure virtual workspace (a sensitive VM) that runs locally on your Windows endpoint. It provides additional protection against malware, ransomware, phishing, keylogging, screen capturing and other forms of data theft, as well as against human error leading to data leaks.
Here are some of the product’s main features:
- After a one-time configuration, your sensitive websites will be automatically redirected into the isolated sensitive VM.
- Accessing risky websites in the sensitive VM will be redirected back into your primary environment to protect the sensitive VM.
- User data in the sensitive VM is encrypted (including anything you download or open in the VM, your cached credentials, etc), so that ransomware on the host cannot exfiltrate sensitive data for extortion purposes, etc.
- You won’t have admin rights in the sensitive VM to prevent accidental installation of persistent malicious malware on the sensitive OS.
- The sensitive VM is protected against keystroke and screen capture.
- You cannot copy and paste sensitive content out of the sensitive VM.
- As the sensitive VM is a completely separate OS, it also has a separate instance of Edge/Chrome, so that existing malicious browser extensions on your primary environment cannot access the browser running in the sensitive VM.
- No access to printers/USB devices on the sensitive VM, to prevent accidental data leaks via these channels.
- The non-persistent sensitive VM is reset to a pristine OS image on every restart.
Setting up Hysolate Free up on your endpoint takes only a few minutes via a lightweight app that creates the isolated VM on your endpoint, but without the need of deploying or managing a full VM image. If you’re familiar with the concept of multiple desktops or spaces, you’ll feel right at home, as the isolated sensitive environment is accessible via a separate desktop that you can switch into with a shortcut, making the experience intuitive for both technical and non-technical users.
Hysolate Free is not a limited-time trial, but rather a fully-functional product that’s offered free, forever, as part of our mission to help people secure sensitive data on their endpoints. For enterprises, we offer a paid enterprise version with additional features, customizations, and manageability.
Already downloaded Hysolate Free for isolating risky activities? Now you can switch between the two Hysolate Free products via the control panel.
Looking for an Enterprise-ready Sensitive Access solution for the endpoint? We would love to tell you more about Hysolate’s fully managed OS Isolation solution for employees or contractors. You can request a demo here.
*** This is a Security Bloggers Network syndicated blog from Hysolate authored by Tal Zamir. Read the original post at: https://www.hysolate.com/blog/hysolate-free-for-sensitive-access/