At the same time, it revealed real-time cloud-based threat detection for guest operating systems in partnership with Webroot.
“The success of connected cars, connected infrastructure and other safety-critical IoT applications rests on the resolution of two key security challenges,” said Lynx v-p marketing Robert Day. “The first is the robust protection of not only the gateways and endpoints, but also the lines of communication between them, and then from the gateway out over the Internet. The second is real time threat detection, as well as containment.”
When deployed in an IoT gateway, LynxSecure separates domains, ensuring that the operational technology (OT) network hosting the IoT end-points is securely isolated from the wider information technology (IT) network.
“With a tiny trusted code-base, LynxSecure provides IoT endpoints and gateways with the protection they need by reducing the attack surface exploitable by malicious agents to an absolute minimum, and securely controlling any communications between the OT and IT domains,” claimed the firm.
LSA.connect works with LynxSecure 5.3 and can be used to encrypt network traffic without exposing a large attack surface by housing the network encryption algorithms in their own secure domain, “away from both the operating system connected to the internet and the encryption keys themselves”, said Lynx.
In a more sophisticated configuration, LSA.connect can be used to extend the principle of domain separation to the network, by supporting multiple isolated encryption tunnels over a single physical network connection, again with each housed in their own isolated domains.
“The large attack surfaces present in monolithic operating systems such as Linux expose both the connected IoT devices and also the network encryption algorithms to the potential for exploitation by malicious agents,” said Lynx director of software security Will Keegan.
The Webroot deal is intended to provide real-time threat intelligence services and intelligent cyber security device agents for protecting IoT systems against rootkits and other advanced persistent threats.
By embedding components of the Webroot IoT Security Toolkit inside their own domain on LynxSecure, threats can be detected, identified and removed without the constraints or risks inherent in running solutions at the operating system level, according to Lynx.
“Combining LynxSecure with our IoT Security Toolkit linked to our Webroot Threat Intelligence Platform can address the detection gap where malicious attacks can remain invisible for months after first infection,” said John Sirianni, v-p of partnerships at Webroot. “Our real-time detection technology, housed in its own isolated LynxSecure domain, identifies the moment the threat first enters a system, and allows security teams and security systems to quickly assess the threat, and analyse itbefore it can do any damage.”