Our experts, including CTO Matthias Haas, Vice President of Sales Brian Cornell, Vice President of Vertical Solutions James Millington, and Claudio Nessi, Regional Vice President, were on hand to share insights with organizations attending the event on how to manage endpoint security and cloud applications while saving money.

Some of the key takeaways our team took from the event include:

1. The elephant in the room. We all know changes are coming at VMware and that, unfortunately, people will be affected. But what was encouraging from an EUC perspective was a signaling of the continued innovation and investment in the Workspace ONE and Horizon platforms.
2. Optimizing the journey to the cloud. The multi-cloud story applies to end-user compute as well as the data center. Whether through a journey directly from on-premises deployments to DaaS, or split strategies of bursting to the cloud for additional scale or disaster recovery (DR), organizations are looking for flexibility to move between environments easily. Having an endpoint designed for simplicity that can be easily reconfigured to connect to a new desktop environment is critical to the success of these projects.

   Download our solution brief, “11 Reasons to Choose IGEL Enterprise Endpoint OS 12 for VMware Workspace ONE and Horizon 8.”

3. Endpoint security. Security has long been a benefit of virtual desktops. The ability to reboot to a clean image is instrumental in getting organizations up and running in the event of a successful attack. But the benefits of this can be lost if the endpoint doesn’t share the same reboot to clean approach. IGEL’s Preventive Security Model eliminates endpoint vulnerabilities and enables centralized management of IGEL endpoints from the IGEL Universal Management Suite (UMS), regardless of physical location. IGEL and VMware Horizon are among the most resilient IT infrastructures to combat ransomware and other malware.
4. Partnerships. Seeing such a great turnout of partners – and friends was great. The integrations between Workspace ONE and Horizon platform and the rich partner ecosystem help our end customers deliver meaningful solutions for specific use cases, such as healthcare. IGEL’s newly announced integration with Workspace ONE Identity Services is one example of a customer-driven partnership where we delivered the right user experience to solve specific workflow issues.
5. User Experience and Cost Optimization. Digital employee experience is a hot topic for many organizations – and we agree. In fact, we’d be very appreciative if you’d take two minutes to fill out the survey we are running with our partner, LG. Ensuring simple, consistent access without delays, distractions, or security issues is core to our Secure Enterprise Endpoint OS. As budgets tighten and organizations look for ways to support innovations like DaaS, Cloud, and SaaS (and working out how to incorporate AI!), optimizing your endpoint for the cloud is a critical part of this strategy.

Download our solution brief here to learn how IGEL and VMware make the “perfect pair” for easy, safe, and cost-effective end-user computing for today’s modern enterprises.

The post IGEL and VMware: A “Perfect Pair” for Cost-Effectively Securing the Enterprise appeared first on IGEL.

• There was a 500% increase in ransomware attacks in 2021 compared to 2020.
• 70% of all intrusions last year were malware.
• There was an attack every 11 seconds in 2021.
• On average, there are 90+ monthly vulnerabilities for Windows that require patching.
• More than 1,000 slow and expensive VPN connections can be required to manage and control remote endpoints in a typical enterprise.
• Tens of millions of dollars in fines are levied each year for non-compliance with data protection standards, such as GDPR.

To mitigate the increased exposure to these cyber risks, IT teams must act proactively and swiftly to safeguard the most vulnerable point in the network – the endpoint. Combatting these escalated endpoint threats requires organizations to look at all the ways threats could succeed and tighten up controls in each element, including user activity, policy and access controls, antivirus software, suspect or abnormal byte sequence detection, a chain of trust, and virtualization and cloud-based computing. Experts recommend a “defense in depth” strategy, or multi-layered approach to physical, technical, and administrative controls to safeguard a business from security threats.

Endpoint Security Starts at the OS

The solution to protecting endpoints, however, really starts with the device operating system (OS). Moving Windows to the data center or cloud via virtual desktops and using a lean, inherently secure Linux-based OS can instantly fortify the security posture of any endpoint. For example, moving Windows off the endpoint is the logical strategy as cloud-based apps, like Azure Virtual Desktop, Windows 365 Cloud PC, along with cloud-based offers supported by VMware and Citrix are now the virtualization standard for end-user computing. This approach also consumes less IT staff time since it streamlines patching and other security updates across an organization’s entire IT environment, greatly reducing risk at the endpoint. Users, regardless of their locations, can confidently use their endpoint devices of choice to access the data and apps they need in the cloud, all while minimizing the chances of introducing a threat.

An OS built for VDI, DaaS, and digital workspaces can be structured as a modular, read-only and tamper-proof firmware base, for optimal success. Since the endpoint OS has an extremely small “attack surface” and all the data is stored in the cloud, there is literally nothing for hackers to target on the endpoint. In addition, the inclusion of multiple security-focused features in the OS can be designed to minimize exposure and deter attackers from gaining access to an organization through the endpoint devices.

Giving users what they need to do their jobs effectively and controlling access to non-relevant apps will significantly reduce an organization’s attack surface and can help stop attacks before they even happen. IT teams can set policy controls based on end-user roles to minimize the “human factor” as well.  For example, an endpoint device can be “locked down” in appliance mode or kiosk mode to perform only one function and nothing else. Additional measures like multifactor authentication can add another layer of security and protect the organization to minimize harm, even if an endpoint device is lost or stolen.

Securing the Device and Beyond

Organizations also need to think beyond the endpoints and devices and focus on practices that reduce risk regardless of where or what devices an individual is using at the time. Recognizing that a hybrid workforce will likely introduce rogue devices at some point, security protocols must be implemented that are, at a minimum, set with a standard security baseline across devices, to support what is becoming a permanently fluid style of working.

Organizations should also think about adding a chain-of-trust process to their security strategy. A sequence of cryptographic signature verifications that ensure end-to-end integrity really adds an extra level of confidence with every device startup or reboot. A chain-of-trust process can extend from the endpoint device to the digital workspace VDI host or cloud. Every time a device is used, chain-of-trust ensures that none of the firmware and software in the startup sequence have been altered. With a chain-of-trust process in place, the end user is alerted, and IT can take the necessary steps if it detects a failure condition at any step along the way.

Some organizations still focus on the “cure” when it comes to getting hit by cyberattacks and threats. Minimizing harm after getting hit by a cyberattack is possible using the IGEL US Pocket, for example. However, the amount of damage and required work to overcome an attack can be reduced significantly if you simply take the necessary steps and precautions to provide protection in the first place. You need to help your people to have a protected and productive workday, every day, from anywhere. Taking preventative measures by implementing the multi-layered approach to endpoint security outlined in this article, you can protect endpoints with built-in security to increase the overall threat defense against ransomware and other forms of malware. Focus on the prevention rather than the cure.

The following article was written by Dan O’Farrell, VP of  Product Marketing with IGEL, and first published in Information Security Buzz.

The post Prevention Is The Cure appeared first on IGEL.

Malware is also becoming an increasingly simple endeavor for cybercriminals, even those who are new to the space. “With tools like PowerSploit, PowerWare and Cobalt Strike, even low-skilled attackers can take everyday malware payloads and execute them using sophisticated memory injection techniques to evade detection,” the report said. Similarly, ransomware-as-a-service is helping escalate ransomware attacks. “Would-be criminals no longer need coding skills to carry out devastating attacks against organizations thanks to commoditized offerings available on the dark web and underground forums,” WatchGuard noted.

The post Ransomware Endpoint Threats: How to Fight Back appeared first on IGEL.

What’s Endpoint Security?

Endpoint security is the exercise of entry points or endpoints of end-user gadgets to prevent malicious campaigns and actors from exploiting them. It ensures that all devices, including laptops, smartphones, and tablets, used at the workplace are protected from security breaches.

Types

Endpoint security has evolved significantly to ensure protection from sophisticated zero-day threats and a lot of modern malware.

The following are the types of endpoint security that are currently available:

1. Antivirus. This is the most traditional endpoint protection mode. You can install antivirus software directly on your devices. It will then detect and remove malware and malicious applications. In virtual desktop environments, antivirus software normally runs in the cloud where the virtual desktops are located.
2. Browser isolation. This endpoint security mechanism curbs any browser-related threats such as ransomware, malware, surprise downloads by isolating browsers and eliminating hazardous web browser codes.
3. Application control. This mechanism simply controls permission and restriction of all applications. It works through whitelisting, blacklisting, and graylisting to stop malicious applications.
4. Endpoint encryption. This is the process of scrambling and encoding data so that only certain individuals can read or use it. Those who are allowed access to the data use decryption keys to open it. This method of endpoint security leaves your organization protected from data theft and exposure.
5. Network access control. This method involves the use of computer networking solutions to secure access to network codes. They use a set of protocols to implement strategies that regulate the access to network infrastructure by particular users and devices.
6. Cloud security. This endpoint security mechanism makes cloud infrastructure stronger and able to resist more cyber threats.
7. Endpoint Detection and Response (EDR). This is where applications that enter and exit a network’s endpoints are monitored. The security mechanism’s main components include malware and ransomware detection, threat investigation, and granular visibility.
8. Email gateways security. This method involves filtering and monitoring all incoming and outgoing emails to curb malicious activities and totally prevent hackers from gaining access to an organization’s networks and applications.
9. URL filtering. This mechanism mainly works through the filtration of web traffic. Users will then no longer be able to access websites that are harmful to your network.

Benefits

The following are the major benefits of enhancing endpoint security:

• Increased productivity. Endpoint security is one of the ways you can enhance more organizational productivity. This is because it will ensure that your employees have all the apps and date they need on time and can, as such, handle time-consuming issues swiftly.
• Protection of valuable data. Your company’s sensitive business information is a critical asset that should never fall into the wrong hands. Endpoint security helps to ensure that only authorized individuals access such sensitive data.
• Curbing hackers. When you have safeguarded your company’s important and sensitive information, hackers will be less inclined to try to breach your systems.
• Cost savings. Endpoint security can enhance cost-effectiveness in your organization. This is because problems can be prevented before they occur, thus eliminating the need for troubleshooting and manual data retrieval.

IGEL OS Endpoint Management

With the threat of cyberattacks ever increasing, the need for effective endpoint security measures cannot be understated. Their necessity is even greater considering the fact that most employees nowadays work remotely, using home computers and mobile devices.  

IGEL OS is the next-generation edge OS for cloud workspaces designed with the specific purpose of endpoint security in mind. It readily integrates into all leading modern cloud technologies, such as AWS, Citrix, Microsoft, and VMware, and can run on any compatible x86-64 device. 

Contact IGEL today to start your free trial.  

The post What is Endpoint Security? appeared first on IGEL.

Given new trends in digital workspaces, including VDI and DaaS, ESG Senior Analyst Mark Bowker believes there is a convergence of factors that are creating the ideal conditions for alternate endpoint strategies. These strategies support the consumption of desktops from a centralized data center or cloud for consistent, productive end-user experiences regardless of location, couple with a consistent IT desktop management experience that supports workers when and how they want to work.

Yet, in the context of delivering these new virtual and cloud workspaces, a heightened priority on security comes to light. Even while 79% of IT professionals believe alternative desktop delivery models such as VDI and DaaS are more secure than traditional desktop delivery models, security is still a concern.

In fact, according to the research, three of the top five workspace delivery priorities involve security. In addition to improving employee collaboration (37%) and managing user expectations of access, device choice and application preferences (35%), detecting security incidences, vulnerabilities and risk (36%), controlling and setting conditions for endpoint security policies (32%) and responding to security incidents, vulnerabilities and risk (31%) were listed in the top five:

To help resolve these security concerns, IGEL is the perfect solution. Here’s how:

• Enterprise-level security is built in. Working to minimize the risk of security incidents and vulnerabilities, IGEL OS is based on a highly secure Linux-based operating system which is virtually impossible to manipulate and is extremely resistant to viruses and other malware. That takes the risk and challenge of detecting and responding to endpoint security breaches down to the absolute minimum.
• Premium security features are standard. IGEL takes built-in security a step further with support for two-factor authentication, smart card readers and trusted application execution – security features that extend your level of protection at the edge via IGEL’s vast technology partner network.
• Secure policy management is simple. Using the IGEL Universal Management Suite (UMS) policy management and control can be easily managed for up to tens of thousands of endpoints from a single console. That means, using simple drag-and-drop configuration and management, endpoint policies can be set and applied for granular control. Active Directory policies and profiles are easily integrated.
• No local data is saved on the endpoint. Using IGEL OS, no data is stored on the actual endpoint device – it’s all stored in the secure cloud or data center where it can be compliantly managed and secured. This gives IT much greater control of security while users remain productive and happy.
• System-wide integrity is assured. Using IGEL’s unique “chain of trust” capability, all components of VDI or cloud workspace implementation are verified system-wide as secure and trustworthy. That means each discrete step from the endpoint to the cloud or data center is validated, and is only started if it is cryptographically signed by a trusted party.

With heightened manageability and the agility to support users any way and anywhere they want to work, VDI and DaaS will overtake traditional desktops in the workplace – sooner rather than later. Read the ESG report to see why the success of VDI and DaaS are tied to improved efficiency, security and sustainability – three value propositions underscored through the use of IGEL. Download the ESG report here: https://www.igel.com/esgsurvey/

The post 3 in 5 Workspace Delivery Priorities Involve Security. How Do We Address Them? appeared first on IGEL.

Initially organisations had to divert all their attention in ensuring employees could ‘work at home.’ Many now however, are the second phase of this new reality and are looking into the future of what this will mean longer term. As a result, they seek ways to enable more secure, performant ‘work from home’, ‘work from anywhere’ strategies, which includes the office post COVID-19.

Many of these strategies will involve end user computing solutions focused on delivering business applications and data to the employee. This will no doubt include new endpoints, mobile devices, SaaS applications and Unified Endpoint Management solutions to name a few.

However, in these discussions it is important not to forget the importance of security and the continued rise of ransomware.

A Look Back

In 2017, the WannaCry ransomware attack quickly spread across the globe and sadly taught far too many organisations that ‘out of date,’ unpatched systems allowed criminals to penetrate corporate networks and hold corporate data to ransom. Back then following in the aftermath of WannaCry, a tremendous amount of focus was placed on the importance of patching systems and ensuring that end of life (EOL) or end of support (EOS) operating systems, such as Windows XP, were retired or migrated to new versions.

But its 2020 – is ransomware really still an issue?

A New Paradigm Still Faces Ransomware

In the last week alone… it’s been reported that ransomware attacks have become more commonplace than payment card theft incidents for the first time. Businesses are increasingly considering paying ransomware attackers because recovery is too daunting and ransomware continues to rage on particularly in public sector organizations. It’s clear, the cybercriminals simply don’t care about a global pandemic and continued attacks will continue to happen.

For many, Virtual Desktop Infrastructure (VDI) and DaaS is helping to ensure that organizations can be prepared for both – empowering user work mobility and mitigating security risk.

In a new survey from Enterprise Strategy Group (ESG), it was reported that security continues to be a top reason for choosing VDI / DaaS. In fact, nearly all organizations report that security is a top purchase criterion when selecting a digital workspace – with 53% saying it’s critical and 45% saying it’s important.

Even further, ESG found that 4 in 5 organizations believe VDI or DaaS to be more secure than traditional desktop provisioning.

Interestingly, ESG also found that three of the top five workspace delivery priorities involve security, including detecting security incidences, vulnerabilities and risk (36%), controlling and setting conditions for endpoint security policies (32%), and responding to security incidences, vulnerabilities and risk (31%). Only improving employee collaboration (37%) and managing user expectations of access, device choice, and applications preferences (35%) ranked among them.

While, VDI and DaaS alone are not a panacea – as many as 65% say that while VDI and DaaS are helping endpoint security is still a concern – our future will continue to demand both remote flexibility and security. This means that IGEL, with its inherent support for VDI and DaaS endpoint implementations, will clearly play an increasingly important role for tomorrow’s endpoints. Because, for many, what will be running at the edge will likely not be Windows.

The post Secure Work Must Still be the Priority – at Home and Office appeared first on IGEL.

Healthcare IT and security staff are looking for solutions to the growing complexity of managing so many computing and network technologies – all in one organization. At the endpoint and device level, clinicians and staff want technology to help with secure data and application access and otherwise stay out of the way. They expect and need their user profile to consistently follow them from one device to another and between rooms, buildings, campuses and even home, with no lag in workflow.  And senior IT management is looking to do all of this as cost-effectively as possible.

IGEL, Citrix Workspace and Imprivata OneSign are meeting these needs and joining together as a Citrix Ready Bundled Solution designed to provide clinicians the secure, convenient, easy access they want – regardless of what device they’re using, or in what physical location they are working. Citrix Workspace integrates with IGEL OS on endpoint devices and Imprivata OneSign to provide seamless, secure no-touch access to virtual apps and desktops as well as increasingly common SaaS-based clinical apps.

Users tap their badge on the Imprivata reader connected to an IGEL OS powered endpoint to launch or reconnect to their Citrix virtual apps and desktops. Imprivata OneSign provides single sign-on (SSO) and virtual desktop automation, fully authenticating the user and giving them rapid access to all relevant applications. Citrix Gateway then securely delivers the clinical user’s workspace environment to the endpoint device running IGEL OS.

Providing this level of security at the endpoint is vital to meeting compliance regulations and to help mitigate the risk of digital data theft. It reflects the simple, safe, secure user experience that is IGEL’s core vision. We are dedicated to making the endpoint management environment the most efficient and as secure as possible for IT staff, and for supporting clinicians as they deliver the best patient care. Our Citrix Ready Bundled Solution brings our vision into simple, day-to-day clinical care reality.

For more information, view IGEL and Imprivata profiles on the Citrix Ready Marketplace, or take a few minutes to read the solution brief for more detail on how IGEL OS, Citrix Workspace and Imprivata combine to provide an optimized endpoint solution for hospital clinical staff productivity.

Also visit with us in the Citrix Ready Booth 1741 at HIMSS 2020 to explore how we can help you serve your healthcare customers with a bundled solution that gives them the most seamless digital user experience.

The post IGEL, Citrix and Imprivata Strengthen and Simplify Hospital Endpoint Operation, Management, and Control appeared first on IGEL.

IGEL, via its next-gen edge OS for AWS cloud workspaces, and eLumin, which delivers Amazon WorkSpaces to the classroom, are teaming up to provide students round-the-clock, secure access to their virtual applications – regardless of the device they are using. It’s the hallmark of IGEL’s endpoint management approach, serving people, whether students or workers, who now demand this level of flexible, secure access to their applications. Students now have everything they need on their device – a turnkey experience and one IGEL OS users are well accustomed to enjoying.

IGEL’s secure Linux OS and its Universal Management Suite, which enables efficient, centralized endpoint management, and eLumin’s integrated management of Windows and learning applications, combine to solve four main education needs:

1. Productive and responsive student and staff experience
2. Efficient and reliable remote management
3. Seamless technology integration
4. Proactive security approach

As eLumin President Greg M. Smith remarked, “Technology should never get in the way of life, learning or accomplishment.”  We wholeheartedly agree. Working together, eLumin and IGEL will bring a seamless, secure learning experience to tomorrow’s innovators!

Please spend a few minutes listening to our webinar with eLumin and Amazon to gain further insights into our new cloud-based education partnership.

The post IGEL and eLumin are Bringing Secure Digital Workspaces to the Virtual Classroom appeared first on IGEL.

Built on AWS, AppStream 2.0 leverages data center and network architecture designed for the most security-sensitive organizations. Users benefit from a fluid and responsive experience with their applications, including those pesky 3D design and engineering that are GPU-intensive. Furthermore,applications run on a virtual machines optimized for specific workloads and streaming sessions automatically adjust to network conditions.

AppStream 2.0 and IGEL

Did you know that you can use your IGEL-powered endpoint as an AppStream 2.0 ready workstation? It is fast and easy to configure. If you are a subscriber to AppStream 2.0 services, you can take the following steps to configure your IGEL edge device to automatically launch your AppStream 2.0 applications on startup. As always, it is best to create your sessions using IGEL Universal Management Suite (“UMS”) Profiles to do the job.

Create an IGEL UMS Session Profile for Amazon AppStream 2.0:

1) From the IGEL Universal Management Suite (“UMS”) Console, create a new profile based on a current firmware version. Under Sessions, navigate to the Browser section and add a Browser Session.  Configure the desired start methods for your session.  Because we’re creating an AppStream workstation, I would recommend setting the session to Autostart:

2) You want your session to land on your AppStream 2.0 logon page. So, under the “Settings” section of your session definition, you want to set the “When browser starts” option to “Show my homepage” and set the “Homepage” to the URL to point to your AppStream login page, which is usually your SSO portal. Set your “Start monitor” to whatever is appropriate for your use case, and check “Autostart” if the option is available for your firmware:

3)  There are of global settings that you want to configure to “tighten up” the user experience. So, under Browser Global, you want to configure options in each of seven subsections: Tabs, Security, Advanced, Window, Menus & Toolbars, Hotkeys, and Context. You want to configure each of these subsections to match the screen shots below:

Browser Global

Explanation:  We are disabling the intrusive Firefox splash screen because… it’s intrusive and we don’t care to see it.

Tabs

Explanation:  We do not use tabs in our AppStream 2.0 workstation, so we are configuring the Firefox Browser to present everything in a single tab.

Security

Explanation:  Since the Firefox Browser that is included with IGEL OS is being configured to connect only to your AppStream 2.0 portal, we are eliminating any chance to browse other websites, public or private.  For the same reasons, we also can also turn off Firefox’s Safe Browsing and Malware Protection.

Window

Explanation:  By starting the Firefox Browser in fullscreen, we are creating an application kiosk.

Menus & Toolbar

Explanation:  By eliminating all menu bar, tabs, and navigations portion of Firefox, we are completing an application kiosk.

Hotkeys

Explanation:  We do not want our users to be able to use Firefox hotkeys to perform various functions, so we are disabling all hotkeys.

Context

Explanation:  Since we don’t want users to access the context (or dropdown menu that appears when we Right-Click a webpage, we are disabling all context menu items and hiding the context menu completely.

Save your profile and apply it to your IGEL OS devices.

After your IGEL-powered endpoints have their IGEL AppStream Profile, the devices will automatically launch the Firefox Browser in a kiosk mode and connect to your SSO portal from which you can launch AppStream 2.0 streaming sessions.  Here are some example of what you will see:

IGEL-powered endpoint booting up and browser launching as soon as the IGEL OS completes loading:

Login page to your intranet portal (AWS Single Sign-On shown):

The AppStream 2.0 stacks the user is entitled to:

AppStream 2.0 streaming Blender, a free and open-source 3D graphics software used for creating animated films, visual effects, art, 3D printed models, interactive 3D applications, and video games, to the IGEL-powered endpoint:

AppStream 2.0 streaming SOLIDWORKS, a computer-aided design and engineering computer program, to the IGEL-powered endpoint:

Use Cases

Use cases for AppStream 2.0 include enterprises, which can use it to simplify application delivery and complete their migration to the cloud; educational institutions which can provide every student access to the applications they need for class on any computer; and, and software vendors who can leverage AppStream 2.0 to deliver trials, demos, and training for their applications with no downloads or installations, or a full software-as-a-service (SaaS) solution without rewriting their application.

To Learn More

If you have AppStream 2.0 and are interested in learning more about how to configure the application streaming service on your IGEL-powered device, drop us a line at sales@igel.com.

The post How to Configure Amazon AppStream 2.0 on Your IGEL-Powered Endpoint appeared first on IGEL.

Speculative execution is a nifty trick that modern microprocessors use to do their work faster: Regardless of whatever branch program execution will take – the CPU has already calculated the result in advance. However, this speed increase has a security downside. Timing attacks and other techniques can be employed by attackers to abuse speculative execution to read data that the CPU would normally protect from them.

Confidentiality under Threat

What would that mean? On a multi-user-system, one user’s program could potentially read passwords, cryptographic keys and other confidential information associated with another user’s processes on the same CPU. This threat is even worse for cloud hosting providers, where one customer might access secrets contained in a different customer’s virtual machine.

And IGEL?

IGEL OS and IGEL’s variant of Windows 10 IoT, however, are in effect not really multi-user systems. True, technically they run code under different user, administrator and system accounts – but the secret information they might contain in practice only belongs to the person sitting in front of the workstation. The fact that IGEL operating systems run from read-only system partitions further mitigates the risk that an attacker could install a snooping program on a machine. This is why IGEL rates the threat of the recent processor vulnerabilities for IGEL systems as low.

Help Is on the Way

In addition, IGEL is working on integrating Intel microcode fixes for Zombieload, RIDL and Fallout (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091) into our products. Our Product Security Incident Response Team has published Security Note 2019-03 [LINK], announcing fixed versions of IGEL OS 10, IGEL OS 11 and IGEL Windows 10 IoT. When these are released, we will update that note, and inform our customers via blog posts and a newsletter.

The post Don’t Fear the Zombie appeared first on IGEL.