The InZero Gateway has a secure hardware architecture with hardened dual mode OS, watchdog integrity protection, and requirement for physical confirmation of user actions – among other things.

In effect, InZero approach is NOT trying to understand malware but instead to create an environment where malware cannot execute.

As an example, let’s consider the Protected Browser application that resides on the InZero Gateway. The browser software is stored in a read-only memory, which prevents any malware from changing it.

Once the browser is launched, watchdog integrity protection continuously verifies that the Protected Browser has not been changed and is still running. If either one of these conditions is false, the Protected Browser is shut down and restarted – with a clean copy from the read-only memory.

This security architecture extends to all the applications on the InZero Gateway. InZero Gateway employs a new hardware design to solve the long-standing “backdoor vulnerability” issue that plagues software solutions. Even the most insecure software becomes protected when deployed on InZero Gateway. Note as well that all applications are physically separated to prevent cross-applications attacks.

Once connected to the protected host PC, InZero Gateway disables network adapters on that PC. In effect, the host PC can be considered offline, except for the connection to the InZero Gateway – and what PC is better protected than an offline one?

Yet this offline PC is still capable of sending and receiving emails, processing attachments, browsing internet and downloading/uploading documents. This enables a high degree of productivity within an unprecedented security environment.

In addition, InZero Gateway features powerful VPN capabilities and PKI support.

The InZero Server Gateway is designed to facilitate secure transfer of data between the host PC and an organization’s server. It supports the same VPN functionality as InZero Gateway and creates secure “no backdoor” point-to-point VPN to all connected InZero Gateways.

At the same time it enforces two-way certificate-based authentication for the purposes of robust access control. Administrator can at any time revoke or grant access to a server protected with InZero Server Gateway by issuing a new security policy.

The InZero Management Console is PC-based software that an administrator uses to issue policies for all InZero Gateways and InZero Server Gateways that are in an organization’s InZero domain. InZero Management Console interacts with InZero Management Server to upload the policy. InZero Gateways and InZero Server Gateways use “heartbeat” technology to check for policy updates at a predetermined time interval which is specified by the administrator.

Users can be grouped according to their roles/organizational units or geographic location to facilitate policy management.

The Management Server is the central component of the InZero Security Platform. It maintains Gateway configurations, VPN configurations, and NAC permissions. It initializes a new Gateway’s cryptographic configuration and transmits new configuration data (the security profile and policies) to the Gateways.

Note: For the purposes of free trial and in a typical configuration, InZero Management Server is hosted by InZero Systems at the company’s data center. However, each customer’s domain and corresponding Gateways are administered by the customer’s administrators. The Management Server stores policies created by an organization’s administrators and communicates those policies to the organization’s Gateways when they connect.