Dell Endpoint Security Suite Helps Protect Air Gap Environments

Dell develops a new version of its Endpoint Security Suite that is able to be deployed in tightly controlled environments that do not have a physical connection to the public internet.

Data security

Dell today announced a new version of its Dell Endpoint Security Suite Enterprise offering that can be deployed in air gap environments.

The promise of so-called air gap environments is improved security by virtue of being physically isolated and disconnected from the public internet. The problem with air gap environments, however, is that due to their isolation, they are unable to benefit from the many modern security technologies that require a connection to the cloud.

The cloud is often used as a back end for malicious file processing and analytics, as well as system updates, according to Dave Konetski, Dell Fellow and vice president in the Client Solutions Office of the CTO. The Dell Endpoint Security Suite includes data encryption capabilities as well as advanced threat protection. The advanced threat protection functionality comes to Dell via security vendor Cylance and in the standard edition requires a cloud connection. However, Dell, working with Cylance, has developed a custom edition of the platform that can now work in air gap mode without needing an active connection to the public internet or the cloud.

The way the system works is an agent on the endpoint makes a determination if something that is running is potentially malicious. Konetski said the machine learning model that runs on the Dell Endpoint Security Suite Enterprise technology is typically updated via the cloud, but with the new air gap edition, it is updated via a physical medium, like a USB drive.

"The models that are running on the endpoint that are able to determine whether an item is malicious are very small and efficient," Konetski told eWEEK. "Since the model is based on attributes of a file, we have found that they only need to really be updated a couple of times a year."

The physical medium used for updating is cryptographically signed by Dell, with the management infrastructure from the Dell Endpoint Security Suite Enterprise server validating the signature prior to installing the update. There is a full cryptographic key server built into the Dell Endpoint Security Suite, he said.

One component of the larger Dell security portfolio that will not be coming to the air gap environment is support for post-boot BIOS verification, which Dell first announced in February 2016.

"From a security model standpoint, the BIOS cryptographic hashes are kept in Dell's data center and so the BIOS verification at time of boot is verified by rechecking the hash from Dell," Konetski said.

Looking forward, across the broader Dell Technologies portfolio multiple new security capabilities will be developed and delivered to customers. Through the acquisition of EMC, Dell now also has RSA Security technologies as part of the larger Dell security portfolio.

"We have a very robust technology roadmap for the next several years, and our collaboration with RSA and other Dell Technology family companies including VMware is still young," Konetski said. "As the collaboration continues to mature, I think you'll see some truly innovative things that we are able to do as Dell Technologies."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.