A fledgling Canadian network security company has launched its second product, a plug and play device aimed at protecting IoT devices.
Halifax-based Byos Inc. said its industrial Secure Gateway Edge is a small box that plugs into industrial controllers, security cameras, medical devices, POS devices and other networked devices to isolate them within a local network.
The company calls the approach micro-segmentation. By leveraging endpoint micro-segmentation through hardware-enforced isolation, the company argues, devices can be protected against network threats by minimizing the attack surface and protecting against remote code execution exploits.
If an alternative attack compromises a device, the Gateway contains it, preventing lateral network infections from spreading. The approach also prevents ransomware and denial-of-service attacks from rendering devices inoperable, the company says.
Connected by Wi-Fi or Ethernet, the Gateway allows administrators to have centralized management across a fleet of remote endpoints for simple policy provisioning, threat reporting, and security.
Launch of the industrial Gateway Edge follows the debut last October of the company’s Secure Endpoint Edge, a USB device for laptops and other mobile devices.
“With our solution we can have every device isolated from the outside world, have protection on the way in and on the way out and have control and visibility,” Matias Katz, company founder and CEO, said in an interview. “At the same time you don’t have to have the device isolated. You can still do remote patching, maintenance.”
The solution is sold on a subscription basis, with a cloud-based management console. Katz said a solution can cost between US$150 to $350 a year per endpoint, “depending on volume and the architecture of the deployment, and the term.”
Since the company launched it has eight to 10 customers in different verticals, he said.
Katz is originally from Argentina, where he ran a managed service provider and was a security specialist for IBM. After speaking at the Black Hat security conference in 2012, he was invited to speak at the annual Atlantic Security Conference (AtlSecCon) in Halifax the following year. He liked the city and kept it in mind when planning his new company.
The idea for what became Byos came while Katz was at a conference in Paris and realized that while his laptop was on a privileged Wi-Fi network, he still felt the device wasn’t safe. He wanted to create a solution to protect people on the go.
The first product, the Endpoint Edge, is powered by its USB 3.0/USB C connection. It functions on any device, regardless of its operating system. To prevent tampering it has a secure boot, signed binaries and a crypto co-processor.
The Gateway Edge is plug and play, so no agent or software installation is required on the host device – it automatically enrolls when plugged in. It has similar protection to the Endpoint Edge. Ideally, Katz said, one industrial Gateway Edge should be used per endpoint. However, he acknowledged that may not be possible, so the units can be shared.
Ultimately, he added, Byos plans to get out of the device manufacturing business and have agreements with network equipment makers to embed its technology in their products. Those products would carry the badge “Powered by Byos.” That may be several years away.
Byos has a two-level sales strategy, selling directly to some customers both in Canada and the U.S. as well as through a distributor — Insight Enterprises – whose partners resell Byos products in North America.