Hysolate: A New CyberSecurity Company Bringing the Benefits of Virtual Machines to Endpoints

I recently met with Tal Zamir and Dan Dinnar, the co-founders of the new cybersecurity firm, Hysolate, which recently emerged from stealth mode. Hysolate, with offices in Tel Aviv and New York, was created by, and spun out of, Team8, a cybersecurity-company incubator run by former leaders of Israel’s renowned signal intelligence unit, 8200. Unlike most incubators, Team8 aims to launch only a single new company each year – but aims for all of its offspring to become category leaders.

Hysolate offers what it terms “virtual air gap” technology – essentially doing on endpoints such as user laptops and desktop computers what virtual machines do in data centers: allowing separate virtual computers (VMs) to run on a single physical machine. These VMs are isolated from one another – each runs its own operating system and maintains its own memory space. And, of course, users (and any malware that users inadvertently allow to infect their machines) interact with the VMs – they cannot directly access the virtual machine configuration, the hypervisor (the software that creates, runs, and manages, and winds down virtual machines), or the underlying physical machine and its operating system.

I see two immediate, significant benefits that such technology may deliver:

1. Cost savings and efficiency gains in environments in which people traditionally use two or more computers for security reasons (e.g., one computer for general use and one for performing online banking activities). In most (but not all) cases, a single computer running multiple unconnected virtual machines should provide adequate security – while cutting in half (or more) the number of computers that have to be purchased and maintained. One clear exception is vis-à-vis classified information and networks – the government is not, at any time soon, going to allow a single physical device to be connected to both classified and unclassified networks regardless of how solid the technology isolating the two networks may be; this should not be an issue for Hysolate, as Tal and Dan plan to target the commercial sector, where the cost and security benefits should be a strong incentive to adapt the new technology.

2. Improving security for people who today use a single computer for all of their computer tasks – and that includes the vast majority of people. Instead of performing sensitive activities such as online banking on the same computer as one plays games, surfs the web, or opens emails, a person can run these two functions in separate, unconnected, virtual machines. If malware activates in the virtual machine being used to read email it cannot see, or do anything to, the online banking session, as the two applications are running on different virtual computers. Additionally, Hysolate handles its VMs’ networking via a special network security VM through which other VMs communicate to networks – allowing organizations to derive many of the security benefits of segmentation without the complexities involved in actually segmenting. Another potential security benefit of Hysolate might include better security when people perform personal tasks: an enterprise that gives employees a VM in which they can perform personal computing-related tasks is less likely to suffer the consequences of someone inflicting serious harm while attempting to use corporate resources for a personal activity.

One important difference between Hysolate’s technology and server VM technology is that Hysolate is optimized for user machines. For example, the technology allows windows from multiple VMs to be displayed on a single display as if they were different windows on a single computer, and for the keyboard and mouse to automatically and seamlessly communicate with the virtual machine on which the current window is running. This means that Hysolate does not change a user’s experience; to run an online banking application and read email, for example, a person would click on the relevant icons, and both windows would open on his or her display the same way they do for non-Hysolate users. The difference is behind the scenes – rather than being two windows running on a single computer, the two windows are running on separate, unconnected virtual machines, with the hypervisor managing the windowing for the display and the input devices.

All in all, the Hysolate offering looks quite interesting, and its introduction of VM-like capabilities at the endpoint could potentially revolutionize the way we think about desktop/laptop computer security. I will be watching this company going forward.