Ceedo’s Kernel Firewall Technology

Intercepts and isolates threats before they can enter your environment


The Drivers

At the core of Ceedo’s isolation technology is a component called the “Kernel Firewall.” The Kernel Firewall is made up of a set of specialized drivers that are sandwiched at different locations between the user request for an object and the Kernel component that executes said request. For instance, when a user application sends a ‘write file’ request to the Kernel, before reaching the Kernel itself, the request first passes through the drivers which constitute the firewall.

Intercept and Isolate

Once a request to the Kernel has been intercepted, the Kernel Firewall then determines if and how it should manipulate the request. For instance, if a browser tries to write a file to path “C:\…\File.PDF”, the Kernel Firewall intercepts the call and can replace “C:\” with some other drive letter, for example, “R:\,” resulting in the Kernel executing the write request to “R:\…\File.PDF.”

Isolation Inheritance

Ceedo’s Kernel Firewall doesn’t only capture and manipulate File System and Registry operations, but also inter-process calls, making sure that if an isolated application spawns another application, for instance a user clicking a downloaded PDF which launches Adobe Reader, the reader too will be virtualized.

Full-Environment Separation

While the Kernel Firewall can isolate specific processes, as is usually the case when dealing with security scenarios, it can also regard an entire user session as a process to isolate, meaning that anything the session is trying to do, including installing applications can be captured. This means that the administrator can “record” an application’s installation and then play it back on other machines, useful, especially for delivering applications, supporting user-installed applications and profiles, and deploying entire workspaces for desktops beyond the organization’s reach.