Silicon-Assured Video Isolation
Silicon-Assured Video Isolation (Garrison SAVI®) is a secure remote browsing technology that means risky web content is never processed on the user’s endpoint device. The Garrison SAVI® Isolation Appliance lives in the cloud or the data center, doing dangerous web browsing for you and supporting large numbers of users with fully interactive but fully sanitized access.
The Garrison SAVI® Isolation Appliance provides ultra-secure browsing using a unique hardware design using hundreds of Arm® chips – the technology that powers the world’s mobile devices. This revolutionary hardware design provides an unprecedented combination of ultra-high security with guaranteed user experience, even at scale.
You might expect that this sort of hardware security was only suitable for government or military applications. But by exploiting the price-performance of Arm® chips designed for the mobile market, Garrison SAVI® makes ultra-high security available at pricing in line with standard commercial security controls.
Scroll down to read more about how
Garrison SAVI® works or learn about Garrison
How Garrison SAVI® works
Garrison SAVI® technology is a simple concept that takes advantage of the incredible power of the Arm® devices that power the world’s mobile phones and tablets. By chance, it turns out that these devices are a perfect fit for secure remote browsing.
Garrison SAVI® uses two Arm® chips working as a pair. One of these two chips acts essentially as a tablet. It runs a browser, and other apps for consuming Internet content.
The pins of that Arm® chip which would normally be connected to a display are instead connected to the camera input pins of the second Arm® chip – which acts essentially as a camera. The "camera" chip watches the screen output of the "tablet" chip, compresses what it sees, and sends it over the network to be displayed to the user on their endpoint device.
If the "tablet" chip gets compromised by a malicious website, it will end up running malware. But the worst it can do to the "camera" chip is to show it some bad pictures. The "camera" chip is safe from compromise – in turn isolating the user’s endpoint device from any harm.
The result is a secure remote browsing technology that delivers the highest level of security, but at a price-performance level that beats conventional software-based remote browsing solutions.
A single Garrison SAVI® Isolation Appliance contains many hundreds of pairs of Arm® chips, supporting hundreds of concurrent sessions. And the appliances can be deployed locally on your site or used to provide a cloud-based service.
All the sessions can be consuming rich content, and all will receive a high quality near-native user experience. And the chip pairs – SAVI Nodes – are dynamically allocated to users when they need them, meaning that several hundred nodes in an appliance may be able to serve thousands of users (depending on usage patterns, naturally).
Of course, the web is not a passive medium: users need to be able to click and type in order to interact with websites. Mouse and keyboard commands are sent from the "camera" chip to the "tablet" chip via Garrison’s Hardware Security Enforcement Fabric (HSEF). The HSEF applies security controls at the hardware level to ensure that:
- the mouse and keyboard channel is unidirectional. Malware cannot attack via the HSEF
- the transmission of mouse and keyboard commands is rate limited. A malicious user trying to leak information is limited to human typing speed for that rate at which they can get information out
- an (optional) audit copy of every keyboard and mouse command can be output via the physically separate management and audit port for analysis and monitoring.
The result is bulletproof protection against bad stuff getting in, and massive levels of mitigation against good stuff getting out. Compare this with the challenges facing software solutions.
Software “remote browsing” solutions exist. But they typically run up against one or more of the following problems:
- Security. Some software solutions have only a thin veneer of isolation, which is easily penetrated in practice
- Usability. Some software solutions struggle with usability for interactive content and rich media
- Price/performance. Some software solutions solutions demand excessive processing or network capacity at scale, making long-term unaffordable.
Garrison SAVI® uses a strong convert to verifiable raw pixels security model. Implementing this security model in software is equivalent to traditional VDI technology, which struggles with price/performance at scale.
By using purpose-designed hardware, Garrison SAVI® can convert risky content to verifiable raw pixels at scale while maintaining an affordable price point. Garrison certainly delivers an exceptional level of security: but using hardware designed specifically to overcome the performance pain-points that plague other solutions means Garrison actually delivers a lower overall cost than less secure software solutions.