Next-Gen Platform to Secure Edge Workloads

Mainsail Metalvisor provides organizations an evolving and operationalized security platform for edge workloads that need to live beyond the trusted perimeter.  

Defend your edge workloads against sophisticated cyber attacks by utilizing separation enforced by security functions in hardware and protecting data in all forms; at-rest, in-transit, and in-use.



Hardware cost reducement



Reducement in security costs



More accurate workload right-sizing + consolidation

Introducing Bare-metal Performance with the Benefits of Virtualization

Confidential Compute

Full memory encryption with unique encryption keys for each VM. No refactoring or additional software needed

Zero Trust

Designed with processor-based Zero Trust at the silicon level. Meet & Exceed NIST 800-207

Stop Zero-Days

Active Response Capability ARC built-in to stop zero-days and other exploits/malware

Determinism & QoS

No Virtualization Tax/Overhead. Highest level of Determinism & QoS available on multicore processors today.

Why traditional hypervisors fall short

Security issues

Traditional hypervisors share hardware resources between VMs that can open workloads up to side-channel attacks (think Spectre, Meltdown). Attackers are moving lower in the stack to target BIOS, Firmware, and Hardware to avoid detection.
Attackers continue to find Side-Channel exploits on all processors (Intel, AMD, Arm)
Most virtualization platforms do nothing to secure Firmware or Enforce Secure Boot
Most virtualization platforms have no cryptographic protection of workloads or  insider threats

Performance issues

Traditional hypervisors can not guarantee quality of service and have trouble meeting performance requirements when under load. They also can not run latency-sensitive or real-time workloads due to interference on multi-core CPUs.
Traditional virtualization oversubscribe workloads and cannot meet performance requirements
Noisy neighbors can over-consume resources causing other VMs to slow down and timeout
Real-time and latency-sensitive workloads do not have the QoS guarantees they need

Cockpit & LibVirt Integration

Metalvisor aims to be simple to use and work with industry leading open source APIs. Metalvisor is based on Red Hat Enterprise Linux (RHEL) and is validated and certified with Red Hat Enterprise Linux. Metalvisor works with leading automation tools Ansible and Terraform.
Dashboard mockup

Hardware-based Isolation

Metalvisor Isolates & Dedicates Hardware to each VM.
Cores, Cache, Threads, Memory, PCIe, Network, Storage

Bare-metal Like Performance

Givies each VM the same performance profile as Bare-Metal

Guaranteed Quality of Service

Applications Automatically Get the Highest Determinism & QoS. Perfect for Edge Workloads; 5G, AL/ML, Low-Latency, SDR, SDWAN

Confidential Compute

All Memory Data from the CPU is AES Encrypted

Unique Encryption Keys

Each VM is Encrypted with Unique Key

Encrypted By Default

No Application Refactoring, SDKs, or Additional Software Needed

Immutable Workloads

Prevent Unauthorized Changes in Hardware & Software

Customer-Owned Keys

Lockdown Workloads with Customer-owned Encryption Keys

Insider Threat Protection

Only workload owners can make changes to workloads once deployed, regardless of enterprise admins

Zero-Day Protection

Metalvisor is constantly monitoring workloads for indicators of compromise IOC and able to stop threats even when no signatures are known

Active Response Capability ARC

Metalvisor is able to active responses to protect workloads when attacks are detected. This provides protection for workloads at the edge.

Side-Channel Protection

Metalvisor's hardware-based isolation and resource containment provides defense-in-depth against side-channel attacks.

Security & Performance

Metalvisor improves security and performance for modern Kubernetes edge workloads. Mainsail supports multiple reference architectures from todays leading Kubernetes providers.
Integration iconIntegration iconIntegration iconIntegration iconIntegration iconIntegration iconIntegration iconIntegration icon

Receive insight on the technical details of Metalvisor

Secure workloads at the edge while increasing performance. Consolidate real-time and lowlatency workloads on a TypeZero Hypervisor. Download our whitepaper to find out more.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Metalvisor Meets & Exceeds NIST
Zero Trust 800-207 policy, delivering advanced security today.

Metalvisor provides Zero Trust at the CPU level by using cryptographic verification of hardware, extending it to the runtime of applications. Metalvisor provides advanced security measures that meet and exceed the guidelines set forth by NIST 800-207 for Zero Trust.

This advanced level of security can provide peace of mind to the DOD and help to minimize the risk of security breaches, data loss, and other cyber threats.
NIST Zero Trust SP 800-207
DOD Zero Trust Guidance

Find out how Metalvisor can secure your data.

Get in contact

Secure data is important for everyone.

Get in contact
AFWERX STTR Award Ignites Mainsail Industries' Mission to Secure the Tactical Edge
Read about it from our CEO.