Resources

Learn More about Secure Edge Computing
USE CASES

Secure Edge Computing

No matter the industry, Metalvisor is able to provide security from the silicon up against advanced threats, unlike any solution before.
Mockup

DOD

Metalvisor is able to protect mission-critical applications, infrastructure, and data.
Mockup

Finance

Metalvisor brings advanced cyber & threat protection to  targeted financial workloads.
Mockup

Oil & Gas

Metalvisor protects edge workloads for oil & gas that are exposed to threats.
Mockup

Critical Infrastructure

Metalvisor can protect our Nation's most valuable and critical resources.
DoD

Department of Defense

Metalvisor is able to protect mission-critical applications, infrastructure, and data against advanced threats.
Company logoCompany logoCompany logoCompany logoCompany logo
Dashboard mockup

JADC2

JADC2 stands for Joint All-Domain Command and Control. It is a concept developed by the United States Department of Defense (DoD) to integrate all military domains (air, land, sea, space, cyber) into a single, unified network. The purpose of JADC2 is to improve situational awareness, decision-making, and mission execution across all domains of operation.The concept of JADC2 aims to provide the following benefits:

Interoperability: JADC2 aims to ensure that all military platforms and systems are interoperable and can seamlessly communicate with each other.
Information sharing: JADC2 aims to facilitate the sharing of information across all domains, allowing military commanders to make more informed decisions.
Rapid decision-making: JADC2 aims to enable faster decision-making by providing real-time situational awareness across all domains.

The goal of JADC2 is to create a more integrated and effective military force, capable of responding to threats across all domains of operation. AI/ML will play a major role where sensitive data and AI/ML workloads are secure from unauthorized access and tampering.

By using a solution that provides end-to-end security, the DoD can reduce the risk of data breaches and protect sensitive information. The DoD is subject to various regulations and standards that govern the use of AI and ML workloads. By using a solution that is designed to meet these requirements, the DoD can ensure that it is in compliance with applicable regulations and standards. The DoD needs to be able to run AI and ML workloads in a cost-effective manner, especially in remote locations where infrastructure may be limited. DoD needs a solution to securely run AI and ML workloads at the edge to support real-time decision-making, improve network connectivity, enhance data security, meet compliance requirements, and reduce costs.

Zero Trust

Metalvisor provides Zero Trust at the CPU level by using cryptographic verification of hardware, extending it to the runtime of applications. Metalvisor provides advanced security measures that meet and exceed the guidelines set forth by NIST 800-207 for Zero Trust. This high level of security helps protect the DOD against cyber threats by providing a secure environment for running critical applications and workloads.

The cryptographic verification of hardware helps to ensure the integrity of the system and the authenticity of the hardware, preventing any unauthorized access or tampering. This advanced level of security can provide peace of mind to the DOD and help to minimize the risk of security breaches, data loss, and other cyber threats.

Zero Trust
at the Edge

"Trust nothing, always verify" Metalvisor extends network-based ZT down to the silicon at the edge.

CPU-based
Zero Trust

Metalvisor is a TypeZero hypervisor that establishes cryptographic trust at the lowest level - at the CPU.
Dashboard mockup

Confidential Compute

Metalvisor provides confidential compute using multi-key total memory encryption on Intel CPUs. Metalvisor is a type 0 hypervisor, which protects compute workloads at the edge. This makes it ideal for use in edge computing environments, where data privacy is paramount. Metalvisor runs directly on the hardware, creating a secure environment for virtual machines. Sensitive data is protected from unauthorized access and data breaches.

One of the critical features of the Metalvisor is its use of multi-key total memory encryption. This means that all memory used by the virtual machines is encrypted. This provides a high level of security, as attackers cannot access the encrypted data even if they gain access to the physical device.Metalvisor also uses Intel's hardware-based encryption acceleration capabilities, providing better performance and security than software-based encryption.

The hardware-based encryption is sealed to the CPU, making it more difficult for attackers to access the encryption keys. This ensures that sensitive data is protected even if the virtual machine is compromised.Metalvisor uses unique encryption keys for each virtual machine (VM) to provide defense in depth against potential data breaches. Each VM has its own encryption key, which is used to encrypt its memory and stored data.

This provides an additional layer of security compared to traditional encryption methods, where a single key is used to encrypt all data.If a single VM is compromised, the attacker would only have access to the encrypted data of that VM and not the data of other VMs. This minimizes the damage that a single security breach can cause.

Full-Stack Data Encryption

Data is encrypted in all forms; at-rest, in-transit, in-use.

Unique Key Per-VM

Each VM gets encrypted with it's own unique encryption key. Providing workload owners workload assurance.
Dashboard mockup

Metalvisor has built-in Active Response Capabilities (ARC), which helps organizations to detect, respond to, and prevent cyber threats, including zero-day exploits. Metalvisor uses heuristic analysis to stop zero-day exploits and other cyber threats. Heuristic analysis is a method of detecting malicious activity by using patterns of behavior that are indicative of a threat. This allows Metalvisor to identify and respond to threats that security vendors have not yet known or documented.

Here's how Metalvisor uses heuristic analysis to stop zero-day exploits:

Zero-day exploits: A zero-day exploit is a type of cyber attack that takes advantage of vulnerabilities in software or hardware that are unknown to the vendor or the users. Metalvisor's ARC capabilities provide organizations with real-time visibility into workloads allowing them to detect and autonomously block threats quickly and effectively.

Real-time monitoring: Metalvisor monitors activity in real-time, allowing it to detect and respond to potential threats quickly. This enables Metalvisor to identify and stop zero-day exploits before they can cause harm.

Threat detection and response: Once Metalvisor has identified a potential threat, it can respond in a number of ways, including isolating the affected VM, block malicious activity, and provide detailed information about the threat.

Metalvisor's heuristic analysis capabilities help organizations to detect and respond to zero-day exploits and other cyber threats quickly and effectively, reducing the impact of cyber-attacks and improving their overall security posture.

Threat Protection & Active Response

Metalvisor has built-in Active Response Capabilities ARC, which helps organizations to detect, respond to, and prevent cyber threats, including zero-day exploits. Metalvisor uses heuristic analysis to stop zero-day exploits and other cyber threats. Heuristic analysis is a method of detecting malicious activity by using patterns of behavior that are indicative of a threat. This allows Metalvisor to identify and respond to threats that security vendors have not yet known or documented.

Here's how Metalvisor uses heuristic analysis to stop zero-day exploits:

Zero-day exploits: A zero-day exploit is a type of cyber attack that takes advantage of vulnerabilities in software or hardware that are unknown to the vendor or the users. Metalvisor's ARC capabilities provide organizations with real-time visibility into endpoints allowing them to detect and autonomously respond to threats quickly and effectively.
Real-time monitoring: Metalvisor monitors endpoint activity in real-time, allowing it to detect and respond to potential threats quickly. This enables Metalvisor to identify and stop zero-day exploits before they can cause harm.
Threat detection and response: Once Metalvisor has identified a potential threat, it can respond in a number of ways, including isolating the affected endpoint, blocking malicious activity, and providing detailed information about the threat.

Metalvisor's heuristic analysis capabilities help organizations to detect and respond to zero-day exploits and other cyber threats quickly and effectively, reducing the impact of cyber-attacks and improving their overall security posture.

Bare-metal Performance

Metalvisor provides bare-metal-like performance by leveraging Metalvisor's Type-0 hypervisor operating under the operating system. The Metalvisor hypervisor is launched from the firmware UEFI, providing a trusted and secure foundation for virtualized workloads. This architecture enables Metalvisor to provide new levels of determinism and Quality of Service (QoS) for workloads, just like bare-metal, but with the added benefits of virtualization. The Metalvisor hypervisor provides hardware-level virtualization, which offers improved performance and resource management, allowing for more efficient use of system resources and better performance for workloads. By providing a more secure, reliable, and performant virtualization layer, Metalvisor enables customers to run their workloads with confidence, even in demanding edge environments.

Modern Workloads

Metalvisor provides support for running modern workloads, including Kubernetes, OpenShift, Rancher, and other Kubernetes platforms. This is achieved through the integration of Metalvisor, which is a type-0 hypervisor that operates below the operating system. The combination of Metalvisor's advanced security features provides a secure and robust platform for running modern workloads at the edge, ensuring that the workloads are protected against both cyber threats and physical threats. Additionally, Metalvisor's support for Kubernetes platforms and other modern workloads provides customers with a flexible and scalable solution that can meet their changing needs as their workloads evolve over time.

Zero-Day
Threat Protection

Metalvisor has always on threat protection and can take active response to threats.

Secure Modern
Workloads

Metalvisor makes modern containerized workloads more performant and secure.
Dashboard mockup
Finance

Secure Edge Finance

Metalvisor brings advanced cyber & threat protection to financial workloads. Ensure workloads meet & exceed performance requirements.
Dashboard mockup

Secure edge computing refers to the practice of processing data and running applications at the edge of a network, close to where the data is being generated.

This approach can offer several benefits to the finance industry:

Enhanced Security:
Secure edge computing can provide enhanced security by keeping sensitive data closer to the source and reducing the need for data to be transmitted across a network. This can help prevent data breachesImproved Performance: By processing data at the edge of a network, secure edge computing can significantly improve performance. 
Improved Analytics: Secure edge computing can provide real-time access to data, enabling finance professionals to perform faster and more accurate analytics. This can help them make more informed decisions and gain a competitive edge.
Better Customer Experience: Secure edge computing can provide a better customer experience by enabling faster and more personalized services. For example, secure edge computing can enable banks to provide real-time fraud detection and prevention, improving the customer experience and reducing financial losses.

Secure edge computing can provide significant benefits to the finance industry, including enhanced security, improved performance, cost savings, better analytics, and a better customer experience. By leveraging this approach, finance professionals can gain a competitive edge and better serve their customers.

AI for Finance

Artificial Intelligence (AI) has the potential to transform the finance industry, especially at the edge, where financial transactions take place. By analyzing large amounts of data in real-time, AI can help financial institutions make better decisions, reduce risks, and improve customer experience.

Here are some ways AI can improve finance at the edge:

Fraud detection: AI can help financial institutions detect fraud at the edge by analyzing data patterns in real-time. AI can identify suspicious transactions, analyze user behavior, and detect anomalies. This can help financial institutions prevent fraud before it happens and reduce losses.
Personalized services: AI can help financial institutions offer personalized services to customers at the edge. AI algorithms can analyze customer data and provide customized investment advice, credit options, and insurance products based on the customer's financial history and behavior.
Risk management: AI can help financial institutions manage risk at the edge by analyzing real-time market data and predicting future trends. AI algorithms can identify potential risks and suggest risk management strategies that can help reduce financial losses.
Automation: AI can help financial institutions automate repetitive tasks at the edge, such as account opening, loan processing, and investment management. This can free up resources, reduce operational costs, and improve efficiency.
Customer service: AI can help financial institutions provide better customer service at the edge by analyzing customer data and providing personalized recommendations. Chatbots powered by AI can assist customers in real-time, answer their queries, and provide support around the clock.
Portfolio management: AI can help financial institutions manage portfolios at the edge by analyzing market data and suggesting investment strategies. AI algorithms can provide real-time insights into the performance of a portfolio, identify areas of improvement, and suggest investment opportunities.

AI has the potential to revolutionize the finance industry at the edge. By leveraging the power of AI, financial institutions can improve their decision-making, reduce risks, and provide better customer experiences. As AI technology continues to evolve, we can expect to see more innovative solutions that will transform the finance industry.

Edge computing for finance has many benefits but workloads will need to enable even more advanced security protections for workloads at the edge.

Zero Trust is an important security concept that assumes that every user, device, and network component is potentially hostile, and should not be trusted until proven otherwise. In the context of finance workloads at the edge, zero trust is essential because it provides a strong security framework to protect sensitive financial data and prevent cyber-attacks.

Here are some reasons why zero trust is important for finance workloads at the edge:

Protects sensitive data: Zero trust helps protect sensitive financial data, such as customer financial information, transaction data, and personal identifying information (PII). By implementing zero trust, financial institutions can ensure that only authorized users and devices can access this data.
Prevents lateral movement: Zero trust can prevent lateral movement of cyber-attacks across the network. By implementing access controls and continuous monitoring, zero trust can limit the damage caused by a compromised device or user.
Provides granular access controls: Zero trust provides granular access controls, which allow financial institutions to restrict access to specific resources or applications based on user roles and permissions. This helps prevent unauthorized access to sensitive data and reduces the risk of data breaches.
Enables continuous monitoring: Zero trust enables continuous monitoring of network traffic, user behavior, and device activity. This helps financial institutions detect and respond to threats in real-time, reducing the risk of successful cyber-attacks.
Supports compliance: Zero trust can help financial institutions comply with regulatory requirements, such as the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS). By implementing access controls, data encryption, and continuous monitoring, financial institutions can ensure that they are meeting regulatory requirements.

Zero Trust is an essential security concept for finance workloads at the edge. By implementing zero trust, financial institutions can protect sensitive financial data, prevent cyber-attacks, and comply with regulatory requirements. As the financial industry becomes more digitized and the edge continues to expand, zero trust will become even more important in ensuring the security and integrity of financial transactions.

Metalvisor is a security solution that provides zero trust at the CPU level. It is designed to protect against advanced cyber threats, such as rootkits, malware, and zero-day attacks. Metalvisor uses hardware-based virtualization to create a secure, isolated environment at the CPU level, which allows it to protect against attacks that bypass traditional security measures. 

Here is how Metalvisor provides zero trust at the CPU level:

Zero Trust Architecture: Metalvisor follows a zero trust architecture, which assumes that all devices and workloads are potentially hostile. This means that Metalvisor does not rely on traditional security measures, such as only role-based access controls, Metalvisor uses customer-owned encryption keys to sign and lockdown workloads in addition to enterprise access controls. 
Hardware-based Isolation: Metalvisor uses hardware-based virtualization to create an isolated environment at the CPU level. This ensures that each workload is separated from other workloads and the underlying host system, preventing attackers from accessing or tampering with other workloads.
Memory & Device Isolation: Metalvisor isolates memory and devices at the hardware-level, preventing attackers from accessing or modifying sensitive data. Metalvisor uses a combination of hardware and software-based techniques to ensure that memory and devices are properly isolated.
Continuous Monitoring: Metalvisor provides continuous monitoring of workloads for indicators of compromise IOCs and cyber attacks. This allows Metalvisor to detect and respond to threats in real-time, reducing the risk of successful attacks.

Metalvisor provides zero trust at the CPU level by creating an isolated environment that is protected against advanced cyber threats. Metalvisor's use of hardware-based virtualization, memory and device isolation, and continuous monitoring makes it an effective solution for protecting against advanced cyber threats. By providing zero trust at the CPU level, Metalvisor can protect against attacks that bypass traditional security measures, providing enhanced security for critical workloads and systems.

Zero Trust
at the Edge

"Trust nothing, always verify" Metalvisor extends network-based ZT down to the silicon at the edge.

CPU-based
Zero Trust

Metalvisor is a TypeZero hypervisor that establishes cryptographic trust at the lowest level - at the CPU.
Dashboard mockup

Confidential Compute

Confidential computing is a technology that protects data and computations in-use, while they are being processed. It provides an isolated and secure environment for data processing and can be used to protect AI and ML models at the edge. Confidential computing uses hardware-based security features, such as secure enclaves, to isolate sensitive data and computations and prevent unauthorized access or tampering.

Here's how confidential computing can help protect Sensitive Data & AI/ML models at the edge:

Data privacy: Confidential computing ensures that sensitive data, such as personal or financial information, is protected from unauthorized access or tampering, even when it is being processed by AI or ML models.
Model protection: Confidential computing can protect AI and ML models from reverse engineering, tampering, or theft. This is important for organizations that have invested in developing proprietary models and do not want to risk their intellectual property being compromised.
Compliance: Confidential computing can help organizations meet regulations and standards, such as GDPR, that require the protection of sensitive data.
Improved performance: By processing data and computations in a secure and isolated environment, confidential computing can help improve the performance of AI and ML models by reducing the overhead of encryption and decryption.

Confidential computing provides an essential layer of security for sensitive data and computations and helping organizations to meet regulatory requirements while improving performance and protecting intellectual property.

Metalvisor provides confidential compute using multi-key total memory encryption on Intel CPUs. Metalvisor is a type 0 hypervisor, which protects compute workloads at the edge. This makes it ideal for use in edge computing environments, where data privacy is paramount. Metalvisor runs directly on the hardware, creating a secure environment for virtual machines. Sensitive data is protected from unauthorized access and data breaches.

One of the critical features of the Metalvisor is its use of multi-key total memory encryption. This means that all memory used by the virtual machines is encrypted. This provides a high level of security, as attackers cannot access the encrypted data even if they gain access to the physical device.Metalvisor also uses Intel's hardware-based encryption acceleration capabilities, providing better performance and security than software-based encryption.

The hardware-based encryption is sealed to the CPU, making it more difficult for attackers to access the encryption keys. This ensures that sensitive data is protected even if the virtual machine is compromised.Metalvisor uses unique encryption keys for each virtual machine (VM) to provide defense in depth against potential data breaches. Each VM has its own encryption key, which is used to encrypt its memory and stored data.

This provides an additional layer of security compared to traditional encryption methods, where a single key is used to encrypt all data.If a single VM is compromised, the attacker would only have access to the encrypted data of that VM and not the data of other VMs. This minimizes the damage that a single security breach can cause.

Full-Stack Data Encryption

Data is encrypted in all forms; at-rest, in-transit, in-use.

Unique Key Per-VM

Each VM gets encrypted with it's own unique encryption key. Providing workload owners workload assurance.
Dashboard mockup

Threat Protection & Active Response

Metalvisor has built-in Active Response Capabilities ARC, which helps organizations to detect, respond to, and prevent cyber threats, including zero-day exploits. Metalvisor uses heuristic analysis to stop zero-day exploits and other cyber threats. Heuristic analysis is a method of detecting malicious activity by using patterns of behavior that are indicative of a threat. This allows Metalvisor to identify and respond to threats that security vendors have not yet known or documented.

Here's how Metalvisor uses heuristic analysis to stop zero-day exploits:

Zero-day exploits: A zero-day exploit is a type of cyber attack that takes advantage of vulnerabilities in software or hardware that are unknown to the vendor or the users. Metalvisor's ARC capabilities provide organizations with real-time visibility into endpoints allowing them to detect and autonomously respond to threats quickly and effectively.
Real-time monitoring: Metalvisor monitors endpoint activity in real-time, allowing it to detect and respond to potential threats quickly. This enables Metalvisor to identify and stop zero-day exploits before they can cause harm.
Threat detection and response: Once Metalvisor has identified a potential threat, it can respond in a number of ways, including isolating the affected endpoint, blocking malicious activity, and providing detailed information about the threat.

Metalvisor's heuristic analysis capabilities help organizations to detect and respond to zero-day exploits and other cyber threats quickly and effectively, reducing the impact of cyber-attacks and improving their overall security posture.

Bare-metal Performance

Metalvisor provides bare-metal-like performance by leveraging Metalvisor's Type-0 hypervisor operating under the operating system. The Metalvisor hypervisor is launched from the firmware UEFI, providing a trusted and secure foundation for virtualized workloads. This architecture enables Metalvisor to provide new levels of determinism and Quality of Service (QoS) for workloads, just like bare-metal, but with the added benefits of virtualization. The Metalvisor hypervisor provides hardware-level virtualization, which offers improved performance and resource management, allowing for more efficient use of system resources and better performance for workloads. By providing a more secure, reliable, and performant virtualization layer, Metalvisor enables customers to run their workloads with confidence, even in demanding edge environments.

Modern Workloads

Metalvisor provides support for running modern workloads, including Kubernetes, OpenShift, Rancher, and other Kubernetes platforms. This is achieved through the integration of Metalvisor, which is a type-0 hypervisor that operates below the operating system. The combination of Metalvisor's advanced security features provides a secure and robust platform for running modern workloads at the edge, ensuring that the workloads are protected against both cyber threats and physical threats. Additionally, Metalvisor's support for Kubernetes platforms and other modern workloads provides customers with a flexible and scalable solution that can meet their changing needs as their workloads evolve over time.

Zero-Day
Threat Protection

Metalvisor has always on threat protection and can take active response to threats.

Secure Modern
Workloads

Metalvisor makes modern containerized workloads more performant and secure.
Dashboard mockup
Oil & Gas

Secure Edge Oil & Gas

Metalvisor protects edge workloads for oil & gas that are exposed to threats at the edge and outside the data center.
Dashboard mockup

The oil and gas industry is an essential sector that plays a crucial role in the global economy. However, this industry is also highly vulnerable to cyber threats due to the critical nature of its operations, reliance on technology, and the significant financial resources it controls. Cyber threats to the oil and gas industry can take various forms, including:

Cyber-attacks on Operational Technology (OT) systems:
OT systems are used by oil and gas companies to control and monitor critical infrastructure, such as pipelines, refineries, and drilling platforms. A successful cyber-attack on these systems can cause significant damage, including spills, explosions, or other dangerous situations.
Malware attacks: Oil and gas companies are frequently targeted by malware attacks, such as ransomware, which can encrypt critical data and demand payment for decryption. Malware can also be used to steal sensitive information, such as intellectual property, trade secrets, and financial data.
Social engineering attacks: Cybercriminals can use social engineering tactics, such as phishing and spear-phishing, to trick employees into revealing sensitive information or providing access to company systems. These attacks can be challenging to detect and can compromise sensitive data.
Insider threats: Insider threats are one of the most significant cyber threats to the oil and gas industry. Employees or contractors with access to critical systems can intentionally or unintentionally cause damage or steal sensitive data.
Supply chain attacks: The oil and gas industry relies on a complex supply chain, making it vulnerable to supply chain attacks. Attackers can compromise suppliers' systems and gain access to critical data or inject malware into the supply chain, compromising the entire system.
Internet of Things (IoT) attacks: IoT devices are increasingly being used in the oil and gas industry to monitor and control equipment. However, these devices can also be used as entry points for cyber-attacks, compromising the entire system.

The consequences of a successful cyber-attack on the oil and gas industry can be severe. A cyber-attack can cause significant damage to infrastructure, endanger lives, and disrupt the global economy. In addition, a successful attack can result in the loss of sensitive information, financial loss, and damage to the company's reputation.

To mitigate these cyber threats, oil and gas companies need to implement robust cybersecurity measures. These measures include regular security assessments, employee training, access control, and incident response planning. Companies should also use advanced technologies, such as artificial intelligence and machine learning, to identify and respond to threats quickly. By implementing these measures, oil and gas companies can reduce their cyber risk and protect their critical operations.

Zero Trust is an essential security concept for oil and gas workloads at the edge. By implementing zero trust, oil and gas can protect sensitive data, prevent cyber-attacks, and comply with regulatory requirements. As the oil and gas industry becomes more digitized and the edge continues to expand, zero trust will become even more important in ensuring the security and integrity of oil and gas infrastructure.

Metalvisor is a security solution that provides zero trust at the CPU level. It is designed to protect against advanced cyber threats, such as rootkits, malware, and zero-day attacks. Metalvisor uses hardware-based virtualization to create a secure, isolated environment at the CPU level, which allows it to protect against attacks that bypass traditional security measures. 

Here is how Metalvisor provides zero trust at the CPU level:

Zero Trust Architecture: Metalvisor follows a zero trust architecture, which assumes that all devices and workloads are potentially hostile. This means that Metalvisor does not rely on traditional security measures, such as only role-based access controls, Metalvisor uses customer-owned encryption keys to sign and lockdown workloads in addition to enterprise access controls. 
Hardware-based Isolation: Metalvisor uses hardware-based virtualization to create an isolated environment at the CPU level. This ensures that each workload is separated from other workloads and the underlying host system, preventing attackers from accessing or tampering with other workloads.
Memory & Device Isolation: Metalvisor isolates memory and devices at the hardware-level, preventing attackers from accessing or modifying sensitive data. Metalvisor uses a combination of hardware and software-based techniques to ensure that memory and devices are properly isolated.
Continuous Monitoring: Metalvisor provides continuous monitoring of workloads for indicators of compromise IOCs and cyber attacks. This allows Metalvisor to detect and respond to threats in real-time, reducing the risk of successful attacks.

Metalvisor provides zero trust at the CPU level by creating an isolated environment that is protected against advanced cyber threats. Metalvisor's use of hardware-based virtualization, memory and device isolation, and continuous monitoring makes it an effective solution for protecting against advanced cyber threats. By providing zero trust at the CPU level, Metalvisor can protect against attacks that bypass traditional security measures, providing enhanced security for critical workloads and systems. Metalvisor is a powerful security solution that can help secure workloads at the edge for the oil and gas industry.

Zero Trust
at the Edge

"Trust nothing, always verify" Metalvisor extends network-based ZT down to the silicon at the edge.

CPU-based
Zero Trust

Metalvisor is a TypeZero hypervisor that establishes cryptographic trust at the lowest level - at the CPU.
Dashboard mockup

Confidential Compute

Confidential computing is a technology that protects data and computations in-use, while they are being processed. It provides an isolated and secure environment for data processing and can be used to protect AI and ML models at the edge. Confidential computing uses hardware-based security features, such as secure enclaves, to isolate sensitive data and computations and prevent unauthorized access or tampering.

Here's how confidential computing can help protect Sensitive Data & AI/ML models at the edge:

Data privacy: Confidential computing ensures that sensitive data, such as personal or financial information, is protected from unauthorized access or tampering, even when it is being processed by AI or ML models.
Model protection: Confidential computing can protect AI and ML models from reverse engineering, tampering, or theft. This is important for organizations that have invested in developing proprietary models and do not want to risk their intellectual property being compromised.
Compliance: Confidential computing can help organizations meet regulations and standards, such as GDPR, that require the protection of sensitive data.
Improved performance: By processing data and computations in a secure and isolated environment, confidential computing can help improve the performance of AI and ML models by reducing the overhead of encryption and decryption.

Confidential computing provides an essential layer of security for sensitive data and computations and helping organizations to meet regulatory requirements while improving performance and protecting intellectual property.

Metalvisor provides confidential compute using multi-key total memory encryption on Intel CPUs. Metalvisor is a type 0 hypervisor, which protects compute workloads at the edge. This makes it ideal for use in edge computing environments, where data privacy is paramount. Metalvisor runs directly on the hardware, creating a secure environment for virtual machines. Sensitive data is protected from unauthorized access and data breaches.

One of the critical features of the Metalvisor is its use of multi-key total memory encryption. This means that all memory used by the virtual machines is encrypted. This provides a high level of security, as attackers cannot access the encrypted data even if they gain access to the physical device.Metalvisor also uses Intel's hardware-based encryption acceleration capabilities, providing better performance and security than software-based encryption.

The hardware-based encryption is sealed to the CPU, making it more difficult for attackers to access the encryption keys. This ensures that sensitive data is protected even if the virtual machine is compromised.Metalvisor uses unique encryption keys for each virtual machine (VM) to provide defense in depth against potential data breaches. Each VM has its own encryption key, which is used to encrypt its memory and stored data.

This provides an additional layer of security compared to traditional encryption methods, where a single key is used to encrypt all data.If a single VM is compromised, the attacker would only have access to the encrypted data of that VM and not the data of other VMs. This minimizes the damage that a single security breach can cause.

Full-Stack Data Encryption

Data is encrypted in all forms; at-rest, in-transit, in-use.

Unique Key Per-VM

Each VM gets encrypted with it's own unique encryption key. Providing workload owners workload assurance.
Dashboard mockup

Threat Protection & Active Response

Metalvisor has built-in Active Response Capabilities ARC, which helps organizations to detect, respond to, and prevent cyber threats, including zero-day exploits. Metalvisor uses heuristic analysis to stop zero-day exploits and other cyber threats. Heuristic analysis is a method of detecting malicious activity by using patterns of behavior that are indicative of a threat. This allows Metalvisor to identify and respond to threats that security vendors have not yet known or documented.

Here's how Metalvisor uses heuristic analysis to stop zero-day exploits:

Zero-day exploits: A zero-day exploit is a type of cyber attack that takes advantage of vulnerabilities in software or hardware that are unknown to the vendor or the users. Metalvisor's ARC capabilities provide organizations with real-time visibility into endpoints allowing them to detect and autonomously respond to threats quickly and effectively.
Real-time monitoring: Metalvisor monitors endpoint activity in real-time, allowing it to detect and respond to potential threats quickly. This enables Metalvisor to identify and stop zero-day exploits before they can cause harm.
Threat detection and response: Once Metalvisor has identified a potential threat, it can respond in a number of ways, including isolating the affected endpoint, blocking malicious activity, and providing detailed information about the threat.

Metalvisor's heuristic analysis capabilities help organizations to detect and respond to zero-day exploits and other cyber threats quickly and effectively, reducing the impact of cyber-attacks and improving their overall security posture.

Bare-metal Performance

Metalvisor provides bare-metal-like performance by leveraging Metalvisor's Type-0 hypervisor operating under the operating system. The Metalvisor hypervisor is launched from the firmware UEFI, providing a trusted and secure foundation for virtualized workloads. This architecture enables Metalvisor to provide new levels of determinism and Quality of Service (QoS) for workloads, just like bare-metal, but with the added benefits of virtualization. The Metalvisor hypervisor provides hardware-level virtualization, which offers improved performance and resource management, allowing for more efficient use of system resources and better performance for workloads. By providing a more secure, reliable, and performant virtualization layer, Metalvisor enables customers to run their workloads with confidence, even in demanding edge environments.

Modern Workloads

Metalvisor provides support for running modern workloads, including Kubernetes, OpenShift, Rancher, and other Kubernetes platforms. This is achieved through the integration of Metalvisor, which is a type-0 hypervisor that operates below the operating system. The combination of Metalvisor's advanced security features provides a secure and robust platform for running modern workloads at the edge, ensuring that the workloads are protected against both cyber threats and physical threats. Additionally, Metalvisor's support for Kubernetes platforms and other modern workloads provides customers with a flexible and scalable solution that can meet their changing needs as their workloads evolve over time.

Zero-Day
Threat Protection

Metalvisor has always on threat protection and can take active response to threats.

Secure Modern
Workloads

Metalvisor makes modern containerized workloads more performant and secure.
Dashboard mockup
Critical Infrastructure

Secure Edge Critical Infrastructure

Metalvisor can protect our Nation's most valuable and critical resources against advanced cyber threats.
Dashboard mockup

Critical infrastructure is the systems and assets essential to the functioning of a society and its economy, such as power grids, water supply systems, transportation networks, and communication systems.

The critical infrastructure industry faces numerous cyber threats that can cause significant disruptions, including:

Advanced persistent threats (APTs): APTs are sophisticated cyber-attacks that are designed to gain access to critical infrastructure systems and remain undetected for long periods. APTs often target the supply chain of critical infrastructure providers to gain access to their networks.
Ransomware attacks: Ransomware is a type of malware that encrypts data and demands payment in exchange for the decryption key. Ransomware attacks on critical infrastructure can cause significant disruptions and financial losses.
Insider threats: Insider threats can be intentional or unintentional, but both types can cause significant damage to critical infrastructure systems. Malicious insiders can use their access to cause harm, while unintentional insider threats can result from human error or lack of cybersecurity training.
DDoS attacks: Distributed Denial of Service (DDoS) attacks involve overwhelming a website or system with traffic to cause it to crash or become unavailable. DDoS attacks can be used to disrupt critical infrastructure systems and services, causing significant disruptions.
Supply chain attacks: Supply chain attacks involve compromising the systems or networks of third-party suppliers to gain access to the target's network. Supply chain attacks are becoming increasingly common in the critical infrastructure industry, where many organizations rely on external vendors and contractors.
IoT attacks: The Internet of Things (IoT) is becoming increasingly prevalent in critical infrastructure systems, such as smart grids and transportation networks. However, IoT devices can also be vulnerable to cyber-attacks, and compromised devices can be used as entry points into the system.

The consequences of a successful cyber-attack on critical infrastructure can be severe, including loss of life, significant economic damage, and disruption of essential services. To mitigate these threats, critical infrastructure organizations need to implement robust cybersecurity measures, including regular vulnerability assessments, employee training, access control, and incident response planning. Organizations should also use advanced technologies, such as artificial intelligence and advanced security, to identify and respond to threats quickly. By implementing these measures, critical infrastructure organizations can reduce their cyber risk and protect essential systems and services.

Zero Trust is an essential security concept for critical infrastructure workloads at the edge. By implementing zero trust, critical infrastructure can protect sensitive data, prevent cyber-attacks, and comply with regulatory requirements. As the critical infrastructure industry becomes more digitized and the edge continues to expand, zero trust will become even more important in ensuring the security and integrity of critical infrastructure.

Metalvisor is a security solution that provides zero trust at the CPU level. It is designed to protect against advanced cyber threats, such as rootkits, malware, and zero-day attacks. Metalvisor uses hardware-based virtualization to create a secure, isolated environment at the CPU level, which allows it to protect against attacks that bypass traditional security measures. 

Here is how Metalvisor provides zero trust at the CPU level:

Zero Trust Architecture: Metalvisor follows a zero trust architecture, which assumes that all devices and workloads are potentially hostile. This means that Metalvisor does not rely on traditional security measures, such as only role-based access controls, Metalvisor uses customer-owned encryption keys to sign and lockdown workloads in addition to enterprise access controls. 
Hardware-based Isolation: Metalvisor uses hardware-based virtualization to create an isolated environment at the CPU level. This ensures that each workload is separated from other workloads and the underlying host system, preventing attackers from accessing or tampering with other workloads.
Memory & Device Isolation: Metalvisor isolates memory and devices at the hardware-level, preventing attackers from accessing or modifying sensitive data. Metalvisor uses a combination of hardware and software-based techniques to ensure that memory and devices are properly isolated.
Continuous Monitoring: Metalvisor provides continuous monitoring of workloads for indicators of compromise IOCs and cyber attacks. This allows Metalvisor to detect and respond to threats in real-time, reducing the risk of successful attacks.

Metalvisor provides zero trust at the CPU level by creating an isolated environment that is protected against advanced cyber threats. Metalvisor's use of hardware-based virtualization, memory and device isolation, and continuous monitoring makes it an effective solution for protecting against advanced cyber threats. By providing zero trust at the CPU level, Metalvisor can protect against attacks that bypass traditional security measures, providing enhanced security for critical workloads and systems. Metalvisor is a powerful security solution that can help secure workloads at the edge for the oil and gas industry.

Zero Trust
at the Edge

"Trust nothing, always verify" Metalvisor extends network-based ZT down to the silicon at the edge.

CPU-based
Zero Trust

Metalvisor is a TypeZero hypervisor that establishes cryptographic trust at the lowest level - at the CPU.
Dashboard mockup

Confidential Compute

Confidential computing is a technology that protects data and computations in-use, while they are being processed. It provides an isolated and secure environment for data processing and can be used to protect AI and ML models at the edge. Confidential computing uses hardware-based security features, such as secure enclaves, to isolate sensitive data and computations and prevent unauthorized access or tampering.

Here's how confidential computing can help protect Sensitive Data & AI/ML models at the edge:

Data privacy: Confidential computing ensures that sensitive data, such as personal or financial information, is protected from unauthorized access or tampering, even when it is being processed by AI or ML models.
Model protection: Confidential computing can protect AI and ML models from reverse engineering, tampering, or theft. This is important for organizations that have invested in developing proprietary models and do not want to risk their intellectual property being compromised.
Compliance: Confidential computing can help organizations meet regulations and standards, such as GDPR, that require the protection of sensitive data.
Improved performance: By processing data and computations in a secure and isolated environment, confidential computing can help improve the performance of AI and ML models by reducing the overhead of encryption and decryption.

Confidential computing provides an essential layer of security for sensitive data and computations and helping organizations to meet regulatory requirements while improving performance and protecting intellectual property.

Metalvisor provides confidential compute using multi-key total memory encryption on Intel CPUs. Metalvisor is a type 0 hypervisor, which protects compute workloads at the edge. This makes it ideal for use in edge computing environments, where data privacy is paramount. Metalvisor runs directly on the hardware, creating a secure environment for virtual machines. Sensitive data is protected from unauthorized access and data breaches.

One of the critical features of the Metalvisor is its use of multi-key total memory encryption. This means that all memory used by the virtual machines is encrypted. This provides a high level of security, as attackers cannot access the encrypted data even if they gain access to the physical device.Metalvisor also uses Intel's hardware-based encryption acceleration capabilities, providing better performance and security than software-based encryption.

The hardware-based encryption is sealed to the CPU, making it more difficult for attackers to access the encryption keys. This ensures that sensitive data is protected even if the virtual machine is compromised.Metalvisor uses unique encryption keys for each virtual machine (VM) to provide defense in depth against potential data breaches. Each VM has its own encryption key, which is used to encrypt its memory and stored data.

This provides an additional layer of security compared to traditional encryption methods, where a single key is used to encrypt all data.If a single VM is compromised, the attacker would only have access to the encrypted data of that VM and not the data of other VMs. This minimizes the damage that a single security breach can cause.

Full-Stack Data Encryption

Data is encrypted in all forms; at-rest, in-transit, in-use.

Unique Key Per-VM

Each VM gets encrypted with it's own unique encryption key. Providing workload owners workload assurance.
Dashboard mockup

Threat Protection & Active Response

Metalvisor has built-in Active Response Capabilities ARC, which helps organizations to detect, respond to, and prevent cyber threats, including zero-day exploits. Metalvisor uses heuristic analysis to stop zero-day exploits and other cyber threats. Heuristic analysis is a method of detecting malicious activity by using patterns of behavior that are indicative of a threat. This allows Metalvisor to identify and respond to threats that security vendors have not yet known or documented.

Here's how Metalvisor uses heuristic analysis to stop zero-day exploits:

Zero-day exploits: A zero-day exploit is a type of cyber attack that takes advantage of vulnerabilities in software or hardware that are unknown to the vendor or the users. Metalvisor's ARC capabilities provide organizations with real-time visibility into endpoints allowing them to detect and autonomously respond to threats quickly and effectively.
Real-time monitoring: Metalvisor monitors endpoint activity in real-time, allowing it to detect and respond to potential threats quickly. This enables Metalvisor to identify and stop zero-day exploits before they can cause harm.
Threat detection and response: Once Metalvisor has identified a potential threat, it can respond in a number of ways, including isolating the affected endpoint, blocking malicious activity, and providing detailed information about the threat.

Metalvisor's heuristic analysis capabilities help organizations to detect and respond to zero-day exploits and other cyber threats quickly and effectively, reducing the impact of cyber-attacks and improving their overall security posture.

Bare-metal Performance

Metalvisor provides bare-metal-like performance by leveraging Metalvisor's Type-0 hypervisor operating under the operating system. The Metalvisor hypervisor is launched from the firmware UEFI, providing a trusted and secure foundation for virtualized workloads. This architecture enables Metalvisor to provide new levels of determinism and Quality of Service (QoS) for workloads, just like bare-metal, but with the added benefits of virtualization. The Metalvisor hypervisor provides hardware-level virtualization, which offers improved performance and resource management, allowing for more efficient use of system resources and better performance for workloads. By providing a more secure, reliable, and performant virtualization layer, Metalvisor enables customers to run their workloads with confidence, even in demanding edge environments.

Modern Workloads

Metalvisor provides support for running modern workloads, including Kubernetes, OpenShift, Rancher, and other Kubernetes platforms. This is achieved through the integration of Metalvisor, which is a type-0 hypervisor that operates below the operating system. The combination of Metalvisor's advanced security features provides a secure and robust platform for running modern workloads at the edge, ensuring that the workloads are protected against both cyber threats and physical threats. Additionally, Metalvisor's support for Kubernetes platforms and other modern workloads provides customers with a flexible and scalable solution that can meet their changing needs as their workloads evolve over time.

Zero-Day
Threat Protection

Metalvisor has always on threat protection and can take active response to threats.

Secure Modern
Workloads

Metalvisor makes modern containerized workloads more performant and secure.
Dashboard mockup
Metalvisor

TypeZero Hypervisor

Metalvisor, as a TypeZero hypervisor, Has no orchestration layer at the virtual machine (VM) layer and has no oversubscription. This is very different from Type 1 & 2 hypervisors.

Remove Virtualization Overhead / Tax

The virtualization tax/overhead is removed, and workloads can utilize close to 100% of the hardware.  

Bare-Metal Performance

Metalvisor does not share hardware between VMs. This gives guest VMs the same profile as bare-metal and also how we got the name Metalvisor.
Dashboard mockup

Quality of Service

Metalvisor Isolates & Dedicates Hardware to each VM; Cores, Cache, Threads, Memory, PCIe, Network, Storage

No Noisy Neighbors

Metalvisor removes 100% of the Noisy Neighbor issues that present on traditional virtualization that cause poor performance and QoS.

High Determinism

Workloads have execution cycles the same as the previous one, resulting in dependable & interference free compute environment.

Configurable Cache Ways

Workloads can dial up or down the levels of cache ways assigned to each VM resulting in configurable QoS.
Credit card mockups
Metalvisor

Architecture

Metalvisor is based on Red Hat Enterprise Linux and can be deployed on bare metal from many different OEMs. Metalvisor is launched from firmware/UEFI layer and is as close to the metal as possible.

Orchestration Domain

The Orchestration Domain (OD) is a RHEL VM instance used to work with LibVirt to start/stop VMs and other VM related functions. The OD also uses Cockpit (open source web interface) for managing workloads.

Active Response Capability (ARC)

Metalvisor uses a bare metal application to enforce policy across VMs, known as active response capability (ARC). ARC ensures things like secure boot, cryptography, software exploit, and hardware protection are enforced.
Dashboard mockup

Introducing Bare-metal Performance with the Benefits of Virtualization

Confidential Compute

Full memory encryption with unique encryption keys for each VM. No refactoring or additional software needed

Zero Trust

Designed with processor-based Zero Trust at the silicon level. Meet & Exceed NIST 800-207

Stop Zero-Days

Active Response Capability ARC built-in to stop zero-days and other exploits/malware

Determinism & QoS

No Virtualization Tax/Overhead. Highest level of Determinism & QoS available on multicore processors today.
Red Hat & Mainsail

Red Hat OpenShift

Red Hat OpenShift (OpenShift) is a Kubernetes container based application platform that includes an enterprise-grade Linux operating system, container runtime, networking, monitoring, registry, and authentication and authorization solutions. Mainsail’s Metalvisor brings hardware-based isolation to OpenShift ensuring separation between workloads and higher quality of service.
Solution Brief
Company logoCompany logo
Dashboard mockup
IBM & Mainsail

Falcon Tactical Edge

Mainsail Falcon Tactical Edge (FTE) delivers the most secure and fastest edge platform for running mission-critical workloads. This platform integrates edge computing and communications into a single secured, multi-workload platform. Mainsail FTE is based on commercial-off-the-shelf technologies from Mainsail, IBM, and Turnium.
Joint Solution
Company logoCompany logo
Dashboard mockup
Mainsail

MetalCOMS

Metalcoms delivers the networking capability that secures data in transit through AES 128/256 encryption (DTLS) and through data obfuscation, while the Service Provider provides its customers with security from its existing, preferred solution sets. Metalcoms data obfuscation mitigates man-in-the-middle attacks through its per-packet link load balancing technology.
Mainsail Solution
Company logo
Dashboard mockup

Metalvisor One-Pager

Mainsail Metalvisor is a TypeZero Hypervisor, designed to protect systems from the silicon up through the application stack, using hardware-based isolation and cryptography to create immutable, tamper-proof environments.
Get free access to this one-pager
Thank you! Your submission has been received!
Fill in the required fields
Solution by
Company logo
Dashboard mockup

Metalvisor Whitepaper 2023

Mainsail Metalvisor is a TypeZero Hypervisor, designed to protect systems from the silicon up through the application stack, using hardware-based isolation and cryptography to create immutable, tamper-proof environments.
Get free acces to this whitepaper
Thank you! Your submission has been received!
Fill in the required fields
Solution by
Company logo
Dashboard mockup

Red Hat OpenShift

Mainsail's Metalvisor brings Confidential Compute and unmatched determinism to OpenShift. Metalvisor provides a Zero Trust platform for enhancing OpenShift security and performance.
Sign up for this Whitepaper release
Thank you! Your submission has been received!
Fill in the required fields
Solution brief
Company logoCompany logo
Dashboard mockup
Mainsail

Metalvisor One-Pager

Mainsail's Metalvisor is a security platform that protects edge workloads that are outside of the enterprise data center or cloud. Metalvisor defends edge workloads against sophisticated cyber attacks by utilizing separation enforced by security functions in hardware and protecting data in all forms: at-rest, in-transit, and in­use.
Mainsail Solution
Company logo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Dashboard mockup
WDC & Mainsail

Western Digital Ultrastar

To protect the Western Digital Ultrastar Edge servers outside the data center, Western Digital has partnered with Mainsail for their Metalvisor technology. Mainsail Metalvisor is a TypeZero Hypervisor, designed to protect systems from the silicon up through the application stack, using hardware-based isolation and cryptography to create immutable, tamper-proof environments.
Get free acces to this whitepaper
Thank you! Your submission has been received!
Fill in the required fields
Joint Solution by
Company logoCompany logo
Dashboard mockup
Coming soon

MetalCOMS

A revolutionary new peer to peer (P2P) secure edge platform. Build the next generation of applications without the dependence on clouds and secure them with Metalvisor.
Solution by
Company logo
Dashboard mockup

Receive insight on the technical details of Metalvisor.

Secure workloads at the edge while increasing performance. Consolidate real-time and lowlatency workloads on a TypeZero Hypervisor. Download our whitepaper to find out more.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Metalvisor Meets & Exceeds NIST
Zero Trust 800-207 policy, delivering advanced security today.

Metalvisor provides Zero Trust at the CPU level by using cryptographic verification of hardware, extending it to the runtime of applications. Metalvisor provides advanced security measures that meet and exceed the guidelines set forth by NIST 800-207 for Zero Trust.

This advanced level of security can provide peace of mind to the DOD and help to minimize the risk of security breaches, data loss, and other cyber threats.
NIST Zero Trust SP 800-207
DOD Zero Trust Guidance

Find out how Metalvisor can secure your data.

Get in contact

Secure data is important for everyone.

Get in contact