Enterprises throw fortunes at security, in an attempt to keep their intellectual property, business intelligence, money, identities and other valuable assets safe. This is done against a backdrop of ever-increasing mobility, where workers are typically operating outside the network, often from multiple countries, and generally using the latest technology available to do so.

normal browser overview v2

There are some major challenges in dealing with this requirement. 

  1. You need a secure system that works equally on all platforms - a consistent security model that supplements existing measures and replaces or removes the need for others.
  2. You need something that is BYOD suitable - a secure app that you can deploy and control.
  3. You need a way to avoid setting up and managing VPNs on all these devices - especially the extra certificate management that it entails.
  4. You need to protect your basic login credentials (username and password) - wrapping them in a secure environment.
  5. You want the option to replace cumbersome and expensive two-factor authentication and one-time password measures - something with strong authentication built in.
  6. You don’t want to rely on the user’s browser, the one item that is out of your control, which is an easy target for malware infection, for man-in-the-middle attacks and domain name poisoning - so replace it!

The Secure Browsing Solution

The Hawk solution is a client-server system that delivers a secure browsing environment, to enable users to access a network’s secure web services. The Hawk Server is easily deployed in front of the enterprise web server. The Hawk Browser is a locked-down, restricted browser which authenticates and encrypts connections to the Hawk Server, using the system’s patented image login system. Hawk Browsers are available for desktop and mobile platforms.

hawk browser overview v2

Secure Browsing

With Hawk, user access to secure enterprise services is both enhanced and simplified. This is accomplished by first replacing vulnerable desktop browsers with a uniquely registered and provisioned browser, which renders content just like a normal browser. The browser connects to the Hawk Server, which is deployed in front of the web service and protects all access to the secured applications. The process involves both strong authentication (mutual client and server) and strong encryption of all data in transit.

Hawk replaces the need for a separate VPN, with the additional authentication and secure tunnelling built into the browser instead. In addition, Hawk is transparent to all legacy security measures, including SSL and two-factor authentication. Hawk is highly effective against many common threats including man-in-the-middle, phishing (and ID theft / impersonation generally), and malware infection.

User Experience

The Hawk client is a restricted browser that can be easily deployed on user devices. Supported devices include Windows, Mac OS X, Linux, iOS and Android. The client is fully HTML5 compliant and is capable of rendering advanced web applications and rich content. Hawk is free from URLs, address bars, bookmarks and history. The client is uniquely provisioned for the specific user and their device, and opens automatically at the pre-determined landing page, subject to successful Hawk authentication.

The user authenticates using our unique, patented Hawk image login system - images are easy to recognise and remember, and are also easy to enter on mobile touchscreens. With Hawk, the images are also constantly changing - they look the same but are digitally altered each time, creating a strong user passcode that is never transmitted, but used as part of the underlying cryptographic method.

Picture, picture, picture… connect!

Administration

Hawk is deployed on standard hardware inside the enterprise network. The Hawk Server is easy to install and requires no changes to existing back end services. The system is self-contained and includes a simple administration interface, for user and device registration and management, as well as overall system configuration. The system also allows the administrator to manage a whitelist of allowed domains, that controls which trusted sites their Hawk Browsers may view.

Installation and provisioning of client applications is easy - standard Hawk Browsers are downloaded by the employee or user, then securely provisioned using data generated and supplied by the system administrator.

To become a Hawk protected site or to simply find out more about the solution, please contact us.