Abstract: Systems and methods of detecting an exploit of a vulnerability of a computing device, including receiving an execution flow of at least one process running in a processor of the computing device, wherein the execution flow is received from a performance monitoring unit (PMU) of the processor, receiving memory pages from a memory of the computing device, reconstructing the execution flow of the process on another processor based on PMU data and the memory pages, running at least one exploit detection algorithm on the reconstructed process in order to identify an exploit attempt and issuing an alert.

Abstract: A method for use in granting access to a target to a user device, comprising: receiving at a proxy a request to access the target; forwarding by the proxy the access request to a security broker when the user device is verified by the proxy to know a prescribed secret, wherein the request is forwarded so as to appear to originate from a prescribed set of internet protocol (IP) addresses that the security broker recognizes as trusted; receiving by the proxy from the security broker (i) an access token, the access token being submittable to the target by the user device to gain access thereto and (ii) instructions for transmission to the user device for causing the user device to be redirected to an address indicating the requested target; and transmitting by the proxy toward the user device the access token and the instructions.

Abstract: A method for rendering virtual desktops on an air-gapped endpoint is provided. The method includes rendering a first window presenting a first virtual desktop of a first security zone; rendering a second window presenting a second virtual desktop display of a second security zone, wherein the first security zone and the second security zone are of a plurality of security zones instantiated on the air-gapped endpoint; and controlling, by a hypervisor, display of the first window and the second window on a desktop of the air-gapped endpoint, wherein any application in the first security zone cannot access any application in the second security zone when displayed on the same desktop.

Abstract: A method and system for controlling access to external networks by an air-gapped endpoint is provided. The method includes providing, on the air-gapped endpoint, a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using a hypervisor; selecting one security zone of the plurality of isolated security zones; and tunneling a traffic from the selected security zone to a designated network location, wherein the tunneling is through a virtual private network (VPN).

Abstract: Systems and methods of detecting an exploit of a vulnerability of a computing device, including receiving an execution flow of at least one process running in a processor of the computing device, wherein the execution flow is received from a performance monitoring unit (PMU) of the processor, receiving memory pages from a memory of the computing device, reconstructing the execution flow of the process on another processor based on PMU data and the memory pages, running at least one exploit detection algorithm on the reconstructed process in order to identify an exploit attempt and issuing an alert.