Virtual Encapsulation (Sandbox, VM, Container, …)
On the isolation computer, browser and email applications run within virtual encapsulations that are completely deleted as soon as the user closes their browser or email program. Any malicious code that may have entered is erased along with the virtual environment. The next time the user starts the application, a fresh virtual encapsulation is provided — free of any malware.
Escape from Encapsulation
Malware can escape from virtual environments — and this is not as rare as one might think.
While malicious code may break out of a virtual encapsulation, it cannot escape from the isolation computer itself. It poses no threat to the corporate network or company data. The isolation computer and the applications running on it are protected by strict access controls. Moreover, no sensitive company data is stored on the isolation computer.
Undetected Malware in the Corporate Network
In almost all large corporate networks — and in many smaller ones — undetected malware is already present. The TARJA protection concept may not be able to identify this hidden malicious code, but it can effectively neutralize it. The isolation computer breaks the direct connection between the public internet and the corporate network. This means:
- Malware can no longer download additional malicious code
- It becomes unreachable and uncontrollable by external attackers
- It can no longer send data to the attacker (protection against data theft and industrial espionage)
Outdated Software
Many companies still use software that is no longer supported by the vendor — often with known security vulnerabilities. However, since attacks can no longer reach the corporate network, this software can continue to be used with an acceptable level of risk.