The Byos µGateway
A Secure Endpoint Edge
A hardened security stack on a simple plug-and-play USB device, the Byos µGateway (pronounced “micro-gateway”) provides protection from OSI layers 1 to 5 through hardware-enforced isolation.
Each µGateway isolates the connected endpoint onto its own micro-segment of one that protects it from compromised networks and other endpoints on the network.
Portable & Lightweight.
The Byos µGateway fits in the palm of your hand and can be transported anywhere.
It is powered solely by its male USB-C connector, with no need for a power outlet or battery to work.
The µGateway also does not impact or restrict connection speeds.
The Apple© iPad® and MacBook® Pro are trademarks of Apple Inc. The Microsoft© Surface Pro® is trademark of Microsoft Corp.
Works with any device.
The µGateway is technology agnostic and can be used with any connected device regardless of its operating system, model or age.
It doesn’t require any software or drivers and connects to your device via USB-C.
The solution is plug-and-play, doesn’t require any previous security knowledge, making it easy to use.
The Byos µGateway is built on proprietary hardware, and runs a customized operating system.
The hardware board offers several security features to prevent tampering, protecting your information:
Tamper Resistant Enclosure
No JTAG Connector
The Byos µGateway is built in North America, with a certified supply chain of components.
Robust Endpoint Protection
Hardware-enforced isolation created by the Byos µGateway hardware device puts the user in a protected environment isolated from the local network. Because the µGateway is a “security stack on a stick,” all security service processing occurs on its hardware with no protection dependencies in the cloud.
The specific security services running on the µGateway include:
Byos runs a bi-directional firewall, offering incoming and outgoing access control based on country-based and protocol-based traffic, restricting specific domain names, IP addresses and ports.
The user’s Wi-Fi connection is prevented from being intercepted, cloned, bypassed or hijacked.
The µGateway maintains direct and confidential communications with the network gateway without allowing the poisoning of routing tables.
The µGateway runs an in-device encrypted DNS server to prevent DNS hijacking and preserve the confidentiality of the user’s browsing data.
The µGateway detects changes in packet routing to the Internet and takes the necessary actions to prevent any data leakage.
The µGateway detects exponential changes in network traffic volume often triggered by hidden malware running on the user’s device.
The µGateway runs an internal security service to detect directed threats and block fingerprinting, enumeration, DoS and exploit attacks.
The µGateway blocks ads and tracking transparently on the network level without requiring additional software on the host or in the browser.
The µGateway performs continuous analysis on the connected Wi-Fi network, alerting IT of threats immediately and, if required, cutting network access autonomously when the network environment becomes hostile.
Any attack attempts against the µGateway will be detected by the in-device threat management, and live alerts will be sent to the user and IT through the Management Console. The µGateway also autonomously blocks attacks without the need for interference from the user or the IT department, and can decide in real time whether the user should be disconnected from the network as a fail-safe.
Are you looking for better protection over remote endpoints?
Get Started with our Business Starter 5-Pack to see how easy deployment, usage, and provisioning are with the Byos Endpoint Micro-Segmentation Solution. Start small with a pilot deployment of 5 µGateways and access to the Management Console, see the value, and then deploy more µGateways from there.
OSI Model Protections
OSI 1 - Physical
Wired connection to host
Hardware security layers
Rogue AP protection
OSI 2 - Data Link
Wi-Fi identity checks
Gateway integrity checks
OSI 3 - Network
Route alteration detection
Network identity checks
OSI 4 - Transport
In-device encrypted DNS
Multi-factor traffic control
OSI 5 - Session
Bandwidth spike checks
In-device VPN tunneling
Multi-factor Network Access Control
Deployment and Implementation
With streamlined provisioning for all categories of endpoint devices, Byos enables zero-trust migration and implementation through simple plug-and-play security. There is no need to physically install software or agents on users’ devices. The solution is easy to use and requires no previous end user security knowledge, and provides automatic device enrollment and integration into enterprise security programs and infrastructure.
The µGateway does not perform Deep Packet Inspection. The µGateway maintains TLS encryption as the traffic passes through it – the Internet connection is transparent to the endpoint and the egress traffic is clean, which allows it to communicate as the endpoint normally would. Because there is no software running on the endpoint the user’s privacy is maintained.
For organizations with an existing VPN infrastructure, user VPN connections can be tunneled through the µGateway. The Management Console gives the administrators the ability to see if the user is connected to a VPN and visibility into the VPN’s session information. The µGateway detects potentially malicious activity related to the VPN connections including changes in public/local IP address of the VPN Gateway or a dropped VPN connection without action from the user.
Dimensions: 1.76 x 1.38 x 0.57 inches (4.48 x 3.49 x 1.45 cm)
Type of Device: Plug-and-Play USB Ethernet Gateway
Power Consumption: Under 5W
Port Requirements: USB 3.0 /USB Type-C
OS Requirements: Any OS compatible with USB-OTG
Special Driver Requirements: None
Enclosure: 2 mm Plastic
Manufactured in: Canada/USA
Certified Supply Chain of Hardware components: Yes
Certified Chain of Custody of Software: Yes
Software Updates: Automatic, Over-the-air