Continuing our trend reviewing amazingly small yet capable USB devices, we’re going to look today at Yoggie Gatekeeper Pico. The Gatekeeper Pico is a ‘personal security appliance’, the first of its kind, a tiny computer running a suite of security software, analyzing the network traffic before it even reaches your computer.
This is nirvana for every security conscious person using the internet, as the computer is physically separated from the network by the the Gatekeeper. The data flowing in is routed directly from the network adapter through the Gatekeeper, analyzed for suspicious activity, and then passed on to your computer.
My first reaction to Yoggie’s Gatekeeper Pico was of disbelief. Disbelief that a device so small could actually run a comprehensive security suite, similar in functionality to a behemoth like Norton Internet Security. And we all know what installing that does to the computer’s performance. Yet it works, and much better than I thought it would.
Inside that small case, we have a hardened Linux operating system using kernel 2.6 and running on the Freescale iMX31L processor, 128MB of RAM and 128MB of non-volatile storage.
Yoggie claims their solution has less than 1% impact on system performance and I believe them. Even the Management Console, the program which controls the settings of the device, is stored on the Gatekeeper itself and accessible via a web interface.
Yoggie did a stellar job of creating a simple to use product, even though the underlying technology is advanced and quite complicated. Normally, an end-user would not be able to benefit from all these security applications – which are primarily found in corporate environments.
Let’s take a look at the components of this security suite:
- Firewall with *stateful packet inspection, outbound port whitelist and blacklist pre-configured, Active Sync support and creation of new rules or exceptions. *By default, Yoggie allows no inbound traffic that was not initiated on the protected computer. Yoggie’s firewall is based on the Linux Netfilter/IPTables firewall.
- Snort Intrusion Detection & Prevention System with Sourcefire VRT certified rules
- Kaspersky Anti-Virus, Anti-Spyware, Anti-Malware components, which update every 5 minutes automatically. The Kaspersky (or KAV) engine is well regarded by security analysts.
- SurfControl Web content filtering with pre-configured categories and rule creation. By enabling the Ads filter you’re going to get rid of almost all advertising on websites, making surfing more pleasant and fast.
- Adaptive Security Policy, a 3 stage method, using Low, Medium and High; the user can choose to manually configure the different components or adjust the security slider according to their needs from the graphical interface.
- Adaptive Security Policy
TOR network client, which enables you to connect to the TOR network with a simple click of a button, guaranteeing online privacy.
Yoggie Adaptive Security Policy uses a current risk level calculator to calculate the risk level in the specific environment at any given time. According to the calculation it dynamically increases or decreases the security level. –Yoggie KB ID #1011
- Multi-Layer Security Agent
Yoggie Multilayer security agent (MLA) receives security related events from all layers-from the packet level up to the L 8 engine. This patent-pending technology blocks attacks at the packet level as they begin to constitute a risk at the application level. The MLA monitors scanning results from the different security software and builds a puzzle to identify an attack even if it is not recognized by each of the individual subsystems. –Yoggie KB ID #1010
- VPN client & server (Pro model only) for creating an encrypted tunnel automatically when using Yoggie.
- Layer 8 Security Engine
Yoggie L-8 (Layer 8) security engine (patent pending) is a proprietary technology that defends against unknown attacks, including new viruses, spyware, worms, etc. It sits on top of the application layer and analyzes mobile code, such as JavaScript, VBScript and Java applets in order to detect malicious code based on behaviour rather than an existing signature. –Yoggie KB ID #1009
Yoggie Gatekeeper Pico comes with a color quick start guide, but I’m not sure anyone would need that because its incredibly easy to set up. Insert the supplied CD, or download the driver from the Yoggie website then just plug in the Gatekeeper. After about 15 seconds, Yoggie would have started and connected to the application on your computer. The only thing you have to do is to choose a password. This absolutely redefines ease of use when it comes to security applications.
If there’s one downside to Yoggie, it’s the fact that it can’t scan local files or removable media like USB sticks and CDs. Most of the threats today come from the internet – but if you get an infected file on a USB stick, you won’t be protected. The malware won’t be able to communicate with the outside world because of the firewall and IDS/IPS, but it could do other damage.
If you deal with physical media on a regular basis you’ll need to keep around a small portable antivirus , such as ClamWin, for quick scanning. When you purchase a Yoggie product, you will also receive a 1 year Kaspersky Antivirus license, which they recommend you use to do one final sweep before you use the Gatekeeper. You could leave Kaspersky running and enjoy complete protection from all types of threats. In my tests, Kaspersky Anti-Virus used little over 20MB of RAM and never took more than 2% CPU, so it should represent a problem even for a low powered netbook.
Gatekeeper consumes very little energy, under 2W, so it won’t be a burden when you’re using your laptop. In fact, you’ll probably notice that the battery lasts longer because you don’t have a software security suite running on your computer.
The integrated Kaspersky anti-virus engine can’t scan more than the first 10 MB of any HTTP download. What if you download a file, 60MB, that contains a virus? Would you be protected? I’ve asked this question to Gil Bodov, Director of Technical Support:
Yoggie will scan the first 10MB of each file, where most viruses will already be caught regardless of file size. Beyond that, even for the rest of the file, regardless of its size, everything will be passed through the other engines, IDS/IPS, Layer 8 etc. which also include virus signatures. This means you’re still getting a decent level of security even though the AV engine itself doesn’t actually scan the entire file. Still, if you want to have the most secure setting, you can simply block downloading files bigger than 10MB. In addition, Yoggie recommend using the Bonus Desktop AV software (Kaspersky) we provide in the package for a second line of defense (or any other updated AV software).
It is my conclusion that the Yoggie Gatekeeper Pico coupled with a lightweight antivirus is the best protection you can get at the moment for a Windows based computer.
Yoggie products are also available for ExpressCard, home networks, Macs and small businesses and won several prestigious awards from PCMag, ComputerWorld, RSA and CES. We thank Avi Dardik , VP Product Management for providing this sample. Visit Yoggie.com.
I'm confused – isn't this device only available for Windows or Mac?
@CuriousGeorge – seems so.No mention of any *nix OS on the webpage.Kind of "ironix"…isn't it? Windows and Mac fanboys should keep away from this device.. It' s made out of Linux..
)))