An application containerization
technology to intelligently isolate
applications (not just browsers) from
its host environment.


Founded in 2005, Ceedo has been pioneering secure application containerization solutions to enable productivity and security in the workplace. Ceedo technology uses application containerization to intelligently control access between code-and-data running in the container and its host.

Ceedo’s MalwareLocker protects the endpoint by jailing untrusted or malicious content inside a secure application container. Using containerization, MalwareLocker isolates web-facing applications (browser, email client, etc.) and removable media from impacting the host. Ceedo’s protection-based approach has proven effective against known and unknown threats, including zero-day attacks, and acts as an important security layer that complements detection-based controls. MalwareLocker needs no additional server infrastructure, being simple and lightweight, it smartly utilizes host resources.

Users continue to use protected applications as they otherwise would, while all interactions between the application and the host computer are filtered through intelligent security checkpoints that ensure potential threats are confined to the container. The outcome is a highly effective protection measure against malware infections, as anything that happens in the container stays in the container, and will not affect the host machine.

In the past, antivirus and other detection-based tools had been the first and last line of defence for most users, but in a hyperconnected world where malware is evolving at an accelerating pace and spreading even faster, this approach simply cannot keep up. Ceedo aims to offer protection without threat detection by automatically containing potentially harmful situations through a combination of privilege restriction and containerization, thus preventing a well-meaning user from making errors that lead to infection.

If the user wants to move downloaded content from the isolated container to the host, content is automatically inspected via a cloud-based content-sanitization service to ensure it is free from any malicious code. The container itself can be optionally disposed at the end of the session and a pristine instance spun-up in the next session.

For the sanitization service mentioned, one of the highly recommended platform would be Gate Scanner, which is probably the world’s longest serving Content Dis-arm and Reconstruction (CDR) platform to date. Since 2001, Gate Scanner has protected more than 200 critical info-infrastructures, achieving zero incident in sites that it was deployed. Gate Scanner has already been technically integrated with Ceedo to provide a seamless user experience when sanitization is needed.

One typical use case of the Ceedo-Gate Scanner integrated platform is that users will be mandated to select/opening incoming external files within a Ceedo container. Once specific files are selected, users could then drop them into pre-designated folders to initiative CDR sanitization before they are copied into the real host machine. Such external files could come from USB devices, e-mails or other media. If a malicious file is opened during selection, the host machine will never be infected. Users could simply close the container concerned and the unfortunate environment will simply evaporate.

Additionally, with Ceedo’s Cloud Management System, administrators exercise full control over MalwareLocker’s lifecycle, from onboarding new users, through the administration of policies and support, and all the way to removal.

IT Care Center
Good Hackers Alliance
Virtus Assure