The Endpoint Is the New Perimeter?

We recently attended IGEL's partner event in Bern to initiate our new partnership. It's a bit provocative to claim that the endpoint is the new perimeter, but if you want to enable Zero Trust dream, you need to shift the security perimeter to identity, not the device. IGEL is a clear Zero Trust enabler in that sense. Forget what you know about the thin client era, it's a full software eco-system! 

the As a cybersecurity group with a compliance and cyber resilience DNA, Abilene is not selling endpoint, we are delivering endpoint security; IGEL provides solutions that will fix specific customer use cases we are focusing on: endpoint BCP/DRP as part of our recovery operation center, endpoint security for legacy OS/Application within critical OT/IoT infrastructures (manufacturing, logisitics, healthcare, etc.) as part of our Zero-trust protection pillar.

Across six presentations, a single, consistent message emerged: the endpoint can no longer be treated as a passive access device. It must become an active, managed, and hardened layer of the security architecture.

Here is what we took away.

From Thin Client Leader to Adaptive Secure Endpoint Platform

IGEL's journey, as articulated by CTO Matthias Haas and VP DACH Peter Goldbrunner, is one of deliberate expansion. What began as thin client software for VDI and DaaS environments has evolved into what IGEL now calls the Adaptive Secure Endpoint Platform — a unified, policy-driven system designed to manage endpoints across IT and OT, across physical devices, virtual machines, and containers, and across the full spectrum of enterprise use cases.

The platform rests on three pillars:

IGEL OS — a read-only, immutable Linux-based operating system. Because the OS itself cannot be modified by applications or users, it dramatically reduces attack surface and ensures that a reboot always returns the device to a known-good state. There is no registry, no persistent local storage for malware to hide in, and no residual data left between sessions.

IGEL Universal Management Suite (UMS) — the centralized control plane. UMS enforces policy at three layers simultaneously: device-level policy (is this a managed, compliant device?), persona-level policy (who is the user and what is their role?), and conditional policy (what is the network context, what application is being accessed, what is the risk signal?). This three-layer model is what IGEL calls Contextual Access — adaptive, identity-aware access control enforced directly at the endpoint.

IGEL App Portal — a curated, signed application repository. Every application available to endpoints is vetted, signed, and delivered through the portal, eliminating the risk of unauthorized software and ensuring that what runs on an IGEL endpoint has been explicitly approved.

Together, these three components implement what IGEL calls the Preventative Security Model (PSM) — a philosophy that shifts emphasis from detecting and responding to attacks after they occur, to preventing them from gaining a foothold in the first place.

Security by Architecture: Why Prevention Beats Detection

One of the most compelling themes across the event was the industry-wide shift in security philosophy. John Walsh, Field CTO for Government and Critical Industries, framed it bluntly: the time from vulnerability discovery to active exploit is now measured in days, not months. The traditional approach — monitor, detect, respond — simply cannot keep pace.

IGEL's answer is structural. By making the OS immutable and read-only, by enforcing policy at the execution plane (what can run), the data plane (what can be accessed), and the control plane (what can be managed), IGEL removes entire categories of attack vectors:

• No persistent malware: because the OS resets on reboot, nothing survives a restart.
• No unauthorized applications: the App Portal enforces app signatures and certification before anything executes.
• No lateral movement via the endpoint: the immutable OS cannot be used as a staging ground.
• No privilege escalation through the desktop: users receive only the application or workspace they are authorized for — not a full Windows desktop.

This architecture maps directly to major compliance and regulatory frameworks. IGEL presented explicit mappings to Zero Trust Architecture (ZT 2.0), NIS2, IEC 62443 (industrial cybersecurity), NIST CSF 2.0, CMMC, DORA (for financial services), KRITIS (German critical infrastructure), and data sovereignty requirements. For organizations navigating multiple regulatory regimes simultaneously — a common challenge in European critical sectors — this unified approach reduces the complexity and cost of compliance considerably.

Business Continuity and Disaster Recovery: The Blind Spot in Most DR Plans

James Millington, Field CTO for EMEA Healthcare, delivered one of the most thought-provoking sessions of the day, focused on a gap that most organizations have not yet confronted: endpoint recovery is the missing piece of every disaster recovery plan.

The statistics he cited are sobering:

• 90% of successful cyberattacks originate at the endpoint.
• 76% of organizations that recovered from a ransomware attack took more than 100 days to do so.
• 68% of ransomware victims experienced a second attack within six months.
• Endpoint malware detections increased 300% in the first half of 2025.

Yet despite these numbers, most DR architectures focus on servers, databases, and network infrastructure — not the devices users actually work on. The result is a dangerous asymmetry: organizations invest millions to bring infrastructure back online in 20–60 minutes, while their endpoint recovery time objective is measured in weeks or months. One customer Millington cited had calculated that recovering 2,000 endpoints through traditional reimaging would require 5,000 person-hours — the equivalent of 125 person-weeks of work.

IGEL addresses this through two complementary deployment models designed to be activated before an incident occurs:

IGEL Dual Boot installs IGEL OS alongside the existing Windows partition on any x86 device. Windows runs normally day-to-day; in the event of a ransomware attack or system failure, the device boots into IGEL OS, which remains untouched because it is isolated from and protected against the Windows partition. Remote installation is supported via SCCM, Intune, or software distribution tools, and BitLocker-encrypted drives are fully supported.

IGEL USB Boot (UDpocket) takes portability a step further: a pre-configured bootable USB device can turn any x86 machine — including non-IGEL hardware — into a managed recovery endpoint. The device boots from USB, connects to UMS, receives its policy profile, and the user is back in a managed, secure workspace within minutes. This model is particularly powerful for scenarios where local drives are compromised or physically inaccessible, for remote workers, or for BYOD recovery situations.

Both paths lead to the same outcome: users can connect to their cloud-hosted applications, VDI sessions, or DaaS environments within minutes of a major incident, while the traditional reimaging and recovery process for Windows machines proceeds in parallel.

A complementary offering, UMS as a Service (UMSaaS), moves the management layer itself to the cloud. This means that even if an on-premises data center is taken offline by an attack or natural disaster, IGEL can continue to provision, manage, and recover endpoints — because the management infrastructure is not co-located with the threat.

The regulatory context here is significant. Millington presented a sector-by-sector breakdown of the compliance pressure organizations face:

SectorNorth AmericaEuropeHealthcareHIPAA 72-hour notificationNIS2 + GDPR Article 33GovernmentCISA / FISMANIS2 public administrationFinancial ServicesFFIEC / SEC 17a-4DORA (effective January 2025)ManufacturingCISA critical infrastructureNIS2 critical sectorsRetailPCI-DSS 4.0PCI-DSS 4.0 + GDPR

Each of these frameworks increasingly demands not just security controls, but demonstrated, tested resilience — the ability to prove that systems can be recovered within defined timeframes. IGEL's BC&DR capabilities translate directly into measurable RTO improvements that regulators can audit.

Critical Infrastructure and IT/OT Convergence

John Walsh's session extended the IGEL story into one of the fastest-growing and most challenging domains: operational technology. Manufacturing floors, energy grids, healthcare diagnostic equipment, and transport control systems all rely on specialized industrial hardware and software — HMIs, SCADA systems, PLCs, and MES platforms — that were historically managed entirely separately from enterprise IT.

That separation is no longer sustainable, for two reasons. First, threat actors increasingly target OT environments specifically because they tend to be less mature in their security posture. Second, the operational benefits of converging IT and OT management — reduced complexity, lower TCO, consistent policy enforcement — are compelling.

IGEL's Adaptive Secure OT platform extends IGEL OS and UMS into industrial environments, enabling OT systems to be managed with the same centralized, policy-driven approach as enterprise endpoints. Key capabilities include:

• Central management of HMIs, SCADA interfaces, kiosks, and digital signage alongside standard enterprise endpoints, all through the same UMS console.
• Support for IEC 62443, the primary industrial cybersecurity standard, as well as Zero Trust architectures and data sovereignty requirements.
• The IGEL Managed Hypervisor (IMH), which enables virtual PLCs and containers to run directly on edge devices — a significant capability for process automation. An ExxonMobil deployment was cited as a reference, with IGEL IMH running virtual PLCs at the edge for oil and gas process control.
• The Trusted Macro Secure Enclave (TMSE), which extends the Preventative Security Model across IT/OT boundaries — providing hardware-enforced isolation, identity-aware access control, and policy enforcement that spans from the OT device through the network to cloud workloads.

IGEL's Zero Trust mapping for IT/OT environments covers all seven DoD Zero Trust pillars: User, Device, Applications and Workloads, Data, Network and Environment, Automation and Orchestration, and Visibility and Analytics.

AI at the Endpoint: Opportunity and Risk, Together

Emanuel Pirker, Field CTO at IGEL, framed the AI discussion with unusual intellectual honesty. Before discussing what IGEL is building, he spent time on what LLMs are not good at — guaranteed correctness in legal, medical, or financial contexts; deterministic logic and state management; true reasoning over novel problems. Understanding these limitations, he argued, matters more than any feature announcement.

With that foundation, the AI opportunity is real and growing. By 2026, 50% of all new PCs sold are projected to include dedicated AI hardware — NPUs for always-on, low-power AI inference alongside GPUs for higher-throughput tasks. Use cases like live transcription, background summarization, contextual assistance, webcam enhancement, and local document intelligence are moving from novelty to default capability.

But AI also introduces new security risks at the endpoint, particularly around:

• Unauthorized use of NPU/GPU resources by applications that should not have access.
• Data exfiltration through cloud AI services that process sensitive prompts externally.
• Prompt poisoning and behavioral observation by cloud AI providers.
• Unvetted AI models running locally without governance controls.

IGEL's response is AI Armor — a security layer integrated into IGEL OS and managed through UMS that governs how AI operates on the endpoint. Current capabilities include restricting access to authorized AI models only, preventing unauthorized NPU and GPU usage, applying pre-configured compliance templates for AI workloads, and vetting AI applications through the App Portal before they can run.

The roadmap for AI Armor extends to a centralized AI Policy Engine within UMS, lightweight runtime controls that govern AI apps, browsers, and IGEL-native applications, and telemetry captured to IGEL Insights for anomaly detection across AI usage patterns.

One particularly interesting demonstration involved Ollama — an open-source local LLM runtime — deployed as a vetted application through the IGEL App Portal. This enables privacy-by-design AI: language models run locally on the device, data never leaves the endpoint, models are downloaded from the App Portal (not the public internet), and the system can operate fully air-gapped. Text transformation, translation, summarization, code assistance, and knowledge lookup become available without cloud dependency or data exposure.

Healthcare: Where Security and Patient Safety Are the Same Problem

A dedicated session on healthcare used the sector as a case study in what the IGEL platform looks like when applied to a highly regulated, clinically critical environment.

Healthcare in 2026 is managing four simultaneous pressures: cyber resilience for patient safety, AI adoption and optimization, financial cost control, and workforce shortages. These are not independent problems — a ransomware attack that brings down clinical systems is simultaneously a patient safety event, a financial crisis, and a regulatory exposure.

IGEL's healthcare use cases span the full care environment: registration and reception, exam rooms, pharmacy, diagnostics, emergency services, physician offices, and patient kiosks. Clinical workflow capabilities include:

• Fast User Switching with Imprivata integration — clinicians tap a badge to log in, tap again to log out, and the session follows them from station to station without leaving data behind.
• Roaming Desktops — the user's workspace travels with them across devices.
• Business Continuity Access — in the event that the primary EHR system (Epic, Cerner, and others are explicitly supported) goes offline, endpoints can switch to a pre-configured offline or alternative access mode without device reimaging.
• Published Applications via IGEL Managed Hypervisor — Windows-based clinical applications like Cerner Hyperdrive, Epic PowerChart, or Nuance Dragon run within the IGEL environment as isolated, published apps, without exposing a full Windows desktop. Users interact only with the application they need.

The underlying trust foundation — immutable OS, signed applications, centralized policy, hardware-enforced isolation — is what makes these clinical workflows safe to run on shared devices in environments where infection control and security cannot be traded off against productivity.

The Bottom Line for Partners and Customers

The IGEL platform has moved well beyond its thin client origins. What we saw in Bern was a coherent, mature security and management platform that addresses the full lifecycle of endpoint risk — from day-zero device configuration through active attack scenarios and post-incident recovery.

For organizations evaluating endpoint strategy in 2026, the key takeaways from the event are:

1. Endpoint recovery must be part of DR planning, not assumed to be handled by default. The gap between infrastructure RTO (minutes) and endpoint RTO (days to weeks) is a real and measurable risk.
2. Prevention is a more defensible security architecture than detection and response, particularly at the endpoint. An immutable OS that resets on reboot eliminates entire categories of persistent threat.
3. IT and OT can — and increasingly must — be managed through a unified platform. The convergence is driven by threat landscape realities and regulatory requirements alike.
4. AI governance at the endpoint is not optional. As AI capabilities move onto the device itself, organizations need policy controls over what models run, what hardware they access, and where data flows.
5. Regulatory compliance across multiple frameworks is achievable from a single platform. IGEL's compliance mappings to NIS2, DORA, IEC 62443, CMMC, NIST CSF 2.0, and Zero Trust requirements mean that the same deployment can satisfy multiple audit requirements simultaneously.

For organizations in regulated sectors — financial services, healthcare, government, manufacturing, or critical infrastructure — the combination of preventative security, rapid BC&DR capability, and OT convergence makes IGEL a platform worth serious evaluation.

Article based on presentations from the IGEL Partner Event, Bern, June 18, 2026, including sessions by Peter Goldbrunner (VP DACH), Matthias Haas (CTO), Emanuel Pirker (Field CTO), James Millington (Field CTO EMEA Healthcare), and John Walsh (Field CTO, Government and Critical Industries).

‍