Enterprise Suite is a comprehensive network security solution that effectively protects against intrusion by targeted hacker attacks or malware threats without the need for signature updates. It also protects against insider threats caused by unauthorized access to sensitive data and system configuration changes.
By controlling the launch and activity of all applications and system drivers, Enterprise Suite enables effective protection of endpoints against all types of malware and vulnerability exploits without the need for signature updates. This approach also blocks zero-day threats and user activity such as unauthorized information or device access, launching unapproved applications, and other actions that run counter to corporate security policies.
User-driven rules for application activity, file system and registry access, peripheral device and network resource access, combined with monitoring and logging, allow administrators to control and block malicious or unwittingly-risky employee activity. Centralized management and modular architecture significantly reduce the cost of security administration.
Components
Enterprise Suite comprises the following modules:
SysWatch Workstation - endpoint protection against all types of malware, unauthorized employee activity, and hacker attacks without the need for continuous signature updates.
DLP Guard - data leak prevention that constantly monitors and logs activity at the endpoint, generating audit trail, compliance, and forensic analysis reports.
Administration - the server-based Service Center stores logs, security policies, and configurations. The Admin Explorer management console handles remote deployment, endpoint configuration, and incident and other event responses.
Blocks the launch of hidden applications; new application launches are blocked until the administrator is able to determine whether the application should be allowed to run.
Dynamic sandbox
Unknown or potentially dangerous applications are launched in asandbox so they cannot affect other processes or the system itself. This method allows malicious activity to be blocked before updated signature databases and vulnerability patches are available.
Application activity control
Controls how different applications are permitted to access files and folders, USB drives, registry keys, external devices, and network resources. User-driven rules can be created to control application activity.
Targeted software protection
Enables custom protection to be implemented for specific software in the following ways:
Application consistency control. Control over program code changes ensures that applications cannot be launched if the executable code has been modified.
Application executable code protection. Prevent executable modules from being modified by other applications.
Application data protection. Disable read/write access to application data files and registry keys for all other applications.
Block attempts by users to launch any unknown application, or only specified applications such as games or multimedia players.
Access to files and folders
Set rules for accessing files and folders for individual applications or groups of applications. Active Directory support enables rules to be set for individual users or groups of users.
Access to peripheral devices
Granular settings control access to USB drives and CD/DVD devices, down to the level of device type, name, vendor and ID.
Monitor access to file storages and external devices
Alerts are generated whenever an unauthorized application launch or access to unauthorized file, registry or external device is attempted. Using the audit logs, reports can easily be created to provide timely information about all endpoint activity.
Remote display screen shot session
Remote screen shot session of user’s workstation display in real time as part of a forensic investigation.
Record keyboard input
Record all keyboard input for any application in order to track who, when and what data is entered.
Shadow copy for changed files
Automatically saves original copies of changed or deleted files and system registry keys.
Usage monitoring
Keep track of who uses which applications as well as the time spent using those applications.
SysWatch is based on the unique, patent-pending V.I.P.O. (Valid Inside Permitted Operations) technology, which combines three levels of protection:
D.I.C. (Dynamic Integrity Control)
Protects all executable software on the system by detecting any unauthorized activation attempt and preventing the process from launching before damage can occur. Saves the system in “known-good” state.
D.S.E. (Dynamic Sandbox Execution)
Specially-designated user account for potentially vulnerable software provides system-level privilege controls to block dangerous software activity. Also protects the PC from software vulnerabilities.
D.R.C. (Dynamic Resource Control)
Controls how different applications can access files and folders, registry keys, external devices, and network resources.
Enterprise Suite’s modular architecture easily scales to meet the needs of growing businesses.
Integration with other security solutions
Enterprise Suite operates alongside and can be integrated with other security and network management tools, such as SIEM, IAM, network traffic security, encryption, and traditional anti-malware solutions.
SysWatch Enterprise Suite enables the use of local servers for workstation program component updates on workstations.
Remote management console
Built-in remote management console allows remote installation, uninstallation, and change in Enterprise Suite settings.
Incident management
The management console enables administrators to remotely determine action to be taken on incidents such as attempts to launch unknown applications or breach of security policy or to process incidents automatically.
Alerts
If, for any reason, the client is stopped on a remote workstation, or there is an attempt to breach security policies, an alert is issued to the management console or directly to a designated administrator via email.
