Enterprise Suite is a comprehensive network security solution that effectively protects against external intrusion by targeted hacker attacks or malware threats. It also protects against insider threats caused by unauthorized access to sensitive data and system configuration changes. Best-of-breed virus scanner is also included to provide an additional layer of protection.
By controlling the launch and activity of all applications and system drivers, Enterprise Suite enables the effective protection of endpoints against all types of malware and vulnerability exploits without the need for frequent and cumbersome signature updates. This approach also blocks zero-day threats and user activity such as unauthorized information or device access, launching of unapproved applications, and other actions that run counter to corporate security policies.
The Enterprise Suite PLUS antivirus scanner is provided to enable scanning of unknown applications for malware using a combination of signatures and heuristic analysis. Depending on the results of the scan, administrators can decide whether to launch the application in a sandbox or without restrictions. It can also be used to scan external devices for malicious software prior to allowing those devices to connect to the network.
User-driven rules for application activity, file system and registry access, peripheral device and network resource access, combined with monitoring and logging, allow administrators to control and block malicious or unintentionally-risky employee actions. Centralized management and a modular approach reduce the cost and workload for administrators.
Enterprise Suite PLUS consists of the following modules:
SysWatch PLUS - proactive protection that ensures only authorized users of authorized applications can access authorized data using authorized devices.
DLP Guard - data leak prevention that constantly monitors and logs endpoint activity. DLP Guard also provides an audit trail as well as compliance, and forensic analysis reports.
Administration - the server-based Service Center stores logs, security policies, and endpoint configurations. The Admin Explorer management control handles remote deployment, endpoint configuration, and incident and other event responses.
Controls application launches, blocking the launch of hidden applications, and preventing new applications from launching until the administrator can determine whether the application should be permitted to run.
Unknown or potentially dangerous applications are launched in a limited user account or a sandbox , so they cannot affect other processes or the system itself. This method allows malicious activity to be blocked before patches or signature updates can be applied.
Application activity control
Controls how different applications can access files and folders, USB drives, registry keys, external devices, and network resources. User-driven rules can be created to control application activity.
Enterprise Suite PLUS has a built-in antivirus scanner that enables scanning of files for known malicious code and repairing of infected files where possible. It also enables administrators to scan unknown applications before launching them and to perform regular system scans if required.
Targeted software protection
Enables custom protection to be implemented for specific software in the following ways:
Application consistency control. Control over program code changes ensures that applications cannot be launched if the executable code has been modified.
Application executable code protection. Prevent executable modules from being modified by other applications.
Application data protection. Disable read/write access to application data files and registry keys for all other applications.
Block attempts by users to launch any unknown application or block only specified unwanted software such as games or multimedia players.
Access to files and folders
Set access rules to files and folders for individual applications or groups of applications. Active Directory support enables rules to be set for individual users or groups of users.
Access to peripheral devices
Granular settings control access to USB drives and CD/DVD devices, down to the level of device type, name, vendor and ID.
Monitor access to file storage and other external devices
Alerts are generated whenever access to an unauthorized application launch or unauthorized file, registry or external device is attempted. Using the audit logs, reports can easily be created to provide timely information about all endpoint activity.
Remote display screen shot session
Remote screen shot session of user’s workstation display in real time as part of a forensic investigation.
Record keyboard input
Record all keyboard input for any application in order to track who used a particular application when and what data was entered or changed.
Shadow copying of changed files
Automatically saves original copies of changed or deleted files and system registry keys.
System usage monitoring
Keep track of who uses which applications as well as the time spent using those applications.
SysWatch Enterprise Suite PLUS built around SoftControl’s unique, patent-pending V.I.P.O. (Valid Inside Permitted Operations) technology, which combines three levels of protection:
D.I.C. (Dynamic Integrity Control)
Protects all executable software on the system by detecting any unauthorized activation attempt and preventing the process from launching before damage can occur. Preserves the system in a known-good state.
D.S.E. (Dynamic Sandbox Execution)
Specially-designated user account for potentially dangerous software provides system-level privilege controls to block malicious software activity. Also protects the PC from software vulnerabilities.
D.R.C. (Dynamic Resource Control)
Controls how different applications can access files and folders, registry keys, external devices, and network resources.
SysWatch Enterprise Suite PLUS installations can be updated through local server connections.
Remote management console
The built-in remote management console supports remote installation and uninstallation, policy and configuration changes.
The management console enables administrators to remotely make decisions on action to be taken in case of incidents such as attempts to launch unknown applications or breach of security policy or to process incidents automatically.
If, for any reason, the client is stopped on a remote workstation, or there is an attempt to breach security policies, an alert is issued to the management console or directly to a designated administrator via email.