By controlling the launch and activity of all applications and system drivers, Enterprise Suite enables effective protection of endpoints against all types of malware and vulnerability exploits without the need for signature updates. This approach also blocks zero-day threats and user activity such as unauthorized information or device access, launching unapproved applications, and other actions that run counter to corporate security policies.
User-driven rules for application activity, file system and registry access, peripheral device and network resource access, combined with monitoring and logging, allow administrators to control and block malicious or unwittingly-risky employee activity. Centralized management and modular architecture significantly reduce the cost of security administration.
Enterprise Suite comprises the following modules:
Controls application launches, blocking the launch of hidden applications, and preventing new applications from launching until the administrator can determine whether the application should be permitted to run.
Unknown or potentially dangerous applications are launched in a limited user account or a sandbox , so they cannot affect other processes or the system itself. This method allows malicious activity to be blocked before patches or signature updates can be applied.
Controls how different applications can access files and folders, USB drives, registry keys, external devices, and network resources. User-driven rules can be created to control application activity.
Enables custom protection to be implemented for specific software in the following ways:
Block attempts by users to launch any unknown application or block only specified unwanted software such as games or multimedia players.
Set access rules to files and folders for individual applications or groups of applications. Active Directory support enables rules to be set for individual users or groups of users.
Granular settings control access to USB drives and CD/DVD devices, down to the level of device type, name, vendor and ID.
Alerts are generated whenever an unauthorized application launch or access to unauthorized file, registry or external device is attempted. Using the audit logs, reports can easily be created to provide timely information about all endpoint activity.
When setting application activity policies, access rules can be time-limited to allow for workstation maintenance.
Remote screen shot session of user’s workstation display in real time as part of a forensic investigation.
Automatically saves original copies of changed or deleted files and system registry keys.
Keep track of who uses which applications as well as the time spent using those applications.
SysWatch is built around SoftControl’s unique, patent-pending V.I.P.O. (Valid Inside Permitted Operations) technology, which combines three levels of protection:
Protects all executable software on the system by detecting any unauthorized activation attempt and preventing the process from launching before damage can occur. Preserves the system in a known-good state.
Specially-designated user account for potentially dangerous software provides system-level privilege controls to block malicious software activity. Also protects the PC from software vulnerabilities.
Controls how different applications can access files and folders, registry keys, external devices, and network resources.
Easily scales to meet the needs of growing businesses.
Operates alongside and can be integrated with other security and network management tools, such as SIEM, IAM, network traffic security, encryption, and traditional antimalware solutions.
SysWatch Workstation installations can be updated through local server connections.
The built-in remote management console supports remote installation and uninstallation, policy and configuration changes.
The management console enables administrators to remotely make decisions on action to be taken in case of incidents such as attempts to launch unknown applications or breach of security policy or to process incidents automatically.
If, for any reason, the client is stopped on a remote workstation, or there is an attempt to breach security policies, an alert is issued to the management console or directly to a designated administrator via email.