There are huge number of methods and techniques to hack or get the unauthorized access to the information system of a company. Unauthorized access could lead to use, modification, disclosure, disruption of confidential information and damage businesses. Vulnerabilities of software and hardware are widely used during the cybersecurity attacks. For hardware and software producers it is simply impossible to track and provide patch for every vulnerability. Note that what the equipment, hardware and software do itself can be a vulnerability entry gate for a hacker attack from an information security point of view. Thus, attackers have an unconditional advantage.
However, Enterprise Suite Server proactively manages all the vulnerabilities and information security risks. It analyzes all the activity inside server, blocks dangerous operations before it can damage information. Enterprise Suite Server prevents unauthorized access, changes and keeps the servers in good, fully functional condition. Information inside servers is being kept in confidential, integral and available state.
Enterprise Suite Server consists of the two components as it has client-server architecture:
Enterprise Suite Server provides information integrity inside company`s servers. Enterprise Suite Server protects against all types of zero-day threats and targeted hacker attacks by written malicious code that will never get into anti-virus databases.
Enterprise Suite Server does not require the use of anti-virus databases and there is no need for regular updates. Thanks to this, Enterprise Suite Server does not lose efficiency in the absence of access to the Internet or an update server.
The launch of applications is controlled, hidden launch of applications is blocked, launch of a new application can be suspended until confirmation is received from the administrator. It is a proactive cybersecurity approach that assists enterprises in detecting and preventing unwanted modifications to vital data and systems.
SysWatch runs unknown or potentially vulnerable applications such as browsers in an original secure isolated sandbox environment so that suspicious applications can not interfere with other processes or harm the system and data. Advanced sandbox technology demands very low level of computing resources consumption.
SysWatch controls access of all applications to the file system, registry keys, external devices and network resources. Additional application activity rules and the widest range of settings can be set by the administrator to comply with the company's security policy.
SysWatch Workstation PLUS contains an anti-virus scanner to scan files for known malicious code and disinfect bad files.
Considering that approaches based on probabilistic methods often lead to errors, we use only deterministic methods in our algorithms. Original flexible whitelisting at the stage of installations of new applications and updates allows to add and run new executable code securely with almost zero loading of memory. It is possible to exclude some employee from installation of some/all new applications.
Reduce attack surface by managing security configurations with SysWatch. Use rules to establish the secure relationships between information and people. Select files, folders, application and users to apply security policies.
Specify the validity periods of access rules to external devices, the file system, and the registry to provide maintenance windows for company computers.
Flexible configuration of access to USB drives, blocking of USB ports with the ability to set exceptions for individual drives, access control to CD/DVD devices, COM/LPT ports.
Saving a history of changes for a specific application. Control of changes in the files edited using this application.
Only authorized users can connect to, stop, or delete the SysWatch client application. Password protection is provided for changing settings and deleting them. Only authorized users can allow or deny access to certain files and folders, or change other settings.
SysWatch is based on patented V.I.P.O.® application control technology, which combines several approaches to information security:
Protects all running applications on the system by detecting attempts to launch unauthorized processes and blocking their launch before the process can harm the system.
A special environment for running potentially dangerous applications provides system privilege control to block malicious activities.
Controls access of all applications to the file system, registry keys, external devices and network resources.
The solution is designed for companies with different datacenters size.
Integration and joint work with anti-virus products installed in the company is possible, if required by the security policy.
SysWatch Workstation can get the updates by the two ways. First, the updates can be uploaded from the server part, namely Service Center. Second, the updates can be download locally without connection to the Service Center e.g. from USB token.
Remotely install, uninstall the product, change settings, alarms on attempts to make changes and get detailed reported.
Block or allow the launch of new applications on the remote server with the help of SysWatch Workstation. It keeps watching the integrity of all the information inside servers when the application control policy is violated and sends notifications about the protection status, changes and more.