AppGuard® Enterprise
Protect Your Enterprise from Zero-Day Malware
Malware attacks continue to adversely impact businesses because traditional anti-virus and anti-malware products are ineffective against increasingly sophisticated malware threats. Enterprises risk the loss of proprietary data, revenue and reputation that results from a successful attack. AppGuard for the enterprise is a centrally managed anti-malware solution that extends the protection provided by traditional products by stopping the zero-day malware that they cannot.
Why Traditional Security Products Fail
Today’s anti-virus/spyware products lull enterprises into a false sense of security. They rely on signatures to protect computers from malware attacks. Once an attack is launched it may take weeks or months for it to be discovered and for software vendors to respond with a fix. In the meantime, enterprise data is exposed and the malware is free to infect additional networks and systems. Traditional anti-virus/spyware security software has been measured to stop only 45% of malware because they are incapable of stopping unknown or zero-day malware. Adding AppGuard boosts protection to over 90%.
How is AppGuard Enterprise Different?
The traditional method used to protect computers from malware attacks requires comparing an infinite variety of inbound files and communications to an exponentially growing list of known malware. Rather than rely on a list that is out of date as soon as it’s updated, AppGuard employs a far more practical approach by protecting systems and applications from three popular attack vectors.
The major differences are evident because AppGuard:
- Guards the widely deployed applications that malware targets, preventing malware from hijacking programs and taking control of the PC;
- Suppresses the launch of unguarded or unknown executable files from user-space (e.g., My Documents, Desktop, etc.), eliminating drive-by download attacks;
- Prevents malware-infected USB devices from taking over PCs.
Protecting Users and the Enterprise
Today’s malware attacks frequently originate from seemingly safe websites, employee thumb drives, and corporate documents that get passed from employee to employee or much worse, from business partner to employee. With AppGuard, enterprises are far less dependent on signature-based anti-virus/spyware, aggressive patch management, or comprehensive education programs because PC users are protected when they:
- Browse hacked websites
- Open malicious email attachments
- Use infected USB drives
- Open infected documents (pdf, xls, doc, etc.)
- Play compromised multimedia files (jpg, avi, etc.)
- Use software that requires security patches
User-Space Application Whitelisting Combats Malware and Unauthorized Software Use
Many organizations are wasting a lot of IT man-hours implementing full-blown application white listing. Roughly 99% of the implementation effort is spent enumerating what are allowed in the Windows and Program Files directories. Yet, over 90% of drive-by download attacks and unauthorized software usage occur within user-space, which are the locations where end-users without local admin rights can write.
AppGuard Enterprise offers a more practical and ultimately more effective approach that only requires administrators to define those few applications authorized to run from user-space.
AppGuard Enterprise Architecture
AppGuard Enterprise is a centrally managed anti-malware solution that can support an unlimited number of desktop and laptop PCs. Protection policies are centrally defined and pushed out through a PKI-based publication model. Administrators can push out policy changes, upgrade agents, and pull logs as required from PCs located anywhere there’s a network connection.
Security Policy Definition and Management
Administrators are provided a range of options and tools create, deploy and manage security policies. AppGuard Enterprise allows multiple policies to be deployed and active at any given time to support the needs of different organizations. For instance, a group of users that for various business reasons need to modify their PCs on a regular basis can be given a policy allowing them to suspend one or more protections as needed. Or, computer protections can be completely locked down, even to users with local admin rights. With mobile users, administrators can implement policies that vary based on location.
Local and Remote PC Audit in Near Real-Time
Administrators have the ability to audit compliance with each deployed security policy wherever a managed PC is located and has a network connection. Security policies can be refined using data gained from these audit reports. In the event of a malware outbreak, updated policies can be deployed in near real-time to mitigate the impact of an attack. Risk assessments can be revised per actual AppGuard protection event data.
Downloads
Blue Ridge Endpoint Security Offerings
| AppGuard for Individuals | AppGuard Enterprise | AppGuard Enterprise Plus | Managed Endpoint Security | |
|---|---|---|---|---|
| Advanced Threat Protections | ||||
| Vulnerable Software Applications |  |
 |
|
|
| Malicious Documents & Media Files | |
|
|
|
| Malicious Websites | |
|
|
|
| Infected USB Devices | |
|
|
|
| Drive-by Downloads | |
|
|
|
| Privilege Escalations | |
|
|
|
| Blended Malware (e.g., Stuxnet) | |
|
|
|
| Inter-Process Code Injection Attacks | |
|
|
|
| RAM Scraper Attacks | |
|
|
|
| Malicious Scripts | |
|
|
|
| Master Boot Record (MBR) Attacks | |
|
|
|
| Endpoint Controls | ||||
| User-Space White List Application Control | |
|
|
|
| All Policies Supersede User Admin Rights | |
|
|
|
| Unauthorized Software Use | |
|
|
|
| Unauthorized Software Installation | |
|
|
|
| USB Drive Read/Write Control | |
|
|
|
| Location Aware Policies | |
|
|
|
Assess/Remediate 3rd Party Security Software
|
|
|
||
| Assess/Remediate Microsoft Patches | |
|
||
| Assess/Remediate PC Configuration Settings | |
|
||
| Lock / Update 3rd Party Software Preference Files | |
|
||
| Self-Quarantine of Non-Compliant PC | |
|
||
| Network Access Protection (NAP): Policy Driven Trigger of Network-based Quarantine | |
|
||
| Custom Script (Assess or Modify PC) | |
|
||
| Audit | ||||
| Digitally Signed Event Logs | |
|
|
|
| Protection Event Logs | |
|
|
|
| Policy Event Logs | |
|
|
|
| Audit, Compliance, and Remediation Event Logs | |
|
||
| Central Management | ||||
| Centralized Policy Management | |
|
|
|
| Secure, Automated, Remote Agent Policy Updates | |
|
|
|
| Secure, Automated, Remote Agent Software Updates | |
|
|
|
| Centralized Event Database | |
|
|
|
| Managed Security Service | |