AppGuard® Enterprise

AppGuard Datasheet

2009 Winner GSN Homeland Security Awards

Protect Your Enterprise from Zero-Day Malware

Malware attacks continue to adversely impact businesses because traditional anti-virus and anti-malware products are ineffective against increasingly sophisticated malware threats. Enterprises risk the loss of proprietary data, revenue and reputation that results from a successful attack. AppGuard for the enterprise is a centrally managed anti-malware solution that extends the protection provided by traditional products by stopping the zero-day malware that they cannot.

Why Traditional Security Products Fail

Today’s anti-virus/spyware products lull enterprises into a false sense of security. They rely on signatures to protect computers from malware attacks. Once an attack is launched it may take weeks or months for it to be discovered and for software vendors to respond with a fix. In the meantime, enterprise data is exposed and the malware is free to infect additional networks and systems. Traditional anti-virus/spyware security software has been measured to stop only 45% of malware because they are incapable of stopping unknown or zero-day malware. Adding AppGuard boosts protection to over 90%.

How is AppGuard Enterprise Different?

The traditional method used to protect computers from malware attacks requires comparing an infinite variety of inbound files and communications to an exponentially growing list of known malware. Rather than rely on a list that is out of date as soon as it’s updated, AppGuard employs a far more practical approach by protecting systems and applications from three popular attack vectors.

The major differences are evident because AppGuard:

  • Guards the widely deployed applications that malware targets, preventing malware from hijacking programs and taking control of the PC;
  • Suppresses the launch of unguarded or unknown executable files from user-space (e.g., My Documents, Desktop, etc.), eliminating drive-by download attacks;
  • Prevents malware-infected USB devices from taking over PCs.

Protecting Users and the Enterprise

Today’s malware attacks frequently originate from seemingly safe websites, employee thumb drives, and corporate documents that get passed from employee to employee or much worse, from business partner to employee. With AppGuard, enterprises are far less dependent on signature-based anti-virus/spyware, aggressive patch management, or comprehensive education programs because  PC users are protected when they:

  • Browse hacked websites
  • Open malicious email attachments
  • Use infected USB drives
  • Open infected documents (pdf, xls, doc, etc.)
  • Play compromised multimedia files (jpg, avi, etc.)
  • Use software that requires security patches

User-Space Application Whitelisting Combats Malware and Unauthorized Software Use

Many organizations are wasting a lot of IT man-hours implementing full-blown application white listing.  Roughly 99% of the implementation effort is spent enumerating what are allowed in the Windows and Program Files directories.  Yet, over 90% of drive-by download attacks and unauthorized software usage occur within user-space, which are the locations where end-users without local admin rights can write. 

AppGuard Enterprise offers a more practical and ultimately more effective approach that only requires administrators to define those few applications authorized to run from user-space. 

 

AppGuard Enterprise Architecture

AppGuard Enterprise is a centrally managed anti-malware solution that can support an unlimited number of desktop and laptop PCs. Protection policies are centrally defined and pushed out through a PKI-based publication model. Administrators can push out policy changes, upgrade agents, and pull logs as required from PCs located anywhere there’s a network connection.

AppGuard Enterprise Architecture

 

Security Policy Definition and Management

Administrators are provided a range of options and tools create, deploy and manage security policies. AppGuard Enterprise allows multiple policies to be deployed and active at any given time to support the needs of different organizations. For instance, a group of users that for various business reasons need to modify their PCs on a regular basis can be given a policy allowing them to suspend one or more protections as needed. Or, computer protections can be completely locked down, even to users with local admin rights. With mobile users, administrators can implement policies that vary based on location.

Local and Remote PC Audit in Near Real-Time

Administrators have the ability to audit compliance with each deployed security policy wherever a managed PC is located and has a network connection. Security policies can be refined using data gained from these audit reports. In the event of a malware outbreak, updated policies can be deployed in near real-time to mitigate the impact of an attack. Risk assessments can be revised per actual AppGuard protection event data.

Downloads

 

Blue Ridge Endpoint Security Offerings

  AppGuard for Individuals AppGuard Enterprise AppGuard Enterprise Plus Managed Endpoint Security
Advanced Threat Protections        
Vulnerable Software Applications
Malicious Documents & Media Files
Malicious Websites
Infected USB Devices
Drive-by Downloads
Privilege Escalations
Blended Malware (e.g., Stuxnet)
Inter-Process Code Injection Attacks
RAM Scraper Attacks
Malicious Scripts
Master Boot Record (MBR) Attacks
Endpoint Controls        
User-Space White List Application Control
All Policies Supersede User Admin Rights  
Unauthorized Software Use  
Unauthorized Software Installation  
USB Drive Read/Write Control  
Location Aware Policies  
Assess/Remediate 3rd Party Security Software
  • AntiVirus
  • Anti-Spyware
  • Personal Firewall
  • Disk Encryption
   
Assess/Remediate Microsoft Patches    
Assess/Remediate PC Configuration Settings    
Lock / Update 3rd Party Software Preference Files    
Self-Quarantine of Non-Compliant PC    
Network Access Protection (NAP): Policy Driven Trigger of Network-based Quarantine    
Custom Script (Assess or Modify PC)    
Audit        
Digitally Signed Event Logs  
Protection Event Logs
Policy Event Logs
Audit, Compliance, and Remediation Event Logs    
Central Management        
Centralized Policy Management  
Secure, Automated, Remote Agent Policy Updates  
Secure, Automated, Remote Agent Software Updates  
Centralized Event Database  
Managed Security Service