BUFFERZONE protects organizations from a wide range of threats with patented isolation by containment, bridging and network separation technologies. Instead of blocking, BUFFERZONE isolates potentially malicious content from web browsers, email and removable storage and provides a secure bridge for transferring it safely to the corporate network.
BUFFERZONE’s advanced endpoint security solution features:
- Virtual Container: A secure, virtual environment for isolating risky applications such as browsers (except when connected to internal, trusted resources), removable media and email attachments.
- Secure Bridge: A configurable process for safely disarming and extracting data from the container to enable secure, compliant collaboration.
- Network Separation with Passport Enforcement: Enforced by the organizational proxy server, endpoint connections to the internet use separate networks from connections to internal, trusted resources.
- Upload Blocker: As part of an organizational DLP strategy, BUFFERZONE restricts browser uploads to be only from an isolated location that can’t have any data from internal sources.
- Endpoint Intelligence: Detailed reporting and integration with SIEM and Big Data analytics for tracking targeted attacks.
How Does Containment Work?
Rather than trying to detect or block, BUFFERZONE isolates applications that come into contact with untrusted sources. From the user’s perspective, the application runs normally. But from the security perspective, the application is running in a separate, virtual container that is completely isolated from the rest of the endpoint. This creates a buffer that prevents malware from infecting the endpoint and your corporate network.
BUFFERZONE’s patented containment technology is transparent to both the application and the end-user, yet completely seals off threats from the rest of the computer. The concept is similar to Protected Memory, a core technology in modern operating systems that uses memory virtualization to isolate one application from another. BUFFERZONE takes a similar approach to isolating the entire application environment – memory as well as files, registry and more. Any infection attempt will be confined to the boundaries of the container.
Windows applications must have read/write access to files and registry data. But it is also through the file system and registry that viruses, worms, Trojan horses, Spyware and Malware are installed. BUFFERZONE’s patented containment technology solves this problem effectively using a kernel driver that resides as part of the operating system kernel and filters application-level I/O requests. Non-trusted applications are allowed to read from the file system and the registry; but as soon as they attempt to write or modify a file or registry key, it is performed on a different area on the disk. All future read/write operations from this non-trusted application are redirected to the container. This I/O redirection is completely transparent to both the application and the end user.
As a result, any harm inflicted by malware is completely sealed off in the virtual environment.
Scaling for Thousands of Endpoints
Since organizations have thousands of physical and virtual endpoints running different operating systems at distributed sites and off-premises, management is a critical factor for endpoint security. BUFFERZONE is easy to deploy using the provided BUFFERZONE Management Server. Alternatively, it can be easily and seamlessly integrated with leading endpoint management platforms including LANDESK, McAfee ePolicy Orchestrator (ePO), and Microsoft Group Policy (GPO). BUFFERZONE fits most Windows versions, microprocessors and physical/virtual deployments. It also supports most standard browsers, plug-ins and applications.