Conventional endpoint security like antivirus and HIPS is essential, but not sufficient.
Any solution that looks for known signatures and behaviors will miss the newest threat.
Businesses need an additional layer of protection that can isolate the new threat… efore the damage is done.
Endpoints – the biggest attack surface
Traditional Defenses are Flawed
Detection cannot be 100% accurate
Levels of false alerts and alarms are high
Antivirus now catches just 45% of cyberattacks
Emails, attachments, downloads and removeable storage remains high on the attack vector list
You can try to restrict users’ access to the internet. But…
They will not be happy…
When they need it, IT will open access
There are still removable media, email attachments…
Business continuity will be impacted
BUFFERPOINT Advanced Endpoint Security is the Solution
You cannot detect all threats. But you can contain them with BUFFERZONE.
Contains data & executables from external sources
Protects against known and unknown malware
Stops weaponized docs and file less attacks
Increases user productivity with unrestricted access to information
Reduces alerts and false alarms
CDR (Content Disarm & Reconstruction) enables full business continuit
Capture & Analyze Forensic Data
BUFFERZONE Protects Against
Browser based attacks
Watering hole attacks
Zero-day browser and plugin exploits
Attachments with malware
Attachments with links to infected sites
Targeted attacks – spear phishing
File based attacks
Web browser runs inside the virtual container
Drive-by malware is isolated in the container
Downloaded documents and media open inside the container
Organizational proxy can restrict internet access to protected devices
DLP upload blocker: Prevents file uploads from protected endpoints
Zone management: Automatic by site list or opt-in by proxy block / network separation
Trusted versus Untrusted Sites
Browser containment (IE, Chrome) zone management options:
Site list: List of trusted URLs; browsing sessions to all other sites are contained. Zone switch is automatic, requiring no user intervention. Optional: Neutral sites, accessed in any current zone.
Proxy control: Upon trying to connect to the internet, organizational proxy blocks; BUFFERZONE prompts to opt-in. Sessions are digitally signed by BUFFERZONE and the proxy allows only BUFFERZONE contained sessions.
Network separation: Configure trusted IP ranges; BUFFERZONE prompts to opt-in.
User tries to connect to the internet – how would you know the user is protected by BUFFERZONE?
BUFFERZONE Passport is controlling the user’s access to the internet by issuing one of the following “Passports”:
Dynamic password (updates every 5 seconds)
BUFFERZONE Passport – How it works
External Digital Storage
Open any external sources safely inside the container
USB memory, CD/DVD, mobile phones
Shared Network Folders
Any file is opened inside a container
CDR (Content Disarm & Reconstruction)
Disarms Office, PDF, images, HTML, XML, ZIP archives, audio, etc.
Two available levels:
Basic – on host
Advanced – Hardened server for detonating files. Highest level of security
Share among users
Upload to organizational sites
Edit in unsupported application
BUFFERZONE endpoint security solutions protect enterprises from advanced threats, including zero-day, drive-by downloads, phishing scams and APTs. With cutting-edge containment, bridging and intelligence, BUFFERZONE gives employees seamless access to internet applications, mail and removable storage – while keeping the enterprise safe. For more information, please visit the company at https://bufferzonesecurity.com/.