Safe Browsing & Endpoint Isolation

Introducing BUFFERZONE

  • BUFFERZONE protects organizations from a wide range of threats with patented containment, CDR – bridging and intelligence technologies.
  • Instead of blocking, BUFFERZONE isolates potentially malicious content from web browsers, email, communication apps like WhatsApp, Line, WeChat, Zoom and removable storage.

  • Malicious content is isolated into a virtual container that keeps the application separate from real memory, registry, files and network resources of the computer.

  • BUFFERZONE maximizes user productivity with seamless, unrestricted access to information and applications.

  • It empowers IT with a simple, lightweight, and cost-effective solution for up to thousands of endpoints within and beyond the corporate network and according to security best practices.

  • Browsing sessions that access external, untrusted content such as unknown internet sites are kept in a virtual container, protecting trusted resources from any potential threats.

  • Email message and attachments from untrusted sources are similarly contained.

  • The SafeBridge® technology allows safe extraction from the container using CDR technologies.


An ounce of prevention is worth a point of cure

  • Even the best detection technology cannot return the data, money or reputation lost in a breach.

  • Though a layered approach addressing the entire attack cycle is a must, prevention still has the highest ROI.

  • BUFFERZONE provides a better way to reduce the attack surface, and to protect the employee endpoints, the most vulnerable part of an organization.

Zero-Day Exploits, Ransomware, Drive-by Downloads, Malvertising

  • Conventional endpoint security like antivirus and HIPS is essential, but not sufficient.

  • Any solution that looks for known signatures and behaviors will miss the newest threat.

  • Businesses need an additional layer of protection that can isolate the new threat… efore the damage is done.

Endpoints – the biggest attack surface

Traditional Defenses are Flawed

  • Detection cannot be 100% accurate

  • Levels of false alerts and alarms are high

  • Antivirus now catches just 45% of cyberattacks

  • Emails, attachments, downloads and removeable storage remains high on the attack vector list

You can try to restrict users’ access to the internet. But…

  • They will not be happy…

  • When they need it, IT will open access

  • There are still removable media, email attachments…

  • Business continuity will be impacted

BUFFERPOINT Advanced Endpoint Security is the Solution

You cannot detect all threats. But you can contain them with BUFFERZONE.

  • Contains data & executables from external sources

  • Protects against known and unknown malware

  • Stops weaponized docs and file less attacks

  • Increases user productivity with unrestricted access to information

  • Reduces alerts and false alarms

  • CDR (Content Disarm & Reconstruction) enables full business continuit

  • Capture & Analyze Forensic Data

BUFFERZONE Protects Against


Safe Browsing

  • Web browser runs inside the virtual container

  • Drive-by malware is isolated in the container

  • Downloaded documents and media open inside the container

  • Organizational proxy can restrict internet access to protected devices

  • DLP upload blocker: Prevents file uploads from protected endpoints

  • Zone management: Automatic by site list or opt-in by proxy block / network separation

Trusted versus Untrusted Sites

Zone Management

Browser containment (IE, Chrome) zone management options:

  • Site list: List of trusted URLs; browsing sessions to all other sites are contained.
    Zone switch is automatic, requiring no user intervention.
    Optional: Neutral sites, accessed in any current zone.

  • Proxy control: Upon trying to connect to the internet, organizational proxy blocks; BUFFERZONE prompts to opt-in.
    Sessions are digitally signed by BUFFERZONE and the proxy allows only BUFFERZONE contained sessions.

  • Network separation: Configure trusted IP ranges; BUFFERZONE prompts to opt-in.


  • User tries to connect to the internet – how would you know the user is protected by BUFFERZONE?

  • BUFFERZONE Passport is controlling the user’s access to the internet by issuing one of the following “Passports”:

  • Static password

  • Dynamic password (updates every 5 seconds)

BUFFERZONE Passport – How it works

External Digital Storage

  • Open any external sources safely inside the container

  • USB memory, CD/DVD, mobile phones

  • Shared Network Folders

  • Any file is opened inside a container

  • Blocks auto-run


CDR (Content Disarm & Reconstruction)

  • Disarms Office, PDF, images, HTML, XML, ZIP archives, audio, etc.

  • Two available levels:

  • Basic – on host

  • Advanced – Hardened server for detonating files. Highest level of security

Use cases

  • Share among users

  • Upload to organizational sites

  • Edit in unsupported application


BUFFERZONE endpoint security solutions protect enterprises from advanced threats, including zero-day, drive-by downloads, phishing scams and APTs. With cutting-edge containment, bridging and intelligence, BUFFERZONE gives employees seamless access to internet applications, mail and removable storage – while keeping the enterprise safe. For more information, please visit the company at https://bufferzonesecurity.com/.