Endpoints without Compromise
The ultimate goal for investing in endpoint protection tools is to ensure business can do what it needs to, and malware can’t do what it wants to. Most endpoint protection tools take a reactive approach – they detect when a system has been compromised and then attempt to control the damage. Sastech takes a different approach. Instead of detecting malware, the software proactively disrupts malware to prevent security breaches – providing better protection with less effort and less stress. This outsmarts malicious actors by applying autonomously adaptive policy controls over application behaviour. The policy controls prevent malware from executing on endpoints in order to cause harm (e.g. command and control or data exfiltration). Blocking actions based on context, our software protects systems in real-time against malware, regardless of the attack vector or type of attack without the limitations and post-compromise costs of detection-based tools. Prevention at the endpoint reduces work at outer layers (no alerts to chase, no signatures to detect, no army of security analysts drowning in data), thereby increasing the efficiency of security teams and the effectiveness of security programs.
Prevention without Detection
Our “prevention without detection” philosophy negates the guesswork involved with detecting good from bad activities. By controlling and constraining the behaviour of applications and utilities, Sastech ensures processes executed adhere to established policies, thereby reducing the risky actions that malware can take, regardless of the form it takes – new or old. This allows us to protect assets from unknown malicious processes of unknown origins without having to recognize malware or its effects.
Sastech protects your endpoints and prevents malware exploits WITHOUT having to recognize them:
- Patented “Zero Trust” framework for controlling application behaviour
- Stops key behaviours that malware requires for successful execution
- Context based policies auto-adapt without manual configuration
- Policy based system is light on CPU (>5% during persistent attack)
Disrupting Malware at the source
Sastech operates from the OS kernel, allowing it to use real-time process data to referee application activity and block untrustworthy executables and scripts from launching. From the kernel, it can see the parent-child execution path for every process (e.g. what triggered the process and the interim steps taken to get to the high-risk action). The software adapts its controls and blocks high-risk actions only when they start from an untrusted source.
Secure Architecture
For enterprise deployments, policies are controlled centrally in the AppGuard Management System (AGMS). The AGMS console generates agent install packages, creates and distributes policies, and collects and reviews endpoint logs. Policies are distributed through a relay server that the agent checks periodically, removing the possibility of a backdoor. Out of the box, agents are fully operational and protective using the default or initial policy settings and run smoothly for months or years without policy updates or internet connectivity. Application updates, patches, or other changes on the system (including malware evolution) do not alter its efficiency or operations because policies are not application or utility specific. Exceptions to default policies can be made if an administrator chooses to allow a high-risk action in a certain context for some operational reasons.
Enquire Now