ReSoft International - email monitoring, email performance, content filtering, alerting, URL blocking, microsoft exchange server monitors, lotus notes domino monitors, document converters, service level agreements, SLA, acceptable use policies, viruses

Entercept 2.0 
Back to ReSoft Home List of Products Order/Contact Industry Resources News @ ReSoft Our Customers Learn About ReSoft International Subscribe to the Free ReSoft E-NewsBrief

More Info on this Product:
Features
Latest News
Entercept Web Server Edition
Entercept 2.0
Entercept Database Edition
WhitePaper
Evaluation
[sidebarplugin.htm]
Spill the Beans:
send this page to a friend or colleague
Subscribe FREE:
ReSoft E-NewsBrief


How EnterceptTM 2.0 works

Entercept 2.0 installs adjacent to the operating system (see diagram below) and is able to intercept and validate software calls made into the OS and kernel. Calls are matched to a constantly updated dictionary of both defined and generic attack behaviors. If an attack is found, pre-emptive action is automatically taken to protect the system by referencing a policy customized to the environment. Actions ranging from 'Log Event' to 'Terminate Process' are taken. With Entercept 2.0 all activity on the host is seen, and is not impaired by encryption, switched data or reliance on system log information. Key to the value of Entercept is that all malicious activity is seen prior to execution, therefore Entercept is able to prevent the attack from doing any damage to the server.

diagram: intercept and validate software calls made into the OS and kernel.
Entercept 2.0 resides on the server, protecting the operating system and applications.
 

The Entercept 2.0 attack database consists of the following types of attack recognition capability:
  • Individual attack
    Gives protection against single hacking 'exploits' using a process of matching known attack behaviors against activity in the system OS or applications. e.g. MDAC, GetAdmin.

  • Generic attack
    Protects against a whole category of hacking 'exploits' directed against the OS and applications, giving coverage for unknown as well as known attacks, e.g. Buffer Overflows.

  • Resource protection
    Prevents malicious access to system resources, including processes, services, registry keys, password files, authentication mechanisms, etc.

  • Shielding and HTTP protocol protection
    Offered as additional protection for specific applications i.e. IIS Web Server. (Requires additional license)

The policy database ships with a fully configured default template incorporating powerful customization abilities for the Administrator, allowing false positives to be virtually eliminated.

The default policy ensures rapid deployment. Agents are deployed per server, and are controlled and updated from a central management console.

Agents are completely self-contained protective units and not reliant on the Console to function. This approach is used as it prevents any communication ports from being left open and provides 'Fail Safe' operation. Agents 'pull' updates from the Console including code updates and new attack definitions. Triple DES encryption is used for all communications.

The Console provides full management reporting, including exportable log data. The console requests and 'pulls' updates from the Entercept home servers through 'Entercept Instant Update' using fully encrypted communication.

Entercept 2.0 features and benefits

  • Active security enforcement ensures maximum uptime for e-servers
  • Time savings through reduction in false positives
  • Prevents systems from being compromised from unknown attacks
  • Prevents systems from being compromised from known attacks
  • Gives protection beyond the firewall
  • Minimizes the need for dedicated security expertise
  • Eliminates the need for constant monitoring of the console
  • Automatic update mechanism ensures the best protection

Entercept is a trademark of Entercept Security Technologies Inc.

[footer.htm]