When users browse the internet, regardless of what perimeter and desktop based defenses are in place, a company’s data is at risk from cyber-criminals using sophisticated spyware and phishing attacks.
The Data Protection Suite is not designed to replace anti-malware scanning or other desktop security software - but to supplement them by providing the most advanced real-time techniques to neutralise the effect of these threats by preventing any data loss. Once new spyware is able to be detected by your traditional defences these threats can be removed. But until that time (which can be a long time for focused, targeted attacks), data cannot be stolen. Malware either gets no data – or false data “fed” to it by the software.
By installing the Data Protection Suite you are deploying the most comprehensive, real-time data protection available for corporate web users.
Deployment is via any installation package and can be conducted in a matter of minutes. No client side or server side configuration is needed. The download file size is under 2MB.
The Data Protection Suite operates on Windows XP/Vista/7 systems (32-bit only) and supports Internet Explorer 6.0 and above, Firefox 3.0 and above, and as of end February 2010 it includes support for Opera, Chrome, Safari.
Data Entry Protection (EntryProtect)
EntryProtect prevents the uplifting of any sensitive data such as user names/passwords, credit card/bank account details and any other corporate data entered into a web-based application.
As EntryProtect provides true end-to-end encryption of all transmitted data (beyond the scope of SSL), with server-side protection it also provides full protection against MITM and replay attacks.
The diagram below illustrates how EntryProtect protects both data entry and transmission of data - and the breadth of attacks that our protection thwarts. The attackers either uplift no data, or false information generated by EntryProtect.
||Click to view full size diagram
Anti-screen capture (EntryProtect)
Many key logging Trojans also have a screen capture facility enabling data to be stolen from online keypads, drop down menus etc. The Data Protection Suite prevents Trojans from stealing sensitive information by preventing them taking pictures of a user’s screen. Once again, this feature ensures that users are far safer browsing the net than if they merely have conventional anti-virus software installed.
PhishLock is able to automatically prevent any user from submitting confidential information to a phishing site.
PhishLock is initially "trained" to identify a phishing site when it is loaded. This training is ongoing so adapts to any changes in phishing techniques. This proactive protection is now provided for over 800 major brands.
When a phishing site loads, PhishLock automatically identifies it as a scam site and prevents the user from entering personal information such as login details and credit card numbers. PhishLock is capable of identifying phishing sites without the use of blacklists/whitelists.
PhishLock also immediately alerts the oganization of the phishing attack so that they can begin the process of closing the site down. This happens automatically when the first user loads a phishing website - without the need for anyone to report or discover it.
The diagram below demonstrates how the patent-pending PhishLock solution operates:
||Click to view full size diagram