REDUCING OUTBOUND DATA RISKS
PREVENTING PHONE-HOME INFORMATION LEAKS
Webroot SecureAnywhere provides proactive protection by continuously monitoring file behaviors. While Journaling, Montioring and Roll-back provide capabilities to remediate infections, they do not by themselves prevent malicious payloads from leaving a machine. That is why Webroot SecureAnywhere also contains an active outbound firewall. If network activities initiated by any running file match known ‘bad’ behavior patterns, like a non-file transfer program suddenly attempting to FTP data to a remote site, the file is immediately blocked from network access and execution, and is quarantined. Our data loss prevention solution ensures security for the user regardless of whether the threat is known or unknown.
INTELLIGENT OUTBOUND FIREWALL
We are saving users from being infected, which is a boost in productivity for everyone. It simply works and does what it says it does. You can't ask for more than that!
Conventional endpoint firewalls require the user or administrator to decide whether a program may access the Internet - Webroot SecureAnywhere does it differently.
Webroot SecureAnywhere integrates a completely new outbound firewall helper that offers additional capabilities to protect and analyze all outbound connections and manage all outbound application traffic. This intelligent outbound firewall functionality considerably enhances the existing inbound protection offered by the Windows Firewall. It automatically monitors all outbound traffic and blocks illegitimate call home and other types of malware communication - thus immediately stopping them from successfully extracting and stealing data.
This intelligent firewall functionality is managed via the local Agent and by using the Webroot Intelligence Network to validate the legitimacy of outbound traffic communications. It taps into this real-time automated decision making to avoid errors or pestering users with requests for online access from applications that they know nothing about.
By taking firewall decisions about outbound application communication away from the users, we minimize firewall request popups, and prevent user judgment errors that lead to endpoint infections. This approach to firewall management is another unique way that we leverage the benefits of the Webroot Intelligence Network in a very practical, time-saving, yet secure way. And by having the combined capabilities of the Webroot and Windows Firewalls, your endpoint data has reliable inbound and outbound data loss prevention.
The Intelligent Outbound Firewall offers additional security by protecting and analyzing outbound connections and managing application traffic.
Webroot allows us to protect people from themselves by blocking access to websites that are likely to give them a virus, nipping it in the bud. Now, we are not getting the virus in the first place.
Webroot SecureAnywheres' real-time protection is enhanced by a series of security shields. These add additional layers to the default security provided within Webroot SecureAnywhere. Upon installation every endpoint is protected by 6 default shields:
- Self-Protection Shield
- Real-Time Shield
- Behavior Shield
- Core System Shield
- Web Threat Shield
- Identity Shield
Integrated Shields can be individually tuned to meet protection needs
The Self-Protection Shield prevents malware from modifying Webroot SecureAnywheres' program settings and processes. This lets Webroot SecureAnywhere defend itself if ever under attack. When combined with its small footprint and the agent/cloud architecture, it makes it more difficult for hackers to disable Webroot SecureAnywhere compared to larger footprint AV defenses.
The Real-time Shield blocks known threats by using the Webroot Intelligence Network. This shield leverages the collective protection offered by the cloud. If a new threat is identified and blocked for one user, all users globally are instantly and automatically protected. This shield also ensures that when a file’s processes are changed or modified it is re-checked for malicious intent.
The Behavior Shield analyzes all applications and processes running on an endpoint. The behavioral shield is also used for checking untrusted programs and blocking any attempts to modify system settings while an endpoint is offline. This shield uses the Webroot Intelligence Network’s extensive behavioral rule sets to check for known malware behaviors. It works alongside the default monitoring and journaling of unknown or suspicious processes so Webroot SecureAnywhere is able to fully rollback and remediate any endpoint to its pre-infected state.
Core System Shield
The Core System shield continually monitors the system structures to ensure malware has not tampered with them. It assesses all system modifications before they are allowed to execute, and intercepts any activities that attempt to make system changes, such as a new service installation. It will also detect and repair broken system components by locating corrupted components such as broken Layered Service Provider (LSP) chains, or a virus-infected file, and then will restore the component or file to its original state.
Web Threat Shield
The Web Threat shield protects users as they browse the Internet. When using a search engine, the Web Threat Shield analyzes all the links on the search results page and displays an image next to each link to signify whether it's a trusted site (Green Checkmark), or a potential risk (Red Cross). It also runs all URL’s through its own malware-identification engine, and if a site is associated with malware it will automatically block it from loading into the user’s browser.
The Identity Shield protects user information and transactional data that could be exposed during online transactions. This shield uses kernel-level lockdown of the operating system and browser to neutralize phishing, DNS poisoning, keystroke logging, screen grabbing, cookie scraping, clipboard grabbing, and browser and session hijacking by malicious software.
The Identity Shield may also be extended to cover other endpoint applications if they are added by an Administrator to the Identity Shield protection list.
The Identity Shield automatically:
- Looks for online identity threats by analyzing the websites being browsed and detecting and blocking any malicious content.
- Analyzes websites for phishing threats and blocks the site if a phishing threat is found.
- Verifies each website a user visits to determine its legitimacy and analyzes IP addresses to determine if there has been redirection, or the site is on the Webroot Intelligence Network blacklist.
- Verifies DNS/IP resolution to detect if there is a man-in-the-middle attack taking place, and if so, blocks it.
- Stops websites from creating high risk tracking information and blocks third-party cookies from installing - if the cookies originate from malicious tracking websites.
- Prevents programs from accessing users’ protected credentials - for example login credentials such as name and password, or a website request to remember credentials
- Automatically blocks untrusted programs from accessing protected data. As mentioned, screen scrapers and keyloggers are also blocked and only trusted screen capture programs are permitted access to protected screen contents.
A component of the Identity Shield, Protected Websites, allows tailoring and customization of the rules protecting specific websites and protocols. This feature is particularly useful when an organization has web-based applications like Outlook Web Access, Salesforce.com or any web-based applications or services regularly accessed by users.