PREVENTING DATA THEFT
POWERFUL SHIELDS TO KEEP SENSITIVE DATA SAFE
Webroot SecureAnywhere protects endpoints from unknown threats and their data-stealing behaviors by leveraging of a series of protective shields hosted within the Agent. The shields prohibit processes from logging keystrokes while users perform sensitive work online; prevent unsuspecting users from visiting malicious phishing sites; and even self-protect the Webroot SecureAnywhere Agent from processes that might try to alter or disable it.
- RELATED FEATURES:
- Integrated Shields | Offline Protection | Advanced Heuristics
Intelligent Outbound Firewall
Webroot allows us to protect people from themselves by blocking access to websites that are likely to give them a virus, nipping it in the bud. Now, we are not getting the virus in the first place.
Webroot SecureAnywheres' real-time protection is enhanced by a series of security shields. These add additional layers to the default security provided within Webroot SecureAnywhere. Upon installation every endpoint is protected by 6 default shields:
- Self-Protection Shield
- Real-Time Shield
- Behavior Shield
- Core System Shield
- Web Threat Shield
- Identity Shield
Integrated Shields can be individually tuned to meet protection needs
The Self-Protection Shield prevents malware from modifying Webroot SecureAnywheres' program settings and processes. This lets Webroot SecureAnywhere defend itself if ever under attack. When combined with its small footprint and the agent/cloud architecture, it makes it more difficult for hackers to disable Webroot SecureAnywhere compared to larger footprint AV defenses.
The Real-time Shield blocks known threats by using the Webroot Intelligence Network. This shield leverages the collective protection offered by the cloud. If a new threat is identified and blocked for one user, all users globally are instantly and automatically protected. This shield also ensures that when a file’s processes are changed or modified it is re-checked for malicious intent.
The Behavior Shield analyzes all applications and processes running on an endpoint. The behavioral shield is also used for checking untrusted programs and blocking any attempts to modify system settings while an endpoint is offline. This shield uses the Webroot Intelligence Network’s extensive behavioral rule sets to check for known malware behaviors. It works alongside the default monitoring and journaling of unknown or suspicious processes so Webroot SecureAnywhere is able to fully rollback and remediate any endpoint to its pre-infected state.
Core System Shield
The Core System shield continually monitors the system structures to ensure malware has not tampered with them. It assesses all system modifications before they are allowed to execute, and intercepts any activities that attempt to make system changes, such as a new service installation. It will also detect and repair broken system components by locating corrupted components such as broken Layered Service Provider (LSP) chains, or a virus-infected file, and then will restore the component or file to its original state.
Web Threat Shield
The Web Threat shield protects users as they browse the Internet. When using a search engine, the Web Threat Shield analyzes all the links on the search results page and displays an image next to each link to signify whether it's a trusted site (Green Checkmark), or a potential risk (Red Cross). It also runs all URL’s through its own malware-identification engine, and if a site is associated with malware it will automatically block it from loading into the user’s browser.
The Identity Shield protects user information and transactional data that could be exposed during online transactions. This shield uses kernel-level lockdown of the operating system and browser to neutralize phishing, DNS poisoning, keystroke logging, screen grabbing, cookie scraping, clipboard grabbing, and browser and session hijacking by malicious software.
The Identity Shield may also be extended to cover other endpoint applications if they are added by an Administrator to the Identity Shield protection list.
The Identity Shield automatically:
- Looks for online identity threats by analyzing the websites being browsed and detecting and blocking any malicious content.
- Analyzes websites for phishing threats and blocks the site if a phishing threat is found.
- Verifies each website a user visits to determine its legitimacy and analyzes IP addresses to determine if there has been redirection, or the site is on the Webroot Intelligence Network blacklist.
- Verifies DNS/IP resolution to detect if there is a man-in-the-middle attack taking place, and if so, blocks it.
- Stops websites from creating high risk tracking information and blocks third-party cookies from installing - if the cookies originate from malicious tracking websites.
- Prevents programs from accessing users’ protected credentials - for example login credentials such as name and password, or a website request to remember credentials
- Automatically blocks untrusted programs from accessing protected data. As mentioned, screen scrapers and keyloggers are also blocked and only trusted screen capture programs are permitted access to protected screen contents.
A component of the Identity Shield, Protected Websites, allows tailoring and customization of the rules protecting specific websites and protocols. This feature is particularly useful when an organization has web-based applications like Outlook Web Access, Salesforce.com or any web-based applications or services regularly accessed by users.
We take our security and the welfare and protection of our employees very seriously. Webroot enables us to fulfill our role as guardians of our firm's Web security, and to carry it out as simply and effectively as possible.
Webroot SecureAnywhere is at its most effective when online and connected to the Webroot Intelligence Network; however, it also provides significant offline protection as well.
If a new program is introduced when offline, for example via a USB stick, Webroot SecureAnywhere’s advanced heuristics review the file. Then, if it fails inspection, it is immediately quarantined if there are telltale attributes of malware. By applying this local offline security logic, Webroot SecureAnywhere blocks many threats automatically. However, in the event that a threat does get past the heuristics, the behavior monitoring shield ensures it cannot do any real damage. The behavior monitoring shield means that the program will be allowed to execute, but that every action it performs is meticulously journaled. If the program is later deemed as malicious, all the changes made by the program will be rolled back. Then the machine is restored to its pre-infected state with no further action needed.
Offline security protects endpoints by utilizing
Webroot's Advanced Heuristics
If a suspicious program tries to modify the system in a way that couldn't be repaired, then the change is automatically blocked and the administrator is notified when the endpoint is back online. Also, if any similar infections (i.e. a mutated version of the infection) are introduced to the system while it’s offline, they will be blocked. Webroot SecureAnywhere’s local protection is able to evaluate the overall flow and layout of a program rather than its exact checksum.
Webroot SecureAnywhere doesn’t solely rely upon being online to protect endpoints. And because of its behavioral monitoring, journaling, and rollback it protects an offline endpoint far better than a solution that relies on a signature database and offers no remediation.
Webroot offers security that is far superior to anything else on the market.
Age, Popularity and Avanced Heuristics Provide Ultimate Protection
Webroot SecureAnywhere’s heuristics settings allow administrators to adjust the level of heuristic threat analysis that is performed when an endpoint is scanned (on or offline). They can also be adjusted for analyzing any newly introduced programs as they run.
Heuristic setting are adjustable for:
- Local drives
- USB drives
- Internet access
- Network access
- Local CD/DVDs, and
Flexible heuristics settings can be tuned to meet your needs
Unlike the fixed heuristics settings found in other endpoint solutions, Webroot SecureAnywhere’s heuristic threat analysis settings are flexible. They may be tailored to suit individual policy needs and also provide granular control over how new programs are analyzed. Three types of heuristic scans are available, and each offers five levels of protection ranging from disabled to maximum.
- Advanced Heuristics are behavioral in nature and are responsible for analyzing new programs for suspicious behaviors that are typical of malware.
- Age Heuristics analyze programs based on the amount of time they have been seen within the collective Webroot Intelligence Network environment. Legitimate programs are generally used in an environment for a long time, while malware often has a short lifespan.
- Popularity Heuristics analyze programs based on statistics of how often they are seen by the Webroot Intelligence Network and how often the programs change. Legitimate programs do not change quickly, but malware often mutates at a rapid pace, and often installs itself as a unique copy on every computer, making it statistically ‘unpopular’.
INTELLIGENT OUTBOUND FIREWALL
We are saving users from being infected, which is a boost in productivity for everyone. It simply works and does what it says it does. You can't ask for more than that!
Conventional endpoint firewalls require the user or administrator to decide whether a program may access the Internet - Webroot SecureAnywhere does it differently.
Webroot SecureAnywhere integrates a completely new outbound firewall helper that offers additional capabilities to protect and analyze all outbound connections and manage all outbound application traffic. This intelligent outbound firewall functionality considerably enhances the existing inbound protection offered by the Windows Firewall. It automatically monitors all outbound traffic and blocks illegitimate call home and other types of malware communication - thus immediately stopping them from successfully extracting and stealing data.
This intelligent firewall functionality is managed via the local Agent and by using the Webroot Intelligence Network to validate the legitimacy of outbound traffic communications. It taps into this real-time automated decision making to avoid errors or pestering users with requests for online access from applications that they know nothing about.
By taking firewall decisions about outbound application communication away from the users, we minimize firewall request popups, and prevent user judgment errors that lead to endpoint infections. This approach to firewall management is another unique way that we leverage the benefits of the Webroot Intelligence Network in a very practical, time-saving, yet secure way. And by having the combined capabilities of the Webroot and Windows Firewalls, your endpoint data has reliable inbound and outbound data loss prevention.
The Intelligent Outbound Firewall offers additional security by protecting and analyzing outbound connections and managing application traffic.