Isolation Technology

  • Even trusted applications will work with the assumption that there is a possibility of being already infected (Trust but Verify).
  • High-risk applications with high risk of infection “containerize” at launch, “quarantine” the process and put it in monitoring target.
  • We limit the operation range of the process, enable usual normal operation, and completely block / prevent the behavior of policy violation.
  • The “child” process derived from the process is automatically placed in “quarantine” managed target, policy inheritance is done, the policy violation action is completely blocked and prevented.
  • Examples of policy violations: access to & writing to illegal process memory, wrong conduct to important components of O / S (System Folder, Program Folder, Registry Key, etc.).

Conventional security (detection type)

conventional-method

Conventional security technology compares incoming files based on past virus or malware information (threat information), and “suspicious” is detected. Based on the threat information gathered in the past, “detection” is performed, so the correspondence will inevitably follow up. Recently, we are aiming to improve detection ability by machine learning (AI), but it is theoretically impossible to detect 100% against unknown malware or zero day because it is based on threat information after all . For that reason, we will need multi-layered defense, prompt response when invaded, restoration / recovery work is required. While it is said that more than 1 million new malware is being generated per day, there is a problem with the technology based on “detection”, unfortunately we can secure the safety of the connected system adequately I can not say.

AppGuard (innovative new concept)

appguard-caseofappguard

On the other hand, AppGuard is a new concept that is not “detection type”. In order to ensure the safety of the system, AppGuard protects the system by properly operating and functioning. Based on the premise that “even if there is trust, we will verify”, AppGuard containerizes all high risk applications and places the process on monitoring target (quarantine). The isolated process is limited in its operating range, allowing only “proper operation”, completely blocking / preventing inappropriate operation. The “child” process derived from the process is also automatically isolated, and only “proper operation” can be done in the same way. With patented automatic inheritance “Inheritance” technology, we judge appropriate (or fraudulent) behavior by inheriting the policy of parent process. With the “Inheritance” technology, we monitor processes in a multidimensional fashion all the time, enable appropriate actions, and prevent and block illegal processes beforehand. By “a new concept” completely different from the concept of conventional security software, we ensure system safety and protect against external threats.

Features of Isolation Technology

  • “Isolation Technology” prevents illegal acts at the process level beforehand and completely defenses the system against the latest cyber attacks.
  • “New concept” not a technology based on “detection” such as signature, pattern matching, sandbox, behavior detection, EDR, reputation, virtual containerization, white list, Anti-Exploit (EMET).
  • With ultra-light engine of 1 MB or less, it operates at high speed and prevents attack in advance.
  • With patented automatic inheritance “Inheritance” technology, operation is simplified and operation cost can be reduced with minimum policy setting.
  • There is no Indicator of Compromise, it is possible to prevent an attack beforehand, collect Indicator of Attack information, start an application from a blocked process, and proactively identify the starting point of the attack Possible.
  • Threats that attack direct memory that are difficult to detect with conventional security products, fileless / malware, script type attacks, document attacks to armed with, etc. are completely blocked. Defense against threats that compromise the safety of the system, zero day, unknown, known.
appguard-inheritance

(Actual case with automatic inheritance)