Conventional security technology compares incoming files based on past virus or malware information (threat information), and “suspicious” is detected. Based on the threat information gathered in the past, “detection” is performed, so the correspondence will inevitably follow up. Recently, we are aiming to improve detection ability by machine learning (AI), but it is theoretically impossible to detect 100% against unknown malware or zero day because it is based on threat information after all . For that reason, we will need multi-layered defense, prompt response when invaded, restoration / recovery work is required. While it is said that more than 1 million new malware is being generated per day, there is a problem with the technology based on “detection”, unfortunately we can secure the safety of the connected system adequately I can not say.
On the other hand, AppGuard is a new concept that is not “detection type”. In order to ensure the safety of the system, AppGuard protects the system by properly operating and functioning. Based on the premise that “even if there is trust, we will verify”, AppGuard containerizes all high risk applications and places the process on monitoring target (quarantine). The isolated process is limited in its operating range, allowing only “proper operation”, completely blocking / preventing inappropriate operation. The “child” process derived from the process is also automatically isolated, and only “proper operation” can be done in the same way. With patented automatic inheritance “Inheritance” technology, we judge appropriate (or fraudulent) behavior by inheriting the policy of parent process. With the “Inheritance” technology, we monitor processes in a multidimensional fashion all the time, enable appropriate actions, and prevent and block illegal processes beforehand. By “a new concept” completely different from the concept of conventional security software, we ensure system safety and protect against external threats.
(Actual case with automatic inheritance)