HOME > SOLUTION > AppGuard > AppGuard Enterprise

AppGuard Enterprise

“AppGuard Enterprise reduces your operational burden”

Even after you deploy a security product, the operation could be a nightmare. Updating signature files or downloading the latest AI engine, new version releases of the product… you need to verify and test before enterprise wide deployment to make sure that it does not affect your current IT environment. Also regarding operations, do you want to manage by yourself on-premise or outsource the management to AppGuard Managed Service Provider. The choice is up to you. The architecture of AppGuard Enterprise is military grade robustness with Confidentiality, Integrity, and Availability that meets the standards of the U.S. government agencies.

システム構成

“On Boarding” process will help reflect your enterprise characteristics accurately

AppGuard’s basic concept is only launch trustworthy applications, and even after the trusted applications are launched, AppGuard will prevent any process that tries to harm the system. Each enterprise may have some differences in the definition of Trusted Applications, hence, when deploying AppGuard to an enterprise, it is important to go through the on boarding process. On Boarding is like the initial security consulting assessment while respecting the characteristics of an enterprise, it seeks to balance security risk versus convenience.

導入プロセス

“Difference between IoC and IoA”: Transitioning from defense to offense

The event log published by AppGuard is more than what is delivered by traditional security products. The event log provides information on all process that is prevented that may harm the system. For example, if the process takes an action to read the memory of another application, and if that action will harm the system, AppGuard will prevent that process from reading the memory. Just the “read memory” action will be prevented and will not stop the application itself. The event logs from AppGuard are referred to as “Indicator of Attack”. It provides information of processes that tried to harm the system, but prevented. Since the system will function as it should, the safety of the system is in tact. Hence, no immediate action is necessary. However, in traditional detection based technology, it is referred to as “Indicator of Compromise” and immediate response is required.

IoC vs. IoAの違い

You can connect AppGuard to SIEM or other reporting systems

The event log from AppGuard can be connected to SIEM or other reporting systems. In addition, AppGuard can be used along with other traditional security products.

HOME