Introduction
The file system-aware CoreGuard encryption engine extends this capability, separating the encryption of file content from the file system metadata, which is kept in the clear. By leaving the metadata in the clear, data management applications can perform their functions without the need to expose the file content in the clear for management operations and without the need for decryption and subsequent re-encryption. This technology, known as MetaClear(TM) encryption, enables the separation of access to file data from the ability to view such data. By decoupling access to data from the viewing of data, MetaClear enables the enforcement of 'least privilege' security policies by permitting data management without data viewing, resolving the conflict between the need to secure data at rest and the need to manage that data.Context-aware Access COntrol
A data encryption product that lacks an effective method of enforcing authentication or access control can easily be spoofed into surrendering decrypted data to an unauthorized user, application or host. CoreGuard employs a five-factor system that requires the context of each data access attempt be validated by a data owner-definable policy. Through this validation process, CoreGuard enforces flexible and fine-grain mandatory access control. The five factors that make up this Context-Aware Access Control system can be described as who, what, where, when and how. By requiring validation of all five context criteria, all attempts to access data by unauthorized means are blocked. Users with root privileges, non-production applications, patches or operating/file-system calls, zero-day worms and Trojans can all be blocked with an unmatched degree of certainty.Host & Application Integrity Protection
The majority of attempts at compromising stored information, the initial point of attack is likely to be directed at the most accessible point of vulnerability-the host server. CoreGuard protects information from attack via compromised hosts by blocking all unauthorized processes from running and enforcing a 'gold image' of protected host servers. By verifying the cryptographic fingerprints of both protected applications and resource files, CoreGuard can not only stop zero-day worms and Trojans from accessing, tampering or deleting protected files, but also prevents the execution of malicious code or unauthorized applications introduced by internal users. The deterministic nature of the CoreGuard policy definition format provides accuracy in detecting and blocking attempts, intentional or unintentional, to run malicious or unauthorized applications on protected hosts. This accuracy eliminates the challenges faced by other host protection schemes such as Host Intrusion Detection Systems (HIDS) and Host Intrusion Prevention Systems (HIPS) that are susceptible to false alarms or evasion, and avoids the distraction of extensive event logs and the vulnerability to denial of service attacks based on false positive events and alerts.Other Products in this category:
|
Top
