ProNet Analysis - Fluke Networks Products

Technology Partners

Services

Register

Request a Quote

Contact Us

Privacy Policy

SecureWave Products

Sanctuary Application Control Custom Edition

Sanctuary Application Control Custom Edition (formerly SecureEXE) gives you total protection from unauthorized, illegal or unwanted applications. And it does so in a deceptively simple way. With Sanctuary, you define what is known and allowed to execute on desktops and servers. Everything else is denied by default. Only authorized programs will run on your network, regardless of the source. Nothing else can get in. Nothing.

How does Sanctuary Application Control Custom Edition work?

Sanctuary calculates a cryptographic hash for each executable file. This 20-byte signature is generated using the well-known SHA-I algorithm and serves to identify a particular file. This signature is calculated on the binary content of the executables itself instead of weak attributes such as file name or path, ensuring that only known and allowed will be executed. The signature is calculated at each and every launch of any executable code with no performance impact, delivering 100% reliability. Even if only one bit of the original file is modified it will not be allowed to execute on the host

Host Threat Prevention: a New Weapon in the War against Desktop Threats. Get your electronic copy here.

Sanctuary Application Control Desktop

Sanctuary preserves the security of your environment while dramatically minimizing the inherent risks of downloading or installing new applications. Here's how it works: When a user attempts to launch a non-centrally authorized executable, a dialogue box will appear that offers the option to deny or accept the launch. If it comes from a trusted and known source, the choice, obviously, would be to authorize. If a dialogue box appears after merely opening an email or an attachment, the choice would be to deny. No longer can worms and viruses turn innocent users into unwitting accomplices. No longer do you have to worry about every download or installation. Sanctuary offers the oversight you need - and the flexibility your users want.

How does Sanctuary Application Control Desktop work?

White List Challenge

In order to demonstrate the efficiency of our White List concept, we have set up a pair of servers on which you can take a look at what Sanctuary Application Control looks like and how it works. One of those machines runs the signature database and the Sanctuary Application Control server (SXS); the other one is protected by the Sanctuary Application Control driver (SXD) and runs Terminal Services and Citrix Metaframe 1.8, to enable you to log on to the computer. On the latter machine, we also offer a small (and restricted) administrative client which lets you grant or deny permission for selected programs to yourself while you are logged on; details on this can be found in the short evaluation guide, see below.

We cannot let you try the full SecureWave Management Console (SMC), but since we protect the two test servers with Sanctuary Application Control, we cannot afford to hand out administrative permissions to the Sanctuary Application Control database -- and without those permissions, SMC would simply refuse to do anything useful.

Sanctuary Device Control

Sanctuary Device Control (formerly SecureNT) stops security breaches before they can even start. With Sanctuary, all users are denied access by default. You simply authorize access to only the devices that the user needs. No one can plug into your network without approval. No one. Control is absolute. Sanctuary also audits I/O device use as well as attempts to use unauthorized devices. It can even create and log a complete copy of all data written to authorized devices.

Control the Access

Sanctuary controls access to devices by applying a device Access Control List (ACL) to users, user groups and even specific computers. Device access for all users except administrators is not allowed by default. To grant access, you only need to associate those users or user groups to the devices to which they should have access.