CoreTrace

BOUNCER offers you the most advanced security of any endpoint protection solution. BOUNCER was designed from the beginning to protect your endpoints against any and all modern threats. Today's environment of increasingly sophisticated attacks demands an advanced solution that can:

• Prevent execution of all malware including custom malware taking advantage of zero day threats.

• Prevent advanced attacks that piggyback legitimate applications in memory.

• Defend itself against malware that attempts to shut down and uninstall security software.

BOUNCER does all this and more, in pioneering the strongest endpoint security available in the market and leading advancements in application whitelisting.

Application Execution Control

A fundamental shift is occurring around the approach to protecting your endpoints. Traditional endpoint protection software such as antivirus, which relies upon a large blacklist of known threats, simply doesn't work in today's world. At its best, antivirus is an after the fact identifier of malware. At their worst, antivirus solutions are performance hogs requiring a never-ending stream of updates that drain administrator's time and IT budgets. Your organizations need solutions that can stop threats without requiring that they have seen them before.

BOUNCER is at the forefront of application whitelisting and control, a new approach to preventing even the most sophisticated endpoint threats. At its most basic level, the whitelisting approach turns traditional endpoint security on its head. It begins by identifying the known good applications and preventing the execution of anything not on that list. This provides complete protection against all of today's and tomorrow's threats. Simply put, if an application isn't on the approved list, it won't run.

BOUNCER gives IT and security administrators unprecedented control over their endpoint environment.

Memory Protection

Memory based attacks have a long history of creating havoc in business organizations. Attacks like the CodeRed worm and SQL Slammer are just two examples of attacks that took advantage of existing applications to launch their attacks. Unfortunately, application whitelisting hasn't traditionally performed well against these types of attacks. While whitelisting can prevent the execution of new code, many solutions are powerless to prevent malware from taking advantage of security holes in applications running in memory.

BOUNCER changes all that. Not only does BOUNCER protect your endpoints from any unauthorized application, it also defends your applications in memory with an industry leading approach that validates running processes and new process initiation. BOUNCER doesn't stop at validating new process execution, it checks all processes, even those initiated by an approved, existing application. These processes are checked to see that their initiating kernel drivers are approved, that they are running in the appropriate location and that it is launched by an approved application. If it fails these tests it simply won't run.

This advanced security is available without extra steps, configurations, or interaction from the end user. It just works.

Scripting Control

Whether you use Perl, Python, or other uncompiled scripts, BOUNCER provides protection and control over your environment. As with all executable code in your environment you have control over what scripting engines are allowed to run and by extension, what scripting languages are allowed in your environment.

In addition to execution control BOUNCER provides you more control than ever over scripting and the parameters of how they run. With BOUNCER you can:

• Create a scripting whitelist designating approved scripts that are allowed to run.

• Protect approved scripts from modification or deletion.

• Create protected scripting directories and restrict scripts from running that aren’t in that directory

Secure, Self-defending Architecture

Today's malware writers know that the biggest threat to their malicious software is endpoint security software. Because of this, the more sophisticated malware targets the security software and attempts to turn it off or make it ineffective. BOUNCER employs the most advanced secure, self-defending architecture available on the market.

With BOUNCER you get:

• Kernel-level protection:
  BOUNCER installs at the operating system level itself. It isn't simply another process, it is a kernel module that has sophisticated defenses that prevent alteration or termination.

• Process defense:
  The BOUNCER processes monitor themselves and ensure that they are running at all times. There are multiple BOUNCER processes that ensure uninterrupted protection at all times.

• End-to-end encryption:
  All communications are fully encrypted from the management console to the endpoint.

• End-to-end authentication:
  Strong authentication is designed into BOUNCER from protecting access to administrator accounts to authenticating the applications themselves using their embedded digital certificates.

Scrubbing of Unwanted Applications

BOUNCER prevents the execution of all applications that are not on the whitelist. If at any time you wish to remove unauthorized applications that have accumulated on a system, BOUNCER allows you to revert to a previously known good state and scrub any applications added to your endpoints. BOUNCER is one of the only whitelisting solutions that provide an integrated mechanism for cleanly removing these kinds of applications.

Next Steps

1. Sales and Evaluations

   If you are thinking application whitelisting is a possible solution to problems or pains within your organization, pick up the phone and call one of our representatives today at 512-592-4111, or click below to request a call back.

   Contact us now.

2. Additional Resources

   CoreTrace has many whitepapers, case studies, webinars, and demonstrations that can help you learn more about BOUNCER's real world benefits.

   Browse the Resource Section.