Endpoints are vulnerable, and defeating malware is hard. Despite increased spending on cybersecurity tools and personnel, malware continues to bypass existing security controls to gain access to endpoints. Traditional security defences such as firewalls, secure email gateways, IPSs, signature-based solutions, and next generation endpoint protection platforms can play a role in your defence-in-depth strategy, but they continue to fall short on protecting against advanced threats and zero-day exploits.

The ultimate goal for investing in endpoint protection tools, is to ensure the business can do what it needs to and malware can’t do what it wants to. Most endpoint protection tools take a reactive approach – they detect when a system has been compromised and then attempt to control the damage. AppGuard takes a different approach - instead of detecting malware, AppGuard proactively disrupts malware to prevent security breaches, which provides better protection with less effort and less stress.

AppGuard outsmarts malicious actors by applying autonomously adaptive policy controls over application behaviour. AppGuard’s policy controls prevent malware from executing on endpoints in order to cause harm (e.g. command and control or data exfiltration). Blocking actions based on context, AppGuard protects systems in real-time against malware, regardless of the attack vector or type of attack, without the limitations and post-compromise costs of detection-based tools. Prevention at the endpoint reduces work at outer layers (no alerts to chase, no signatures to detect, no army of security analysts drowning in data), therefore increasing the efficiency of security teams and the effectiveness of security programs.

AppGuard’s “prevention without detection” philosophy negates the guesswork involved with detecting good from bad activities. By controlling and constraining the behaviour of applications and utilities, AppGuard ensures processes executed adhere to established policies, therefore reducing the risky actions that malware can take, regardless of the form it takes – new or old. This allows AppGuard to protect assets from malicious processes of unknown origins, without having to recognize malware or its effects.

AppGuard operates from the OS kernel, allowing it to use real-time process data to referee application activity, block untrustworthy executables and scripts from launching. From the kernel, it can see the parent-child execution path for every process (e.g. what triggered the process and the interim steps taken to get to the high-risk action). AppGuard adapts its controls and blocks high-risk actions, but only when they start from an untrusted source.

For enterprise deployments, policies are controlled centrally in the AppGuard Management System (AGMS). The AGMS console generates agent install packages, creates and distributes policies and collects and reviews endpoint logs. Policies are distributed through a relay server that the agent checks periodically, removing the possibility of a backdoor. Out of the box, agents are fully operational and protective using the default or initial policy settings and run smoothly for as long as required, without policy updates or internet connectivity. Application updates, patches, or other changes on the system (including malware evolution) do not alter its efficiency or operations, because policies are not application or utility specific. Exceptions to default policies can be made if an administrator chooses to allow a high-risk action in a certain context for operational reasons.

• No alerts to investigate
• No whitelists to maintain
• No artificial intelligence or machine learning
• No application isolation or snadboxing
• No Indicators of Compromise or Indicators of Attack
• No disk scanning

• Windows XP SP3 - Windows 11
• Windows Server OS, 2008 R2, 2012 R2, 2016, 2019, 2022
• Red Hat Enterprise Linux Server OS, 7.4, 7.5, 7.6, 7.7, 8.1
• CentOS Linux Server OS, 7.4, 7.5, 7.6, 7.7, 8.1
• Amazon Linux 2 (with kernel version 4.14+)