BUFFERZONE Safe Workspace™ Solutions
To provide airtight security to users’ endpoints, from incoming content from risky sources, BUFFERZONE’s Safe Workspace™ suite of solutions intelligently combine automatic and manual virtual containment and disarming technologies in various ways. The specific protections depend on content source and type, and on Safe Workspace™ edition and licensing.
Safe Workspace™ provides the following solutions.
Safe Browser: Anti-Malware
Safe Browser (Anti-Malware) runs browser processes inside the Safe Workspace™ isolated container, to protect the endpoint from malicious sites.
For user awareness, secured browser windows are bordered:
Downloaded documents and media files start out contained, and are then either disarmed of risky components or remain in the container.
Disarming is supported for almost all common document and media content types, and occurs automatically (in Safe Workspace™ Pro edition; in Enterprise edition, depending organizational policy).
Other downloaded files, such as executables, from well-known, trusted vendors – are trusted and allowed out of the container. Untrusted executables and other files remain contained; they appear in the designated Contained files local folder and are blocked from running, unless manually disarmed and uncontained (in Enterprise edition – as allowed by organizational policy).
Chrome, Edge, and Firefox are supported.
Safe Browser: Anti-Phishing
Coming soon to Safe Workspace™.
In Outlook, Safe Workspace™ Safe Mail disarms incoming message bodies by rendering inline images as HTML and blocking other inline attachments.
Upon double-clicking regular (not inline) message attachments, Safe Mail keeps the accessing process in its isolated container, and then handles the attachment files like Safe Browser downloads (as above).
[Web-based mail platforms such as Gmail and Outlook Web are secured by Safe Browser; Safe Mail is for the Outlook desktop application].
In Outlook, secured messages appear with an informative notification:
Safe Removables and External Sources
When a file is opened from USB memory or CD/DVD, Safe Removables keeps the accessing process in the Safe Workspace™ isolated container, and then handles the file like Safe Browser downloads (as above).
USB flash drives and external drives are supported; access to phones as storage is blocked. USB Autorun is blocked.
With Safe Workspace™ Enterprise edition, organizational policy can specify network locations or drive letters to be similarly secured.
Safe Workspace™ includes SafeBridge®, which securely disarms downloads and attachments so they can be securely allowed out of the isolated container.
With the Safe Workspace™ Pro edition, disarming occurs automatically. With the Enterprise edition, orgniational policy determines manual and/or automatic disarming, and can have files submitted for analysis and detection.
BUFFERZONE Management Server (BZMS)
With the Safe Workspace™ Enterprise edition, the BUFFERZONE Management Server (BZMS) provides centralized deployment and management of organizational Safe Workspace™ agents, provides visibility to relevant organizational endpoints, and serves and assigns organizational policy by endpoint and/or user.