There are three kinds of protection mechanisms: rule-based policies, automatic protection of various system and network activities, and behavioral profile-based policies that monitor running applications and block any odd behaviors. Any policy created by an administrator takes precedence over any automation routines. Think of this as an advanced firewall rule set where the rules are processed in the order that they are specified, only on a grander scale and you’ll get the picture.
Each policy category has dozens of parameters and several tabbed screens to fill out. For example, the antivirus policy has sections for what files to scan and how often, what email settings, and whether to enable real-time protection. There are also policies to handle network protection, such as limiting Wi-Fi connections to a particular authentication and encryption level, looking for firewalls and IDS, allowing or blocking particular removable media, and lots more detail.
From the above description, you can see that SES is somewhat of a mixture of a traditional malware endpoint protection tool and a network-based intrusion prevention tool. SES handles both with its protection policies to provide comprehensive mechanisms to keep attacks from invading your infrastructure, including some additional anti-ransomware features that were added after our review.
The behavioral profiles cover how SES watches over your network to see which apps open particular ports or load specific DLLs or read Registry keys. A good example of this is how you would set up SES to prevent ransomware from entering your endpoint by looing at what is running in each endpoint’s memory and what those programs are doing. The idea is to set up SES in a special “learning mode” where it memorizes what is actually going on across your network when it is operating properly. After it learns this information, SES will then report when something deviates from these routines. You can set up weighting factors to trigger alerts when something more significant happens. The administrator can set up the learning period start and stop dates in the management console.
There was some tricky synchronization with the agents when we first installed them, but that wasn’t an issue as we used the product subsequently. As you choose your particular policy, the details and options are shown in the right-hand window on the management console. There are also status and error messages that scroll across a separate window at the bottom of the console screen.
SES comes with numerous default security policies, including those that are specific to each Windows OS version. Speaking of which, SES supports all Windows versions back to XP with SP3, and added Windows 10 in late April. There are also a series of policies that can prevent executable files from being created, keyloggers from being deployed, memory overflows and privilege escalation. These latter situations are simple on/off switches.
Sign up for CIO Asia eNewsletters.