Invincea Platform v3.3/4.0
Strengths: Creative secure browsing solution. Easy to recover from browser-based exploits. Deploys quickly and without impact to end-users.
Weaknesses: Nothing technically; annual subscription model is a bit pricy for an endpoint offering.
Verdict: Nice added layer to security posture, complements signature-based solutions by capturing threats they miss.
Invincea provides an additional layer of security at the endpoint by adding in protection for web browsing and document use. Invincea Enterprise provides a secure container for users to run the most common web browsers and document applications within. By running these applications in a secure container, users are protected from malicious attacks that may come via a website or infected document.
Invincea helps by securing web browsing, using the Invincea WebRedirector, to ensure that only trusted sites can be opened outside of the secure container. This experience is automated and mostly transparent to the user to ensure a consistent browsing experience. The secure container keeps unexpected malware from executing or installing on the host machine and is detected by Invincea's behavior-based threat detection. Invincea's behavioral sensors understand the legitimate behavior of how applications run inside the secure container, thus detecting malicious activity regardless of how many variants of exploits try to take advantage of a vulnerability.
Invincea currently supports Google Chrome, Microsoft Internet Explorer and Mozilla Firefox browsers. Applications supported include Adobe Acrobat/Reader, Adobe Flash, QuickTime, MS Excel, PowerPoint and Word, Microsoft Outlook helper apps, Silverlight, Java and custom applications and browsers-plugs via SDK. Upon detection, the secure container is destroyed and a new, clean container is recreated to ensure the endpoint machine is not compromised.
Invincea integrates with the Invincea Management Server, which manages client configuration and software versions via the Configuration Management Module and collects any threats that were detected on an end-user machine via the Threat Data Module. The Management server deploys either as a cloud-based offering or an on-premise appliance. We tested with the cloud based solution. The endpoint deployment is done through a simple executable and loads quickly. The FreeSpace user protection client completely isolates vulnerable applications from the host operating system, registry, disk, running processes, threads and memory into a secure virtual container. As supported applications are launched and run inside the secure container, if they start to behave in a malicious manner, their activity does not impact the host since all application executions are fully isolated from the host. Automated termination of malicious activity stops malware from infiltrating the targeted machine and prevents data exfiltration. The policy-based prevention rules enable an organization to stop a breach before it occurs. You can set up trusted sites or block unwanted sites through policy. All the tools to accomplish this are contained inside the container and include the behavioral activity scanning, policy engine and forensic tools.
This technology complements existing endpoint protections by delivering a means to protect against zero-day, unknown threats or advanced persistent threats that those protections typically miss. The product deploys easily, is simple to use and the container restores occur without any real impact to the end-user.
Basic no-cost support is include with the purchase. There are no enhanced support options available.