Bufferzone uses a unique approach to protecting the endpoint. Rather than detecting threats and blocking them, it simply contains them. It places endpoint applications - those that either housed at the endpoint such as browsers or those that execute on the endpoint as client-server applications - into a secure container. The container spins up automatically when the application is launched. Browsers, for example, launch with a red border, indicating that they are contained. Applications that are considered "safe," launch with a green border. This ensures that the user knows they are protected. The exception is email. Email launches with a yellow border and that tells the user that the email and any attachments are tagged and protected. The tag is persistent.
Bufferzone permits reading but no writing. So, when a user surfs to a malicious site everything is fine until the site tries to write something that, in turn, tries to write out to the computer. That will be stopped. The result is good protection at the endpoint without sacrificing performance. The containers are fully virtualized rather than being some sort of barrier between the malicious application and the operating environment that can be bypassed by clever malware. The virtualization extends only to the application, not to the operating environment.
The isolation addresses the four main areas of the computer: file system, memory and processes running therein, the registry and the network. "Safe" sites are those that are designated by administrators as internal sites. These are allowed to bypass the Bufferzone controls. However, external sources are considered potentially hostile and are contained. This includes the usual internet applications - such as browsers, Skype, etc. - but it also includes other external sources, such as thumb drives.
Thumb drives make an interesting use case. There are valid reasons why a user might not want to be restricted to reading from the drive, but likely will want to save to it as well. That's fine, but you can't go the other way and write from the thumb drive to the computer.
The endpoint piece is very lightweight consuming only about 70MB of RAM. It is simple to deploy. This brings up another unique feature: the product does not have its own management console. Rather, it integrates with your existing management stack, such as LANDesk, Microsoft or McAfee ePO. This saves money and puts it under the same pane of glass. However, for smaller installations, there is an on-premises Bufferzone management console available. For larger implementations, the third-party management console can be used for deployment.
Bufferzone can integrate with SIEMs and other analytics tools. It recognizes and collects more than 40 kinds of events, including such things as registry alterations and network activity. This provides the sort of intelligence that is valuable in preventing repeats of potential incidents. It will run in Windows 7 and higher and requires 4GB of RAM or more and at least 500 MB of available disk for installation space.
Support is good with eight-hours-a-day/five-days-a-week assistance included in the purchase or subscription price. More extensive aid may be customized and quoted as a separate service. The support portal is a customer-only login on the company's web page. In addition to the support page, the website has a resources page with a lot of supplementary material that should be useful - both during the buying process and after deployment. The support portal offers phone and email support with a built-in ticketing system so users can track trouble calls.
Price is reasonable and, overall, we saw nothing objectionable in the product. We did see a lot to like, however, and that makes this a very viable offering in the purely endpoint security arena.