SentryBay have a range of technologies that are built into our software solutions, but are available to OEM in order to improve security of host applications or services.
The Technologies that are available for OEM include the following:
EntryProtect / Secure Framework – anti-keylogging and other malware protections
Advanced Malware Identification (AMI)
Companies such as Citrix, Gemalto and Checkpoint use SentryBay’s SDK-based solutions within their security solutions.
EntryProtect / Secure Framework
This is a set of technologies, including kernel-based anti-keylogging technology that can be integrated within host applications to harden them and make the applications they wrap impervious to malware attack on the endpoint.
The technology provides layered protection within the relevant parts of the application and operating system providing core protections as shown in the diagram below.
SentryBay has over 15 years development experience in the area of anti-keylogging, having filed our initial patent application in 2002, and with our first of two US patents in this area granted in 2012.
Includes multiple layers of protection combatting attacks in all the threat vectors found in the Windows operating system. This includes patented techniques which prevent keystrokes and other data being uplifted at kernel level, userland level and windows level of the OS. The technology does not need to identify malware in order to protect against it. The solution protects against data capture at all potentially vulnerable areas so that malware collects no data – or fake random data "fed" to it – and not the real data. This technology is deployed within a range of SentryBay products, but can also be licensed to be embedded within third party PC or web-based applications – protecting data entry into those applications. Leading InfoSec companies as well as banks, insurance companies and telcos use this technology.
Secure Framework (patent-pending)
This range of technologies create a secure environment within which an application can securely run. It is designed to work alongside EntryProtect - providing anti-hacking measures protecting against any direct attack on the application or an attack on Entry Protect itself.
It ensures the integrity of processes and child processes running within the framework, provides DLL injection protection and prevents RDP sessions / double-hopping.
PhishLock – Anti-Phishing (patented)
Phishing is an increasingly pervasive threat that leads to unauthorized access, malware infection and serious data breaches. SentryBay’s unique system of "fingerprinting" major brands targeted by cybercriminals provides true real-time protection against phishing attacks. The blending of multiple blacklists into the feed results in global protection against phishing. False positive filtering mechanisms utilised by SentryBay, including manual investigation, help ensure the ongoing accuracy and integrity of the protection.
This technology can be deployed as a cloud-based solution or feed - and can be used to protect endpoints (including mobile).
Advanced Malware Identification (AMI)
This technology uses an AI engine to detect sophisticated, hidden malware that are attempting to contact their Command-and-Control (C2) servers. It detects patterns of DGA’s (Domain Generation Algorithms) and can immediately identify malware the first time they attempt to contact their handler – and block the communication to the handler. This proactively prevents sensitive data leaving the endpoint.
The technology can be built into endpoint software to proactively prevent sensitive commercial, personal or financial data from being stolen – thus rendering the malware impotent.
SentryBay has an aggregated set of suppliers and it’s own data sources that enable it to scour the pubic, deep and dark web and collect the widest set of data. It also can direct scanners towards any specific area of the internet to meet the needs of it’s clients.
This has lead to an ability to provide real-time credential scanning at the point of login to any remote access solution, corporate application of SaaS application. The service determines whether the individual credentials (or the combination of credentials) has been found in the dark web, and apply potential rules / risk rating based on the amount/timing etc. of the data found.
The cloud-based service can be built into any host application merely by the insertion of script into the host application (or web page) triggering the call to the cloud-based service. The host application can then apply it’s own preferences (i.e. to provide a warning, trigger a password reset, inform SOC) based on the results returned by the cloud-based service.