Primary Response Memory Shield Client Features & Benefits

• Easy to install, built-in device protection from network worms, the largest class of attack.
• Complements antivirus to protect against Internet-attacks that would otherwise threaten business continuity, reduce employee productivity, and raise operational costs.
• Provides targeted intrusion prevention out-of-the-box in servers, personal computers, and embedded systems.
• Offers both PC manufacturers and their customer a single, cost effective solution to multiple high risk and fast emerging security threats for both new and installed PCs with no effective system limitations.

Easy to install, built-in device protection from network worms, the largest class of attacks.
PC network worms are now the largest risk class of internet-based attacks. These attacks, like Sasser, Blaster and Code Red, infect and propagate by exploiting vulnerabilities in Windows OS services to inject code and harm systems resulting in serious damage to machines and networks. Primary Response Memory Shield Client provides instant protection against code injection threats to Microsoft Windows services with:

• No signatures to develop and update.
• No rules or policies to configure and manage.
• No end-user intervention required.
• No impact on machine performance.

Back to top »

Complements antivirus to protect against Internet-attacks that would otherwise threaten business continuity, reduce employee productivity, and raise operational costs.
Because antivirus programs generally detect existing worms based on known signatures, through file scans, port analysis, and other vehicles, antivirus protection from worms is inherently limited and reactionary. Until a worm is known and a signature is created and updated, the antivirus program cannot provide protection against malicious code. Even when the worm is known, if it enters in an encrypted form and executes itself from memory without installing in the file system, most antivirus programs will not be capable of protecting your system against it. Primary Response Memory Shield Client fills this gap, proactively preventing this class of attack.

Back to top »

Provides targeted intrusion prevention out-of-the-box in servers, personal computers, and embedded systems.
Primary Response Memory Shield Client provides real-time security by addressing the source of the problem. The product understands and tracks the normal behavior of Windows core services at the system call level. As a result, any abnormal behavior, including code injection form a known or unknown worm, is identified and prevented. Because this protection is focused on core services, it does not hamper run-time programs such as Java applications. Java is an example of a programming language with built-in memory management, which eliminates buffer overflow vulnerabilities, and does not need monitoring in the same way as other programs.

Back to top »

Offers both PC manufacturers and their customer a single, cost effective solution to multiple high risk and fast emerging security threats for both new and installed PCs with no effective system limitations.
For business users, one vendor (Sana Security) and one solution (the Primary Response Memory Shield Client product family) can solve a majority of the security problems still facing their heterogeneous network environments despite the broad use of traditional security products. As a result, these organizations will benefit from dramatically improved:

• PC and network health
• Employee productivity
• Business continuity
• Operational cost
• Data integrity and confidentiality
• Corporate brand recognition and reputation

Similarly, Sana Security and the Primary Response Memory Shield Client product family enable PC manufacturers to deliver this security and customer value, largely independent of processor type, motherboard configuration, operating system or date of manufacturing. Key differentiators of Sana's single solution include:

• Product differentiation
• Reduced support costs
• Unified product messaging
• Cost-effectiveness

In the fight against network worms, it is clear that signature-based products are not the solution. With Sana Security Primary Response Memory Shield Client, and soon to be released companion products, PC manufacturers and users are empowered with advanced protection from evolving attack classes today, as well as many of the fast emerging threats of tomorrow, to complement existing security products at an affordable cost.

Back to top »

Read about Primary Response Memory Shield Client Technology »
View Primary Response Memory Shield Client Overview »
View System Requirements »
Read Primary Response Memory Shield Client Literature »

Primary Response Memory Shield Client Technology

At a high level, a network worm exploits a buffer overflow vulnerability or other programming vulnerability. Programs use memory buffers for temporary storage and processing, each buffer has a limited size. If a program does not check the bounds of a buffer an attacker can overflow the buffer with their own contents. This allows malicious code to be injected and executed from read/write memory in unprotected systems. Generally, network worms exploit vulnerabilities in Microsoft Windows in order to acheive the broadest and greatest impact. For more information see the primer or tech note. Sana Security's ForceField tracks the behavior of core Windows services at the system call level. This means that any abnormal behavior, including a code injection from an unknown worm, is prevented. Code injection that originates system calls from read/write memory (heap, stack or static memory) is blocked. Because this protection is focused on core services, it does not hamper run-time programs such as Java applications. Java is an example of a programming language with built-in memory management, which eliminates buffer overflow vulnerabilities, and does not need monitoring in the same way as other programs.

Primary Response Memory Shield Client is a software-only solution to this problem that will protect any contemporary PC, regardless of processor and motherboard, running a version of the Windows 2000 or XP operating system. As such, it provides a single solution to both new and installed PCs running various operating systems in a heterogeneous computing environment. With Primary Response Memory Shield Client, businesses in particular, benefit from improved PC and network health, employee productivity, confidentiality and integrity of information, and operational cost. The takeaway: Stop network worms before they strike!