X-FORT (EN)

Enterprise Electronic Data Surveillance System

Provides a comprehensive endpoint security solution includes DLP, DRM, and ITAM. It prevents confidential information from breaching or losing, and provides the management tools of applications, computer assets, and remote control.

X-FORT Function List

Client Agent Function

Category

Module

Function

Description

D

L

P

Local Security

Storage Device Control
  • Flexible control mode: Disable, read-only, plaintext, encryption
  • Support external HDD, USB drive, SD card, MP3, etc.
  • External storage device registration method: Hardware, software, serial number
  • MTP (smart phone) control
  • HDD protection:
    • MBR and BitLocker disk protection: Prevent users escape control by using CD-ROM boot, USB drive boot, or HDD cascade
    • BitLocker auto unlock disk after login Windows, support both GPT / MBR format

Adv. Storage Device Control
  • Copy file to external storage device with supervisor approval
  • Limit size of daily copy or single file to an external storage device

CD/DVD Control
  • Disable disc recorder (CD / DVD / HD DVD / Blu-ray) and disable burning applications
  • X-BURN
    • Burned into ciphertext or plaintext with comprehensive log & alert
    • Burn CD/DVD with supervisor approval

Printing Control
  • Configure printing policy for each local or network printer
  • Watermark enforcement
  • Backup the printed pages or file
  • Allow temporary printing or cancel watermark with supervisor approval

Operation Log
  • System file activity & operation record: Record system file deletion and rename event (includes
    command mode operation)
  • User activity & operation record: (1) Software execution and operation (2) Web browsing (3) OS login & logout (4) File operations includes create, copy, move, rename and delete

Adv.

Operation Log
  • Microsoft Office file access control and log (open, save, save as)
  • Clipboard log (copy, paste text)
  • Record CMD and PowerShell input and output text

Other Control
  • Device lockdown: Prevent using unauthorized device
  • Port and tools protection: IrDA transceiver, Bluetooth, file transfer software, PrtScr key, remote control,
    GHOST, VMware, Virtual Box, Hyper-V, P2P software, SHARE tools, registry editor, sound card, etc.
  • Disable the built-in or USB wireless network card
  • General device control: Disable devices in Windows Device Manager
  • Control Windows virtual devices, e.g., mobile phones, digital cameras, MP3 phones

X-DISK
  • Private encryption virtual drives: Store important files, and record user's behavior on X-DISK

Network Security

Folder Sharing Control
  • Network folder sharing control: Disable, access record, backup files transfer
  • Email notification while network traffic and the number of file deletion exceed the threshold

Connection Control
  • Enable or disable communication ports, e.g., FTP, HTTP
  • Allow to use communication port with supervisor approval
  • Application access control & network access control

Transfer Control
  • IM control: Disable IM software, disable file transfer, disable screen snapshot, disable desktop sharing and record chat message, support Line, Skype, Skype for Business, WhatsAPP, Tencent QQ, WeChat, AliWangWang.
  • FTP: Disable FTP or record & backup FTP transfer
  • Wireless access: (1) Disable 3G / 3.5G & dial-up software (2) Disable WiFi service

Web Browsing Control
  • Web access control:
    • Record user browsing behavior, search term and tag visited destination country
    • Allow user to browse website during specific period (e.g., browse Facebook after hours)
    • HTTPS control: Support user defined blacklist and whitelist, and record blocked website browsing.
  • Advanced web access control: (Support IE with specified URL)
    • Disable open file, save as, printing, keyboard, copy, paste, drag & drop functions
    • Disable the keyboard, drag and drop, send the screen, view source file
  • WebPost control: Disable or record file uploads (e.g., webmail, web storage)
  • Network traffic monitoring: Daily upload and download traffic alerts
  • Allow web access with supervisor approval

Cloud Control
  • Control sync software and URL of cloud drive
  • Control web based cloud service (support IE, Chrome, Firefox)
  • Control application using HTTPS connection (TLS / SSL)
  • Control Microsoft Office save as to cloud drive

Web Content Log
  • Record content of web page (support IE, Firefox)
  • Support HTTPS/HTTP

Webmail Log
  • Retrieve webmail text content of Outlook.com, Yahoo! Mail, Gmail and Openfind Mail2000
  • Backup the attachment of Yahoo! Mail and Openfind Mail2000

E-mail Control
  • Allow specified SMTP mail server
  • Record and backup e-mail content
  • Support Outlook client

Outlook
Attachment Encryption
  • Auto encrypt the attachments while sending e-mail
  • Send the decryption password with supervisor approval
  • Prohibit email sending with specified domain name or keywords, and record blocked activity

Secure Virtual
Tunnel
  • Only allow client with X-FORT agent to access protected servers
  • Only dedicated users, devices, or software can connect to protected servers
  • The communication uses TLS encryption to prevent MITM

I

T

A

M

Software Security

Basic
Software Security

Software Execution Control
  • Record prohibited and unmanaged software operation
  • Allow to execute specified software during specific period
  • Allow software execution with supervisor approval

Folder Access Control
  • Isolate files in safe zone to prevent malicious access, e.g., ransomware
  • Only specified software allow access safe zone

Adv. Software Security

Advanced Software
Control
  • Disable the function of specified software: open file, save as, printing, keyboard,
    copy, paste, and drag & drop
  • Gradient style screen watermark: Avoid color absorption by background

IT Assets Mgmt

Software Assets
  • Software asset management: (1)Software license management and allocation (2)Software suite and alias management
  • Hotfix management and Registry management
  • Enforce remotely uninstall software

Hardware Assets
  • Hardware asset management
  • Hard drive utilization information & alert
  • Procurement management of computer hardware and generic equipment
  • Lifecycle management of assets

Remote

Mgmt

Remote Function
  • Remote wake-up, logout, reboot and shutdown the client
  • File deployment: Support for immediate or scheduled delivery, file transfer, transmission bandwidth management, and seeding delivery
  • Message broadcast
  • Remote view and control computer
  • Online help desk and service satisfaction survey
  • Remote scan and find the files with specific keywords
  • X-Monitor
    • Support multi gridview on one screen
    • Supervisor can Live monitor the computer screen

Screen Capture
  • Capture screenshots at predefined time intervals
  • Capture screenshots while execute specific software
  • Adjustable image quality and interval time
  • Screen capture with specific operation, e.g., switch windows, copy to clipboard, Microsoft Office operation

D
A
T
A

P
R
O
T
E
C
T
I
O
N

 Document Mgmt

Content
Filter and
Classification
  • Filter by regular expression and keyword
  • Filter content of file while writing file to external storage device, sending file on IM software, and emailing
    attachment in Outlook; When match the rule, block the actions, backup the files, and add tag in the log
  • Webmail: filter mail content and attachment, when match the rule, backup the files, and add tag in the log

File Locker
  • User decides to encrypt the files, support encrypt single file or batch
  • User-friendly: double-click file to auto decrypt file; auto encrypt when file close
  • DEF (Document Encryption Folder): Auto encrypt all files in the DEF folder, and auto encrypt new files; applicable root directory and cloud sync folder (Server OS is not applicable)

Secure Virtual Storage
  • Enforce saving files to SVS drive while using the specified applications (e.g., Word)
  • Encrypt SVS based on the policy assigned by document administrator
  • Secure backup folder from unauthorized access
  • Support source code protection with IDE (integrated development environment)

Document Encryption Center
  • Document Encryption Center can automatically encrypt the document by different policy
  • Different share folder has different policy

S

Y

S

T

E

M

 

M

G

M

T

EDR

Incident
Response
  • Monitoring and detecting irregularities
  • Proactive response to mitigate risk, including screen watermark, alert, restrict network access, block
    untrusted storage, and block printing
  • Record various violations, response actions and remediation
System Mgmt 

Console
  • Multi-language support: English / Japanese / Traditional Chinese / Simplified Chinese
  • Role-based management: Administrators, group managers, auditors, and others
  • Compliant with password complexity, password length requirements, and password change enforcement

Client
  • Self-protection: Prevent agent destroyed by malicious user or software
  • Support Windows safe mode and AD user profile roaming
  • Security incidents alert and notification

 

Server Function

Category

Module

Function

Description

S
Y
S
T
E
M

M
G
M
T

Server

Main Server
  • Support database backup and restore
  • Optimized server and client data exchange bandwidth
  • File encryption with PKI (1024 bit) & AES (256 bit), support HSM key management
  • Single server supports more than 1,000 Clients
  • Support Microsoft Azure, private cloud, public cloud, and hybrid cloud

Backup Server
  • Multi-server support active-active load balance, assign client to specified server based on network segments
  • Store backup files on relay server
  • Exchange encrypted files between trusted servers