Feature Comparison across Cybersecurity Sectors
Legend: 
= generally supported 
= generally not supported 
= see notes * = click or hover to view notes
| Capabilities | AMULET™ Technology | McAfee • Symantec • Kaspersky |
|---|---|---|
| Fail safe – when errors occur, protected digital asset is always left in the protected state | ||
| Each individual digital asset is separately and independently protected | ||
| Subparts of an individual digital asset can be separately and independently protected (i.e. age-17-and-over-content in a move, or access to a menu iten in an application) | ||
| Protection is consistent across all operating systems, storage devices, transports, and memory | ||
| Level of protection for a digital asset can be varied at will in realtime wherever the digital asset might be and whenever there is network access | ||
| Digital asset protection levels remain at all times under the control of the original creator or owner, designee, or assignee | ||
| Protection criteria are separate from the protected digital asset, and can be separately acquired from other sources | ||
| Digital asset protections need not be removed, replaced, or modified when moving from storage to transport or vice-versa | ||
| Keyless – digital access protection requires no external key | ||
| Levels of protections can be shared among many digital assets, but indepedently | ||
| Multiple protections can be combined to protect a single digital asset | ||
| Overall system efficiency/costs can be significantly reduced by deciphering only when digital asset is needed (rather than at every handoff between silos/containers/transports) | ||
| Full-fledged security available through trusted proxy servers even for underpowered devices | ||
| Different stakeholders can separately apply protection unique to their interests to the same digital asset, with all parties’ interests honored | ||
| Protection criteria can consider physical (GPS) location of the device in realtime | ||
| Protection criteria can consider current time, and varying time spans of any number or patterns, when allowing access to a digital asset | ||
| Can protect the file (digital asset) on the server, even if the server protection is breached | ||
| Can detect unwanted file(s) on the operating system and provide or deny access to the digital asset accordingly | ||
| Can audit-trail access attempts made against the digital asset | ||
| Can protect the digital asset during transport | ||
| Access to each individual digital asset can be controlled through logged-on-user rights | ||
| Access to each individual digital asset can be controlled by file-system-level read-write access rights | ||
| File differences/similarities can be identified through hashes | ||
| Natively cooperates with other types of cybersecurity | ||
| Security attributes can be grouped and accessed by user-created friendly names | ||
| Can provide or deny access to the digital asset based on the detection of unwanted process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing file(s) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of a missing process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of unwanted hardware on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing hardware on the host device | ||
| Can perform secure financial transactions in situ within the digital asset | ||
| After the digital asset has been viewed or accessed once, no unprotected copy exists anywhere (that is, the digital asset remins secure after viewing, rendition, or access) | ||
| The digital asset remains secure (including from capture or recording) as it is being viewed or accessed | ||
| Any copies made of the digital asset are as secure as is the original | ||
| Any copies made of the protection mechanism used for protecting digital assets are as secure as the original | ||
| A protected digital asset’s embedded I/P is just as secure in any one physical location (say, the US) as it is in any other (say China) irrespective of that location’s respect for (and adherence to) Western intellectual property law | ||
| Protected mobile digital assets are equally secure no matter where or when they travel, both when traveling and once landed | ||
| Protected digital assets, as well as their protective components, can reside on any operating or storage system | ||
| Technology can be used to indentify a sender as being absolutely safe, i.e., e-mail | ||
| Both sender and receiver’s security protection can be attached to a digital asset to ensure each party’s security interests, i.e. e-mail | ||
| Can ensure the security of a financial transaction through all steps of the transaction | ||
| Can protect individual cells, rows columns, tables, views, and/or stored procedures in a database as though they were digital assets | ||
| Performs deciphering/decryption operations to a safe, hidden location where no copies can be accessed via any means by any other party | ||
| Can protect the locations, identities and metadata of, as well as access to, connection endpoints as digital assets in memory | ||
| Can protect the locations, identities and metadata of, as well as access to, code snippets (including plain-text scripts) as digital assets in memory | ||
| Can protect the digital asset based on the currently logged-on user of a host device | ||
| Each and every enciphering/encryption of a protected digital asset produces a vastly different binary output, in both size and content, even from a rendering may immediately prior for the same source on the same device | ||
| No combination of any two of the three elements used to encipher a digital asset – the source, the result, and the protection metadata or key – can be used to extract the third element | ||
| Up to two dozen families of environment detection criteria, each optional, selectable, and configurable, can be used singly or in combination with the others to create a protection level | ||
| One security technoloigy can perform the functions of dozens of other technologies, and perform each of the other functions better | ||
| Can protect individual page elements and downloads in a browser | ||
| Can fully protect blockchain ledgers and wallets | ||
| Can fully protect apps an applications, including app and application subcomponents without writing any code | ||
| Can supply a safe and secure completely independent off-O/S environment in which a digital asset can be run, viewed, rendered, or explored | ||
| All applications connected to the technology are free to the consumer – only the content provider pays a small fee (fractions of a cent) for each group of protections in a protection level applied to protect a digital asset | ||
| Maintaining full security protection does not require modification in reaction to anything a hacker does (although all security protections can be modified dynamically if desired) | ||
| In the unlikely event of a breach, the hacker can obtain only one single digital asset – no other digital assets, including copies of the digital asset breached, are accessible using the same techniques, tools, information, or point of access | ||
| Can protect massive collections of individual digital assets (dozens of terabytes) with a one-pass application of one or more protection levels even if the digital assets are not in the same physical location | ||
| Little or no human involvement (avoids human error) at system setup, requires no regular maintenance, and no runtime human interaction whatsoever is required | ||
| System can be introduced incrementally (one digital asset at a time if desired), fully cooperative with all other systems, no startup costs or fees (other than fractions-of-a-penny AMULET licensing), unlike expensive all-or-nothing systems with exorbitant startup costs | ||
| Digital asset protection costs are zero to the consumers of the digital assets, the content provider pays fractions of a penny per group of protections applied to a digital asset, applying copies of the protection groups to other digital assets is free, all software and utilities are free (other than certain AMULET-enabled versions of consumer and custom apps”), and protected financial transactions are a penny or two each. | ||
| No onerous contracts inhibiting free speech, prohibiting full accountability, or preventing the simultaneous use of competitive products. | ||
| Malware removal | ||
| File quarantine | * | |
| Threat Identification | ||
| File/Folder scanning for viruses/malware | ||
| Firewall | ||
| Privacy Controls | ||
| Block or alert the user about unauthorized inbound or outbound connection attempts | ||
| Identify and control applications on any port | ||
| File packet investigation | ||
| DDoS mitigation | * | |
| Encryption key management | * | |
| Event monitoring and logging | * | |
| Data-at-Rest Encryption | ||
| Device controls | ||
| Provide wipe of device if de-provisioned or out of compliance | ||
| Application configuration | ||
| Manage user access to applications | ||
| Context-aware authentication | ||
| Vulnerability audits for the consumer (evaluation and scoring) | ||
| Threat defense recommendations | ||
| Threat detection when new devices access your network | ||
| Stops known email threats | ||
| Instant threat intelligence updates | ||
| Apply policies across the organization | ||
| Support mail validation (such as DKIM) | ||
| Supports email encryption | ||
| Restrict mobile access using URL wrapping | ||
| SPAM detection | ||
| Message tracking | ||
| Data loss prevention (DLP) – predefined dictionaries , identifiers, digital fingerprinting | ||
| Email archiving to support legal and regulatory retention requirements | ||
| Prevents “cold boot attacks” (encryption keys stored in memory) | * | |
| Can create hidden operating system | * | |
| Supports security (or cryptographic) tokens and smart cards | ||
| On-the-fly encrypted volumes | * | |
| Iterative key wrapping | * | |
| Data integrity verification – no undetected modification | ||
| Unique encryption keys used for each file and (re-)encryption | * |
| Capabilities | AMULET™ Technology | Kaspersky • Fortinet • pfSense • Comodo • Zone Alarm • McAfee Firewall • Palo Alto • Cisco • WatchGuard |
|---|---|---|
| Fail safe – when errors occur, protected digital asset is always left in the protected state | ||
| Each individual digital asset is separately and independently protected | ||
| Subparts of an individual digital asset can be separately and independently protected (i.e. age-17-and-over-content in a move, or access to a menu iten in an application) | ||
| Protection is consistent across all operating systems, storage devices, transports, and memory | ||
| Level of protection for a digital asset can be varied at will in realtime wherever the digital asset might be and whenever there is network access | ||
| Digital asset protection levels remain at all times under the control of the original creator or owner, designee, or assignee | ||
| Protection criteria are separate from the protected digital asset, and can be separately acquired from other sources | ||
| Digital asset protections need not be removed, replaced, or modified when moving from storage to transport or vice-versa | ||
| Keyless – digital access protection requires no external key | ||
| Levels of protections can be shared among many digital assets, but indepedently | ||
| Multiple protections can be combined to protect a single digital asset | ||
| Overall system efficiency/costs can be significantly reduced by deciphering only when digital asset is needed (rather than at every handoff between silos/containers/transports) | ||
| Full-fledged security available through trusted proxy servers even for underpowered devices | ||
| Different stakeholders can separately apply protection unique to their interests to the same digital asset, with all parties’ interests honored | ||
| Protection criteria can consider physical (GPS) location of the device in realtime | ||
| Protection criteria can consider current time, and varying time spans of any number or patterns, when allowing access to a digital asset | ||
| Can protect the file (digital asset) on the server, even if the server protection is breached | ||
| Can detect unwanted file(s) on the operating system and provide or deny access to the digital asset accordingly | ||
| Can audit-trail access attempts made against the digital asset | * | |
| Can protect the digital asset during transport | ||
| Access to each individual digital asset can be controlled through logged-on-user rights | ||
| Access to each individual digital asset can be controlled by file-system-level read-write access rights | ||
| File differences/similarities can be identified through hashes | ||
| Natively cooperates with other types of cybersecurity | ||
| Security attributes can be grouped and accessed by user-created friendly names | ||
| Can provide or deny access to the digital asset based on the detection of unwanted process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing file(s) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of a missing process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of unwanted hardware on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing hardware on the host device | ||
| Can perform secure financial transactions in situ within the digital asset | ||
| After the digital asset has been viewed or accessed once, no unprotected copy exists anywhere (that is, the digital asset remins secure after viewing, rendition, or access) | ||
| The digital asset remains secure (including from capture or recording) as it is being viewed or accessed | ||
| Any copies made of the digital asset are as secure as is the original | ||
| Any copies made of the protection mechanism used for protecting digital assets are as secure as the original | ||
| A protected digital asset’s embedded I/P is just as secure in any one physical location (say, the US) as it is in any other (say China) irrespective of that location’s respect for (and adherence to) Western intellectual property law | ||
| Protected mobile digital assets are equally secure no matter where or when they travel, both when traveling and once landed | ||
| Protected digital assets, as well as their protective components, can reside on any operating or storage system | ||
| Technology can be used to indentify a sender as being absolutely safe, i.e., e-mail | ||
| Both sender and receiver’s security protection can be attached to a digital asset to ensure each party’s security interests, i.e. e-mail | ||
| Can ensure the security of a financial transaction through all steps of the transaction | ||
| Can protect individual cells, rows columns, tables, views, and/or stored procedures in a database as though they were digital assets | ||
| Performs deciphering/decryption operations to a safe, hidden location where no copies can be accessed via any means by any other party | ||
| Can protect the locations, identities and metadata of, as well as access to, connection endpoints as digital assets in memory | ||
| Can protect the locations, identities and metadata of, as well as access to, code snippets (including plain-text scripts) as digital assets in memory | ||
| Can protect the digital asset based on the currently logged-on user of a host device | ||
| Each and every enciphering/encryption of a protected digital asset produces a vastly different binary output, in both size and content, even from a rendering may immediately prior for the same source on the same device | ||
| No combination of any two of the three elements used to encipher a digital asset – the source, the result, and the protection metadata or key – can be used to extract the third element | ||
| Up to two dozen families of environment detection criteria, each optional, selectable, and configurable, can be used singly or in combination with the others to create a protection level | ||
| One security technoloigy can perform the functions of dozens of other technologies, and perform each of the other functions better | ||
| Can protect individual page elements and downloads in a browser | ||
| Can fully protect blockchain ledgers and wallets | ||
| Can fully protect apps an applications, including app and application subcomponents without writing any code | ||
| Can supply a safe and secure completely independent off-O/S environment in which a digital asset can be run, viewed, rendered, or explored | ||
| All applications connected to the technology are free to the consumer – only the content provider pays a small fee (fractions of a cent) for each group of protections in a protection level applied to protect a digital asset | ||
| Maintaining full security protection does not require modification in reaction to anything a hacker does (although all security protections can be modified dynamically if desired) | ||
| In the unlikely event of a breach, the hacker can obtain only one single digital asset – no other digital assets, including copies of the digital asset breached, are accessible using the same techniques, tools, information, or point of access | ||
| Can protect massive collections of individual digital assets (dozens of terabytes) with a one-pass application of one or more protection levels even if the digital assets are not in the same physical location | ||
| Little or no human involvement (avoids human error) at system setup, requires no regular maintenance, and no runtime human interaction whatsoever is required | ||
| System can be introduced incrementally (one digital asset at a time if desired), fully cooperative with all other systems, no startup costs or fees (other than fractions-of-a-penny AMULET licensing), unlike expensive all-or-nothing systems with exorbitant startup costs | ||
| Digital asset protection costs are zero to the consumers of the digital assets, the content provider pays fractions of a penny per group of protections applied to a digital asset, applying copies of the protection groups to other digital assets is free, all software and utilities are free (other than certain AMULET-enabled versions of consumer and custom apps”), and protected financial transactions are a penny or two each. | ||
| No onerous contracts inhibiting free speech, prohibiting full accountability, or preventing the simultaneous use of competitive products. | ||
| Malware removal | ||
| File quarantine | * | |
| Threat Identification | ||
| File/Folder scanning for viruses/malware | ||
| Firewall | ||
| Privacy Controls | ||
| Block or alert the user about unauthorized inbound or outbound connection attempts | ||
| Identify and control applications on any port | ||
| File packet investigation | ||
| DDoS mitigation | * | |
| Encryption key management | * | |
| Event monitoring and logging | ||
| Data-at-Rest Encryption | ||
| Device controls | ||
| Provide wipe of device if de-provisioned or out of compliance | ||
| Application configuration | ||
| Manage user access to applications | ||
| Context-aware authentication | ||
| Vulnerability audits for the consumer (evaluation and scoring) | ||
| Threat defense recommendations | ||
| Threat detection when new devices access your network | ||
| Stops known email threats | ||
| Instant threat intelligence updates | ||
| Apply policies across the organization | ||
| Support mail validation (such as DKIM) | ||
| Supports email encryption | ||
| Restrict mobile access using URL wrapping | ||
| SPAM detection | ||
| Message tracking | ||
| Data loss prevention (DLP) – predefined dictionaries , identifiers, digital fingerprinting | ||
| Email archiving to support legal and regulatory retention requirements | ||
| Prevents “cold boot attacks” (encryption keys stored in memory) | * | |
| Can create hidden operating system | * | |
| Supports security (or cryptographic) tokens and smart cards | ||
| On-the-fly encrypted volumes | * | |
| Iterative key wrapping | * | |
| Data integrity verification – no undetected modification | ||
| Unique encryption keys used for each file and (re-)encryption | * |
| Capabilities | AMULET™ Technology | Forcepoint • Gigamon • AlienVault • CloudLock (Cisco) • Dome9 • Netskope • Skyhigh • CloudPassage • Bitglass • CYREN |
|---|---|---|
| Fail safe – when errors occur, protected digital asset is always left in the protected state | ||
| Each individual digital asset is separately and independently protected | ||
| Subparts of an individual digital asset can be separately and independently protected (i.e. age-17-and-over-content in a move, or access to a menu iten in an application) | ||
| Protection is consistent across all operating systems, storage devices, transports, and memory | ||
| Level of protection for a digital asset can be varied at will in realtime wherever the digital asset might be and whenever there is network access | ||
| Digital asset protection levels remain at all times under the control of the original creator or owner, designee, or assignee | ||
| Protection criteria are separate from the protected digital asset, and can be separately acquired from other sources | ||
| Digital asset protections need not be removed, replaced, or modified when moving from storage to transport or vice-versa | ||
| Keyless – digital access protection requires no external key | ||
| Levels of protections can be shared among many digital assets, but indepedently | ||
| Multiple protections can be combined to protect a single digital asset | ||
| Overall system efficency/costs can be signifcantly reduced by deciphering only when digital asset is needed (rather than at every handoff between silos/containers/transports) | ||
| Full-fledged security available through trusted proxy servers even for underpowered devices | ||
| Different stakeholders can separately apply protection unique to their interests to the same digital asset, with all parties’ interests honored | ||
| Protection criteria can consider physical (GPS) location of the device in realtime | ||
| Protection criteria can consider current time, and varying time spans of any number or patterns, when allowing access to a digital asset | ||
| Can protect the file (digital asset) on the server, even if the server protection is breached | ||
| Can detect unwanted file(s) on the operating system and provide or deny access to the digital asset accordingly | ||
| Can audit-trail access attempts made against the digital asset | * | |
| Can protect the digital asset during transport | ||
| Access to each individual digital asset can be controlled through logged-on-user rights | ||
| Access to each individual digital asset can be controlled by file-system-level read-write access rights | ||
| File differences/similarities can be identified through hashes | ||
| Natively cooperates with other types of cybersecurity | ||
| Security attributes can be grouped and accessed by user-created friendly names | ||
| Can provide or deny access to the digital asset based on the detection of unwanted process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing file(s) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of a missing process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of unwanted hardware on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing hardware on the host device | ||
| Can perform secure financial transactions in situ within the digital asset | ||
| After the digital asset has been viewed or accessed once, no unprotected copy exists anywhere (that is, the digital asset remins secure after viewing, rendition, or access) | ||
| The digital asset remains secure (including from capture or recording) as it is being viewed or accessed | ||
| Any copies made of the digital asset are as secure as is the original | ||
| Any copies made of the protection mechanism used for protecting digital assets are as secure as the original | ||
| A protected digital asset’s embedded I/P is just as secure in any one physical location (say, the US) as it is in any other (say China) irrespective of that location’s respect for (and adherence to) Western intellectual property law | ||
| Protected mobile digital assets are equally secure no matter where or when they travel, both when traveling and once landed | ||
| Protected digital assets, as well as their protective components, can reside on any operating or storage system | ||
| Technology can be used to indentify a sender as being absolutely safe, i.e., e-mail | ||
| Both sender and receiver’s security protection can be attached to a digital asset to ensure each party’s security interests, i.e. e-mail | ||
| Can ensure the security of a financial transaction through all steps of the transaction | ||
| Can protect individual cells, rows columns, tables, views, and/or stored procedures in a database as though they were digital assets | ||
| Performs deciphering/decryption operations to a safe, hidden location where no copies can be accessed via any means by any other party | ||
| Can protect the locations, identities and metadata of, as well as access to, connection endpoints as digital assets in memory | ||
| Can protect the locations, identities and metadata of, as well as access to, code snippets (including plain-text scripts) as digital assets in memory | ||
| Can protect the digital asset based on the currently logged-on user of a host device | ||
| Each and every enciphering/encryption of a protected digital asset produces a vastly different binary output, in both size and content, even from a rendering may immediately prior for the same source on the same device | ||
| No combination of any two of the three elements used to encipher a digital asset – the source, the result, and the protection metadata or key – can be used to extract the third element | ||
| Up to two dozen families of environment detection criteria, each optional, selectable, and configurable, can be used singly or in combination with the others to create a protection level | ||
| One security technoloigy can perform the functions of dozens of other technologies, and perform each of the other functions better | ||
| Can protect individual page elements and downloads in a browser | ||
| Can fully protect blockchain ledgers and wallets | ||
| Can fully protect apps an applications, including app and application subcomponents without writing any code | ||
| Can supply a safe and secure completely independent off-O/S environment in which a digital asset can be run, viewed, rendered, or explored | ||
| All applications connected to the technology are free to the consumer – only the content provider pays a small fee (fractions of a cent) for each group of protections in a protection level applied to protect a digital asset | ||
| Maintaining full security protection does not require modification in reaction to anything a hacker does (although all security protections can be modified dynamically if desired) | ||
| In the unlikely event of a breach, the hacker can obtain only one single digital asset – no other digital assets, including copies of the digital asset breached, are accessible using the same techniques, tools, information, or point of access | ||
| Can protect massive collections of individual digital assets (dozens of terabytes) with a one-pass application of one or more protection levels even if the digital assets are not in the same physical location | ||
| Little or no human involvement (avoids human error) at system setup, requires no regular maintenance, and no runtime human interaction whatsoever is required | ||
| System can be introduced incrementally (one digital asset at a time if desired), fully cooperative with all other systems, no startup costs or fees (other than fractions-of-a-penny AMULET licensing), unlike expensive all-or-nothing systems with exorbitant startup costs | ||
| Digital asset protection costs are zero to the consumers of the digital assets, the content provider pays fractions of a penny per group of protections applied to a digital asset, applying copies of the protection groups to other digital assets is free, all software and utilities are free (other than certain AMULET-enabled versions of consumer and custom apps”), and protected financial transactions are a penny or two each. | ||
| No onerous contracts inhibiting free speech, prohibiting full accountability, or preventing the simultaneous use of competitive products. | ||
| Malware removal | ||
| File quarantine | * | |
| Threat Identification | ||
| File/Folder scanning for viruses/malware | ||
| Firewall | ||
| Privacy Controls | * | |
| Block or alert the user about unauthorized inbound or outbound connection attempts | ||
| Identify and control applications on any port | ||
| File packet investigation | ||
| DDoS mitigation | * | |
| Encryption key management | * | |
| Event monitoring and logging | ||
| Data-at-Rest Encryption | * | |
| Device controls | ||
| Provide wipe of device if de-provisioned or out of compliance | ||
| Application configuration | ||
| Manage user access to applications | ||
| Context-aware authentication | ||
| Vulnerability audits for the consumer (evaluation and scoring) | ||
| Threat defense recommendations | ||
| Threat detection when new devices access your network | ||
| Stops known email threats | ||
| Instant threat intelligence updates | ||
| Apply policies across the organization | * | |
| Support mail validation (such as DKIM) | ||
| Supports email encryption | ||
| Restrict mobile access using URL wrapping | ||
| SPAM detection | ||
| Message tracking | ||
| Data loss prevention (DLP) – predefined dictionaries , identifiers, digital fingerprinting | ||
| Email archiving to support legal and regulatory retention requirements | ||
| Prevents “cold boot attacks” (encryption keys stored in memory) | * | |
| Can create hidden operating system | * | |
| Supports security (or cryptographic) tokens and smart cards | ||
| On-the-fly encrypted volumes | * | |
| Iterative key wrapping | * | |
| Data integrity verification – no undetected modification | ||
| Unique encryption keys used for each file and (re-)encryption | * |
| Capabilities | AMULET™ Tech | Symantec • Forcepoint • SnoopWall • StrikeForce • MobileIron • NowSecure |
|---|---|---|
| Fail safe – when errors occur, protected digital asset is always left in the protected state | ||
| Each individual digital asset is separately and independently protected | ||
| Subparts of an individual digital asset can be separately and independently protected (i.e. age-17-and-over-content in a move, or access to a menu iten in an application) | ||
| Protection is consistent across all operating systems, storage devices, transports, and memory | ||
| Level of protection for a digital asset can be varied at will in realtime wherever the digital asset might be and whenever there is network access | ||
| Digital asset protection levels remain at all times under the control of the original creator or owner, designee, or assignee | ||
| Protection criteria are separate from the protected digital asset, and can be separately acquired from other sources | ||
| Digital asset protections need not be removed, replaced, or modified when moving from storage to transport or vice-versa | ||
| Keyless – digital access protection requires no external key | ||
| Levels of protections can be shared among many digital assets, but indepedently | ||
| Multiple protections can be combined to protect a single digital asset | ||
| Overall system efficiency/costs can be significantly reduced by deciphering only when digital asset is needed (rather than at every handoff between silos/containers/transports) | ||
| Full-fledged security available through trusted proxy servers even for underpowered devices | ||
| Different stakeholders can separately apply protection unique to their interests to the same digital asset, with all parties’ interests honored | ||
| Protection criteria can consider physical (GPS) location of the device in realtime | ||
| Protection criteria can consider current time, and varying time spans of any number or patterns, when allowing access to a digital asset | ||
| Can protect the file (digital asset) on the server, even if the server protection is breached | ||
| Can detect unwanted file(s) on the operating system and provide or deny access to the digital asset accordingly | ||
| Can audit-trail access attempts made against the digital asset | * | |
| Can protect the digital asset during transport | ||
| Access to each individual digital asset can be controlled through logged-on-user rights | ||
| Access to each individual digital asset can be controlled by file-system-level read-write access rights | ||
| File differences/similarities can be identified through hashes | ||
| Natively cooperates with other types of cybersecurity | ||
| Security attributes can be grouped and accessed by user-created friendly names | ||
| Can provide or deny access to the digital asset based on the detection of unwanted process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing file(s) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of a missing process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of unwanted hardware on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing hardware on the host device | ||
| Can perform secure financial transactions in situ within the digital asset | ||
| After the digital asset has been viewed or accessed once, no unprotected copy exists anywhere (that is, the digital asset remins secure after viewing, rendition, or access) | ||
| The digital asset remains secure (including from capture or recording) as it is being viewed or accessed | ||
| Any copies made of the digital asset are as secure as is the original | ||
| Any copies made of the protection mechanism used for protecting digital assets are as secure as the original | ||
| A protected digital asset’s embedded I/P is just as secure in any one physical location (say, the US) as it is in any other (say China) irrespective of that location’s respect for (and adherence to) Western intellectual property law | ||
| Protected mobile digital assets are equally secure no matter where or when they travel, both when traveling and once landed | ||
| Protected digital assets, as well as their protective components, can reside on any operating or storage system | ||
| Technology can be used to indentify a sender as being absolutely safe, i.e., e-mail | ||
| Both sender and receiver’s security protection can be attached to a digital asset to ensure each party’s security interests, i.e. e-mail | ||
| Can ensure the security of a financial transaction through all steps of the transaction | ||
| Can protect individual cells, rows columns, tables, views, and/or stored procedures in a database as though they were digital assets | ||
| Performs deciphering/decryption operations to a safe, hidden location where no copies can be accessed via any means by any other party | ||
| Can protect the locations, identities and metadata of, as well as access to, connection endpoints as digital assets in memory | ||
| Can protect the locations, identities and metadata of, as well as access to, code snippets (including plain-text scripts) as digital assets in memory | ||
| Can protect the digital asset based on the currently logged-on user of a host device | ||
| Each and every enciphering/encryption of a protected digital asset produces a vastly different binary output, in both size and content, even from a rendering may immediately prior for the same source on the same device | ||
| No combination of any two of the three elements used to encipher a digital asset – the source, the result, and the protection metadata or key – can be used to extract the third element | ||
| Up to two dozen families of environment detection criteria, each optional, selectable, and configurable, can be used singly or in combination with the others to create a protection level | ||
| One security technoloigy can perform the functions of dozens of other technologies, and perform each of the other functions better | ||
| Can protect individual page elements and downloads in a browser | ||
| Can fully protect blockchain ledgers and wallets | ||
| Can fully protect apps an applications, including app and application subcomponents without writing any code | ||
| Can supply a safe and secure completely independent off-O/S environment in which a digital asset can be run, viewed, rendered, or explored | ||
| All applications connected to the technology are free to the consumer – only the content provider pays a small fee (fractions of a cent) for each group of protections in a protection level applied to protect a digital asset | ||
| Maintaining full security protection does not require modification in reaction to anything a hacker does (although all security protections can be modified dynamically if desired) | ||
| In the unlikely event of a breach, the hacker can obtain only one single digital asset – no other digital assets, including copies of the digital asset breached, are accessible using the same techniques, tools, information, or point of access | ||
| Can protect massive collections of individual digital assets (dozens of terabytes) with a one-pass application of one or more protection levels even if the digital assets are not in the same physical location | ||
| Little or no human involvement (avoids human error) at system setup, requires no regular maintenance, and no runtime human interaction whatsoever is required | ||
| System can be introduced incrementally (one digital asset at a time if desired), fully cooperative with all other systems, no startup costs or fees (other than fractions-of-a-penny AMULET licensing), unlike expensive all-or-nothing systems with exorbitant startup costs | ||
| Digital asset protection costs are zero to the consumers of the digital assets, the content provider pays fractions of a penny per group of protections applied to a digital asset, applying copies of the protection groups to other digital assets is free, all software and utilities are free (other than certain AMULET-enabled versions of consumer and custom apps”), and protected financial transactions are a penny or two each. | ||
| No onerous contracts inhibiting free speech, prohibiting full accountability, or preventing the simultaneous use of competitive products. | ||
| Malware removal | ||
| File quarantine | * | |
| Threat Identification | ||
| File/Folder scanning for viruses/malware | ||
| Firewall | ||
| Privacy Controls | ||
| Block or alert the user about unauthorized inbound or outbound connection attempts | * | |
| Identify and control applications on any port | ||
| File packet investigation | ||
| DDoS mitigation | * | |
| Encryption key management | * | |
| Event monitoring and logging | ||
| Data-at-Rest Encryption | ||
| Device controls | ||
| Provide wipe of device if de-provisioned or out of compliance | ||
| Application configuration | ||
| Manage user access to applications | ||
| Context-aware authentication | ||
| Vulnerability audits for the consumer (evaluation and scoring) | ||
| Threat defense recommendations | ||
| Threat detection when new devices access your network | ||
| Stops known email threats | ||
| Instant threat intelligence updates | ||
| Apply policies across the organization | ||
| Support mail validation (such as DKIM) | ||
| Supports email encryption | ||
| Restrict mobile access using URL wrapping | ||
| SPAM detection | ||
| Message tracking | ||
| Data loss prevention (DLP) – predefined dictionaries , identifiers, digital fingerprinting | ||
| Email archiving to support legal and regulatory retention requirements | ||
| Prevents “cold boot attacks” (encryption keys stored in memory) | * | |
| Can create hidden operating system | * | |
| Supports security (or cryptographic) tokens and smart cards | ||
| On-the-fly encrypted volumes | * | |
| Iterative key wrapping | * | |
| Data integrity verification – no undetected modification | ||
| Unique encryption keys used for each file and (re-)encryption | * |
| Capabilities | AMULET™ Technology | Symantec • Avast • Bitdefender • Avira • Kaspersky • Webroot • F-Secure Client Security • Sophos |
|---|---|---|
| Fail safe – when errors occur, protected digital asset is always left in the protected state | ||
| Each individual digital asset is separately and independently protected | ||
| Subparts of an individual digital asset can be separately and independently protected (i.e. age-17-and-over-content in a move, or access to a menu iten in an application) | ||
| Protection is consistent across all operating systems, storage devices, transports, and memory | ||
| Level of protection for a digital asset can be varied at will in realtime wherever the digital asset might be and whenever there is network access | ||
| Digital asset protection levels remain at all times under the control of the original creator or owner, designee, or assignee | ||
| Protection criteria are separate from the protected digital asset, and can be separately acquired from other sources | ||
| Digital asset protections need not be removed, replaced, or modified when moving from storage to transport or vice-versa | ||
| Keyless – digital access protection requires no external key | ||
| Levels of protections can be shared among many digital assets, but indepedently | ||
| Multiple protections can be combined to protect a single digital asset | ||
| Overall system efficiency/costs can be significantly reduced by deciphering only when digital asset is needed (rather than at every handoff between silos/containers/transports) | ||
| Full-fledged security available through trusted proxy servers even for underpowered devices | ||
| Different stakeholders can separately apply protection unique to their interests to the same digital asset, with all parties’ interests honored | ||
| Protection criteria can consider physical (GPS) location of the device in realtime | ||
| Protection criteria can consider current time, and varying time spans of any number or patterns, when allowing access to a digital asset | ||
| Can protect the file (digital asset) on the server, even if the server protection is breached | ||
| Can detect unwanted file(s) on the operating system and provide or deny access to the digital asset accordingly | ||
| Can audit-trail access attempts made against the digital asset | * | |
| Can protect the digital asset during transport | ||
| Access to each individual digital asset can be controlled through logged-on-user rights | ||
| Access to each individual digital asset can be controlled by file-system-level read-write access rights | ||
| File differences/similarities can be identified through hashes | ||
| Natively cooperates with other types of cybersecurity | ||
| Security attributes can be grouped and accessed by user-created friendly names | ||
| Can provide or deny access to the digital asset based on the detection of unwanted process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing file(s) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of a missing process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of unwanted hardware on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing hardware on the host device | ||
| Can perform secure financial transactions in situ within the digital asset | ||
| After the digital asset has been viewed or accessed once, no unprotected copy exists anywhere (that is, the digital asset remins secure after viewing, rendition, or access) | ||
| The digital asset remains secure (including from capture or recording) as it is being viewed or accessed | ||
| Any copies made of the digital asset are as secure as is the original | ||
| Any copies made of the protection mechanism used for protecting digital assets are as secure as the original | ||
| A protected digital asset’s embedded I/P is just as secure in any one physical location (say, the US) as it is in any other (say China) irrespective of that location’s respect for (and adherence to) Western intellectual property law | ||
| Protected mobile digital assets are equally secure no matter where or when they travel, both when traveling and once landed | ||
| Protected digital assets, as well as their protective components, can reside on any operating or storage system | ||
| Technology can be used to indentify a sender as being absolutely safe, i.e., e-mail | ||
| Both sender and receiver’s security protection can be attached to a digital asset to ensure each party’s security interests, i.e. e-mail | ||
| Can ensure the security of a financial transaction through all steps of the transaction | ||
| Can protect individual cells, rows columns, tables, views, and/or stored procedures in a database as though they were digital assets | ||
| Performs deciphering/decryption operations to a safe, hidden location where no copies can be accessed via any means by any other party | ||
| Can protect the locations, identities and metadata of, as well as access to, connection endpoints as digital assets in memory | ||
| Can protect the locations, identities and metadata of, as well as access to, code snippets (including plain-text scripts) as digital assets in memory | ||
| Can protect the digital asset based on the currently logged-on user of a host device | ||
| Each and every enciphering/encryption of a protected digital asset produces a vastly different binary output, in both size and content, even from a rendering may immediately prior for the same source on the same device | ||
| No combination of any two of the three elements used to encipher a digital asset – the source, the result, and the protection metadata or key – can be used to extract the third element | ||
| Up to two dozen families of environment detection criteria, each optional, selectable, and configurable, can be used singly or in combination with the others to create a protection level | ||
| One security technoloigy can perform the functions of dozens of other technologies, and perform each of the other functions better | ||
| Can protect individual page elements and downloads in a browser | ||
| Can fully protect blockchain ledgers and wallets | ||
| Can fully protect apps an applications, including app and application subcomponents without writing any code | ||
| Can supply a safe and secure completely independent off-O/S environment in which a digital asset can be run, viewed, rendered, or explored | ||
| All applications connected to the technology are free to the consumer – only the content provider pays a small fee (fractions of a cent) for each group of protections in a protection level applied to protect a digital asset | ||
| Maintaining full security protection does not require modification in reaction to anything a hacker does (although all security protections can be modified dynamically if desired) | ||
| In the unlikely event of a breach, the hacker can obtain only one single digital asset – no other digital assets, including copies of the digital asset breached, are accessible using the same techniques, tools, information, or point of access | ||
| Can protect massive collections of individual digital assets (dozens of terabytes) with a one-pass application of one or more protection levels even if the digital assets are not in the same physical location | ||
| Little or no human involvement (avoids human error) at system setup, requires no regular maintenance, and no runtime human interaction whatsoever is required | ||
| System can be introduced incrementally (one digital asset at a time if desired), fully cooperative with all other systems, no startup costs or fees (other than fractions-of-a-penny AMULET licensing), unlike expensive all-or-nothing systems with exorbitant startup costs | ||
| Digital asset protection costs are zero to the consumers of the digital assets, the content provider pays fractions of a penny per group of protections applied to a digital asset, applying copies of the protection groups to other digital assets is free, all software and utilities are free (other than certain AMULET-enabled versions of consumer and custom apps”), and protected financial transactions are a penny or two each. | ||
| No onerous contracts inhibiting free speech, prohibiting full accountability, or preventing the simultaneous use of competitive products. | ||
| Malware removal | ||
| File quarantine | * | |
| Threat Identification | ||
| File/Folder scanning for viruses/malware | ||
| Firewall | ||
| Privacy Controls | ||
| Block or alert the user about unauthorized inbound or outbound connection attempts | ||
| Identify and control applications on any port | ||
| File packet investigation | ||
| DDoS mitigation | * | * |
| Encryption key management | * | |
| Event monitoring and logging | ||
| Data-at-Rest Encryption | ||
| Device controls | ||
| Provide wipe of device if de-provisioned or out of compliance | ||
| Application configuration | ||
| Manage user access to applications | ||
| Context-aware authentication | ||
| Vulnerability audits for the consumer (evaluation and scoring) | ||
| Threat defense recommendations | ||
| Threat detection when new devices access your network | * | |
| Stops known email threats | ||
| Instant threat intelligence updates | ||
| Apply policies across the organization | ||
| Support mail validation (such as DKIM) | ||
| Supports email encryption | ||
| Restrict mobile access using URL wrapping | ||
| SPAM detection | ||
| Message tracking | ||
| Data loss prevention (DLP) – predefined dictionaries , identifiers, digital fingerprinting | ||
| Email archiving to support legal and regulatory retention requirements | ||
| Prevents “cold boot attacks” (encryption keys stored in memory) | * | |
| Can create hidden operating system | * | |
| Supports security (or cryptographic) tokens and smart cards | ||
| On-the-fly encrypted volumes | * | |
| Iterative key wrapping | * | |
| Data integrity verification – no undetected modification | ||
| Unique encryption keys used for each file and (re-)encryption | * |
| Capabilities | AMULET™ Technology | Digital Defense • Rapid7 • Tenable Network Security • GFI Software • FireEye • Sera-Brynn • BAE Systems • IBM • Lockheed Martin |
|---|---|---|
| Fail safe – when errors occur, protected digital asset is always left in the protected state | ||
| Each individual digital asset is separately and independently protected | ||
| Subparts of an individual digital asset can be separately and independently protected (i.e. age-17-and-over-content in a move, or access to a menu iten in an application) | ||
| Protection is consistent across all operating systems, storage devices, transports, and memory | ||
| Level of protection for a digital asset can be varied at will in realtime wherever the digital asset might be and whenever there is network access | ||
| Digital asset protection levels remain at all times under the control of the original creator or owner, designee, or assignee | ||
| Protection criteria are separate from the protected digital asset, and can be separately acquired from other sources | ||
| Digital asset protections need not be removed, replaced, or modified when moving from storage to transport or vice-versa | ||
| Keyless – digital access protection requires no external key | ||
| Levels of protections can be shared among many digital assets, but indepedently | ||
| Multiple protections can be combined to protect a single digital asset | ||
| Overall system efficiency/costs can be significantly reduced by deciphering only when digital asset is needed (rather than at every handoff between silos/containers/transports) | ||
| Full-fledged security available through trusted proxy servers even for underpowered devices | ||
| Protection criteria can consider physical (GPS) location of the device in realtime | ||
| Protection criteria can consider current time, and varying time spans of any number or patterns, when allowing access to a digital asset | ||
| Can protect the file (digital asset) on the server, even if the server protection is breached | ||
| Can detect unwanted file(s) on the operating system and provide or deny access to the digital asset accordingly | ||
| Can audit-trail access attempts made against the digital asset | * | |
| Can protect the digital asset during transport | ||
| Access to each individual digital asset can be controlled through logged-on-user rights | ||
| Access to each individual digital asset can be controlled by file-system-level read-write access rights | ||
| File differences/similarities can be identified through hashes | ||
| Natively cooperates with other types of cybersecurity | ||
| Security attributes can be grouped and accessed by user-created friendly names | ||
| Can provide or deny access to the digital asset based on the detection of unwanted process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing file(s) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of a missing process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of unwanted hardware on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing hardware on the host device | ||
| Can perform secure financial transactions in situ within the digital asset | ||
| After the digital asset has been viewed or accessed once, no unprotected copy exists anywhere (that is, the digital asset remins secure after viewing, rendition, or access) | ||
| The digital asset remains secure (including from capture or recording) as it is being viewed or accessed | ||
| Any copies made of the digital asset are as secure as is the original | ||
| Any copies made of the protection mechanism used for protecting digital assets are as secure as the original | ||
| A protected digital asset’s embedded I/P is just as secure in any one physical location (say, the US) as it is in any other (say China) irrespective of that location’s respect for (and adherence to) Western intellectual property law | ||
| Protected mobile digital assets are equally secure no matter where or when they travel, both when traveling and once landed | ||
| Protected digital assets, as well as their protective components, can reside on any operating or storage system | ||
| Technology can be used to indentify a sender as being absolutely safe, i.e., e-mail | ||
| Both sender and receiver’s security protection can be attached to a digital asset to ensure each party’s security interests, i.e. e-mail | ||
| Can ensure the security of a financial transaction through all steps of the transaction | ||
| Can protect individual cells, rows columns, tables, views, and/or stored procedures in a database as though they were digital assets | ||
| Performs deciphering/decryption operations to a safe, hidden location where no copies can be accessed via any means by any other party | ||
| Can protect the locations, identities and metadata of, as well as access to, connection endpoints as digital assets in memory | ||
| Can protect the locations, identities and metadata of, as well as access to, code snippets (including plain-text scripts) as digital assets in memory | ||
| Can protect the digital asset based on the currently logged-on user of a host device | ||
| Each and every enciphering/encryption of a protected digital asset produces a vastly different binary output, in both size and content, even from a rendering may immediately prior for the same source on the same device | ||
| No combination of any two of the three elements used to encipher a digital asset – the source, the result, and the protection metadata or key – can be used to extract the third element | ||
| Up to two dozen families of environment detection criteria, each optional, selectable, and configurable, can be used singly or in combination with the others to create a protection level | ||
| One security technoloigy can perform the functions of dozens of other technologies, and perform each of the other functions better | ||
| Can protect individual page elements and downloads in a browser | ||
| Can fully protect blockchain ledgers and wallets | ||
| Can fully protect apps an applications, including app and application subcomponents without writing any code | ||
| Can supply a safe and secure completely independent off-O/S environment in which a digital asset can be run, viewed, rendered, or explored | ||
| All applications connected to the technology are free to the consumer – only the content provider pays a small fee (fractions of a cent) for each group of protections in a protection level applied to protect a digital asset | ||
| Maintaining full security protection does not require modification in reaction to anything a hacker does (although all security protections can be modified dynamically if desired) | ||
| In the unlikely event of a breach, the hacker can obtain only one single digital asset – no other digital assets, including copies of the digital asset breached, are accessible using the same techniques, tools, information, or point of access | ||
| Can protect massive collections of individual digital assets (dozens of terabytes) with a one-pass application of one or more protection levels even if the digital assets are not in the same physical location | ||
| Little or no human involvement (avoids human error) at system setup, requires no regular maintenance, and no runtime human interaction whatsoever is required | ||
| System can be introduced incrementally (one digital asset at a time if desired), fully cooperative with all other systems, no startup costs or fees (other than fractions-of-a-penny AMULET licensing), unlike expensive all-or-nothing systems with exorbitant startup costs | ||
| Digital asset protection costs are zero to the consumers of the digital assets, the content provider pays fractions of a penny per group of protections applied to a digital asset, applying copies of the protection groups to other digital assets is free, all software and utilities are free (other than certain AMULET-enabled versions of consumer and custom apps”), and protected financial transactions are a penny or two each. | ||
| No onerous contracts inhibiting free speech, prohibiting full accountability, or preventing the simultaneous use of competitive products. | ||
| Malware removal | ||
| File quarantine | * | |
| Threat Identification | ||
| File/Folder scanning for viruses/malware | ||
| Firewall | ||
| Privacy Controls | ||
| Block or alert the user about unauthorized inbound or outbound connection attempts | ||
| Identify and control applications on any port | ||
| File packet investigation | ||
| DDoS mitigation | * | |
| Encryption key management | * | |
| Event monitoring and logging | ||
| Data-at-Rest Encryption | ||
| Device controls | ||
| Provide wipe of device if de-provisioned or out of compliance | ||
| Application configuration | ||
| Manage user access to applications | ||
| Context-aware authentication | ||
| Vulnerability audits for the consumer (evaluation and scoring) | ||
| Threat defense recommendations | ||
| Threat detection when new devices access your network | ||
| Stops known email threats | ||
| Instant threat intelligence updates | ||
| Apply policies across the organization | ||
| Support mail validation (such as DKIM) | ||
| Supports email encryption | ||
| Restrict mobile access using URL wrapping | ||
| SPAM detection | ||
| Message tracking | ||
| Data loss prevention (DLP) – predefined dictionaries , identifiers, digital fingerprinting | ||
| Email archiving to support legal and regulatory retention requirements | ||
| Prevents “cold boot attacks” (encryption keys stored in memory) | * | |
| Can create hidden operating system | * | |
| Supports security (or cryptographic) tokens and smart cards | ||
| On-the-fly encrypted volumes | * | |
| Iterative key wrapping | * | |
| Data integrity verification – no undetected modification | ||
| Unique encryption keys used for each file and (re-)encryption | * |
| Capabilities | AMULET™ Technology | Mimecast • Barracuda Networks • Proofpoint • Cisco • Microsoft • Forcepoint • Fortinet • Symantec • Sophos • McAfee |
|---|---|---|
| Fail safe – when errors occur, protected digital asset is always left in the protected state | ||
| Each individual digital asset is separately and independently protected | ||
| Subparts of an individual digital asset can be separately and independently protected (i.e. age-17-and-over-content in a move, or access to a menu iten in an application) | ||
| Protection is consistent across all operating systems, storage devices, transports, and memory | ||
| Level of protection for a digital asset can be varied at will in realtime wherever the digital asset might be and whenever there is network access | ||
| Digital asset protection levels remain at all times under the control of the original creator or owner, designee, or assignee | ||
| Protection criteria are separate from the protected digital asset, and can be separately acquired from other sources | ||
| Digital asset protections need not be removed, replaced, or modified when moving from storage to transport or vice-versa | ||
| Keyless – digital access protection requires no external key | ||
| Levels of protections can be shared among many digital assets, but indepedently | ||
| Multiple protections can be combined to protect a single digital asset | ||
| Overall system efficiency/costs can be significantly reduced by deciphering only when digital asset is needed (rather than at every handoff between silos/containers/transports) | ||
| Full-fledged security available through trusted proxy servers even for underpowered devices | ||
| Different stakeholders can separately apply protection unique to their interests to the same digital asset, with all parties’ interests honored | ||
| Protection criteria can consider physical (GPS) location of the device in realtime | ||
| Protection criteria can consider current time, and varying time spans of any number or patterns, when allowing access to a digital asset | ||
| Can protect the file (digital asset) on the server, even if the server protection is breached | ||
| Can detect unwanted file(s) on the operating system and provide or deny access to the digital asset accordingly | ||
| Can audit-trail access attempts made against the digital asset | * | |
| Can protect the digital asset during transport | ||
| Access to each individual digital asset can be controlled through logged-on-user rights | ||
| Access to each individual digital asset can be controlled by file-system-level read-write access rights | ||
| File differences/similarities can be identified through hashes | ||
| Natively cooperates with other types of cybersecurity | ||
| Security attributes can be grouped and accessed by user-created friendly names | ||
| Can provide or deny access to the digital asset based on the detection of unwanted process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing file(s) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of a missing process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of unwanted hardware on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing hardware on the host device | ||
| Can perform secure financial transactions in situ within the digital asset | ||
| After the digital asset has been viewed or accessed once, no unprotected copy exists anywhere (that is, the digital asset remins secure after viewing, rendition, or access) | ||
| The digital asset remains secure (including from capture or recording) as it is being viewed or accessed | ||
| Any copies made of the digital asset are as secure as is the original | ||
| Any copies made of the protection mechanism used for protecting digital assets are as secure as the original | ||
| A protected digital asset’s embedded I/P is just as secure in any one physical location (say, the US) as it is in any other (say China) irrespective of that location’s respect for (and adherence to) Western intellectual property law | ||
| Protected mobile digital assets are equally secure no matter where or when they travel, both when traveling and once landed | ||
| Protected digital assets, as well as their protective components, can reside on any operating or storage system | ||
| Technology can be used to indentify a sender as being absolutely safe, i.e., e-mail | ||
| Both sender and receiver’s security protection can be attached to a digital asset to ensure each party’s security interests, i.e. e-mail | ||
| Can ensure the security of a financial transaction through all steps of the transaction | ||
| Can protect individual cells, rows columns, tables, views, and/or stored procedures in a database as though they were digital assets | ||
| Performs deciphering/decryption operations to a safe, hidden location where no copies can be accessed via any means by any other party | ||
| Can protect the locations, identities and metadata of, as well as access to, connection endpoints as digital assets in memory | ||
| Can protect the locations, identities and metadata of, as well as access to, code snippets (including plain-text scripts) as digital assets in memory | ||
| Can protect the digital asset based on the currently logged-on user of a host device | ||
| Each and every enciphering/encryption of a protected digital asset produces a vastly different binary output, in both size and content, even from a rendering may immediately prior for the same source on the same device | ||
| No combination of any two of the three elements used to encipher a digital asset – the source, the result, and the protection metadata or key – can be used to extract the third element | ||
| Up to two dozen families of environment detection criteria, each optional, selectable, and configurable, can be used singly or in combination with the others to create a protection level | ||
| One security technoloigy can perform the functions of dozens of other technologies, and perform each of the other functions better | ||
| Can protect individual page elements and downloads in a browser | ||
| Can fully protect blockchain ledgers and wallets | ||
| Can fully protect apps an applications, including app and application subcomponents without writing any code | ||
| Can supply a safe and secure completely independent off-O/S environment in which a digital asset can be run, viewed, rendered, or explored | ||
| All applications connected to the technology are free to the consumer – only the content provider pays a small fee (fractions of a cent) for each group of protections in a protection level applied to protect a digital asset | ||
| Maintaining full security protection does not require modification in reaction to anything a hacker does (although all security protections can be modified dynamically if desired) | ||
| In the unlikely event of a breach, the hacker can obtain only one single digital asset – no other digital assets, including copies of the digital asset breached, are accessible using the same techniques, tools, information, or point of access | ||
| Can protect massive collections of individual digital assets (dozens of terabytes) with a one-pass application of one or more protection levels even if the digital assets are not in the same physical location | ||
| Little or no human involvement (avoids human error) at system setup, requires no regular maintenance, and no runtime human interaction whatsoever is required | ||
| System can be introduced incrementally (one digital asset at a time if desired), fully cooperative with all other systems, no startup costs or fees (other than fractions-of-a-penny AMULET licensing), unlike expensive all-or-nothing systems with exorbitant startup costs | ||
| Digital asset protection costs are zero to the consumers of the digital assets, the content provider pays fractions of a penny per group of protections applied to a digital asset, applying copies of the protection groups to other digital assets is free, all software and utilities are free (other than certain AMULET-enabled versions of consumer and custom apps”), and protected financial transactions are a penny or two each. | ||
| No onerous contracts inhibiting free speech, prohibiting full accountability, or preventing the simultaneous use of competitive products. | ||
| Malware removal | ||
| File quarantine | * | |
| Threat Identification | ||
| File/Folder scanning for viruses/malware | ||
| Firewall | ||
| Privacy Controls | ||
| Block or alert the user about unauthorized inbound or outbound connection attempts | ||
| Identify and control applications on any port | ||
| File packet investigation | ||
| DDoS mitigation | * | |
| Encryption key management | * | |
| Event monitoring and logging | ||
| Data-at-Rest Encryption | ||
| Device controls | ||
| Provide wipe of device if de-provisioned or out of compliance | ||
| Application configuration | ||
| Manage user access to applications | ||
| Context-aware authentication | ||
| Vulnerability audits for the consumer (evaluation and scoring) | ||
| Threat defense recommendations | ||
| Threat detection when new devices access your network | ||
| Stops known email threats | * | |
| Instant threat intelligence updates | ||
| Apply policies across the organization | ||
| Support mail validation (such as DKIM) | ||
| Supports email encryption | ||
| Restrict mobile access using URL wrapping | ||
| SPAM detection | ||
| Message tracking | ||
| Data loss prevention (DLP) – predefined dictionaries , identifiers, digital fingerprinting | ||
| Email archiving to support legal and regulatory retention requirements | ||
| Prevents “cold boot attacks” (encryption keys stored in memory) | * | |
| Can create hidden operating system | * | |
| Supports security (or cryptographic) tokens and smart cards | ||
| On-the-fly encrypted volumes | * | |
| Iterative key wrapping | * | |
| Data integrity verification – no undetected modification | ||
| Unique encryption keys used for each file and (re-)encryption | * |
| Capabilities | AMULET™ Technology | VeraCrypt • AxCrypt • Folder Lock • CryptoExpert • CertainSafe |
|---|---|---|
| Fail safe – when errors occur, protected digital asset is always left in the protected state | ||
| Each individual digital asset is separately and independently protected | ||
| Subparts of an individual digital asset can be separately and independently protected (i.e. age-17-and-over-content in a move, or access to a menu iten in an application) | ||
| Protection is consistent across all operating systems, storage devices, transports, and memory | ||
| Level of protection for a digital asset can be varied at will in realtime wherever the digital asset might be and whenever there is network access | ||
| Digital asset protection levels remain at all times under the control of the original creator or owner, designee, or assignee | ||
| Protection criteria are separate from the protected digital asset, and can be separately acquired from other sources | ||
| Digital asset protections need not be removed, replaced, or modified when moving from storage to transport or vice-versa | ||
| Keyless – digital access protection requires no external key | ||
| Levels of protections can be shared among many digital assets, but indepedently | ||
| Multiple protections can be combined to protect a single digital asset | ||
| Overall system efficiency/costs can be significantly reduced by deciphering only when digital asset is needed (rather than at every handoff between silos/containers/transports) | ||
| Full-fledged security available through trusted proxy servers even for underpowered devices | ||
| Different stakeholders can separately apply protection unique to their interests to the same digital asset, with all parties’ interests honored | ||
| Protection criteria can consider physical (GPS) location of the device in realtime | ||
| Protection criteria can consider current time, and varying time spans of any number or patterns, when allowing access to a digital asset | ||
| Can protect the file (digital asset) on the server, even if the server protection is breached | ||
| Can detect unwanted file(s) on the operating system and provide or deny access to the digital asset accordingly | ||
| Can audit-trail access attempts made against the digital asset | ||
| Can protect the digital asset during transport | * | |
| Access to each individual digital asset can be controlled through logged-on-user rights | ||
| Access to each individual digital asset can be controlled by file-system-level read-write access rights | ||
| File differences/similarities can be identified through hashes | ||
| Natively cooperates with other types of cybersecurity | ||
| Security attributes can be grouped and accessed by user-created friendly names | ||
| Can provide or deny access to the digital asset based on the detection of unwanted process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing file(s) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of a missing process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of unwanted hardware on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing hardware on the host device | ||
| Can perform secure financial transactions in situ within the digital asset | ||
| After the digital asset has been viewed or accessed once, no unprotected copy exists anywhere (that is, the digital asset remins secure after viewing, rendition, or access) | ||
| The digital asset remains secure (including from capture or recording) as it is being viewed or accessed | ||
| Any copies made of the digital asset are as secure as is the original | ||
| Any copies made of the protection mechanism used for protecting digital assets are as secure as the original | ||
| A protected digital asset’s embedded I/P is just as secure in any one physical location (say, the US) as it is in any other (say China) irrespective of that location’s respect for (and adherence to) Western intellectual property law | ||
| Protected mobile digital assets are equally secure no matter where or when they travel, both when traveling and once landed | ||
| Protected digital assets, as well as their protective components, can reside on any operating or storage system | ||
| Technology can be used to indentify a sender as being absolutely safe, i.e., e-mail | ||
| Both sender and receiver’s security protection can be attached to a digital asset to ensure each party’s security interests, i.e. e-mail | ||
| Can ensure the security of a financial transaction through all steps of the transaction | ||
| Can protect individual cells, rows columns, tables, views, and/or stored procedures in a database as though they were digital assets | ||
| Performs deciphering/decryption operations to a safe, hidden location where no copies can be accessed via any means by any other party | ||
| Can protect the locations, identities and metadata of, as well as access to, connection endpoints as digital assets in memory | ||
| Can protect the locations, identities and metadata of, as well as access to, code snippets (including plain-text scripts) as digital assets in memory | ||
| Can protect the digital asset based on the currently logged-on user of a host device | ||
| Each and every enciphering/encryption of a protected digital asset produces a vastly different binary output, in both size and content, even from a rendering may immediately prior for the same source on the same device | ||
| No combination of any two of the three elements used to encipher a digital asset – the source, the result, and the protection metadata or key – can be used to extract the third element | ||
| Up to two dozen families of environment detection criteria, each optional, selectable, and configurable, can be used singly or in combination with the others to create a protection level | ||
| One security technoloigy can perform the functions of dozens of other technologies, and perform each of the other functions better | ||
| Can protect individual page elements and downloads in a browser | ||
| Can fully protect blockchain ledgers and wallets | ||
| Can fully protect apps an applications, including app and application subcomponents without writing any code | ||
| Can supply a safe and secure completely independent off-O/S environment in which a digital asset can be run, viewed, rendered, or explored | ||
| All applications connected to the technology are free to the consumer – only the content provider pays a small fee (fractions of a cent) for each group of protections in a protection level applied to protect a digital asset | ||
| Maintaining full security protection does not require modification in reaction to anything a hacker does (although all security protections can be modified dynamically if desired) | ||
| In the unlikely event of a breach, the hacker can obtain only one single digital asset – no other digital assets, including copies of the digital asset breached, are accessible using the same techniques, tools, information, or point of access | ||
| Can protect massive collections of individual digital assets (dozens of terabytes) with a one-pass application of one or more protection levels even if the digital assets are not in the same physical location | ||
| Little or no human involvement (avoids human error) at system setup, requires no regular maintenance, and no runtime human interaction whatsoever is required | ||
| System can be introduced incrementally (one digital asset at a time if desired), fully cooperative with all other systems, no startup costs or fees (other than fractions-of-a-penny AMULET licensing), unlike expensive all-or-nothing systems with exorbitant startup costs | ||
| Digital asset protection costs are zero to the consumers of the digital assets, the content provider pays fractions of a penny per group of protections applied to a digital asset, applying copies of the protection groups to other digital assets is free, all software and utilities are free (other than certain AMULET-enabled versions of consumer and custom apps”), and protected financial transactions are a penny or two each. | ||
| No onerous contracts inhibiting free speech, prohibiting full accountability, or preventing the simultaneous use of competitive products. | ||
| Malware removal | ||
| File quarantine | * | |
| Threat Identification | ||
| File/Folder scanning for viruses/malware | ||
| Firewall | ||
| Privacy Controls | ||
| Block or alert the user about unauthorized inbound or outbound connection attempts | ||
| Identify and control applications on any port | ||
| File packet investigation | ||
| DDoS mitigation | * | |
| Encryption key management | * | |
| Event monitoring and logging | ||
| Data-at-Rest Encryption | * | |
| Device controls | ||
| Provide wipe of device if de-provisioned or out of compliance | ||
| Application configuration | ||
| Manage user access to applications | ||
| Context-aware authentication | ||
| Vulnerability audits for the consumer (evaluation and scoring) | ||
| Threat defense recommendations | ||
| Threat detection when new devices access your network | ||
| Stops known email threats | ||
| Instant threat intelligence updates | ||
| Apply policies across the organization | ||
| Support mail validation (such as DKIM) | ||
| Supports email encryption | ||
| Restrict mobile access using URL wrapping | ||
| SPAM detection | ||
| Message tracking | ||
| Data loss prevention (DLP) – predefined dictionaries , identifiers, digital fingerprinting | ||
| Email archiving to support legal and regulatory retention requirements | ||
| Prevents “cold boot attacks” (encryption keys stored in memory) | * | |
| Can create hidden operating system | * | |
| Supports security (or cryptographic) tokens and smart cards | ||
| On-the-fly encrypted volumes | * | |
| Iterative key wrapping | * | |
| Data integrity verification – no undetected modification | ||
| Unique encryption keys used for each file and (re-)encryption | * |
| Capabilities | AMULET™ Technology | LoRa • Zwave • ZigBee • Bluetooth • WiFi |
|---|---|---|
| Fail safe – when errors occur, protected digital asset is always left in the protected state | ||
| Each individual digital asset is separately and independently protected | ||
| Subparts of an individual digital asset can be separately and independently protected (i.e. age-17-and-over-content in a move, or access to a menu iten in an application) | ||
| Protection is consistent across all operating systems, storage devices, transports, and memory | ||
| Level of protection for a digital asset can be varied at will in realtime wherever the digital asset might be and whenever there is network access | ||
| Digital asset protection levels remain at all times under the control of the original creator or owner, designee, or assignee | ||
| Protection criteria are separate from the protected digital asset, and can be separately acquired from other sources | ||
| Digital asset protections need not be removed, replaced, or modified when moving from storage to transport or vice-versa | ||
| Keyless – digital access protection requires no external key | ||
| Levels of protections can be shared among many digital assets, but indepedently | ||
| Multiple protections can be combined to protect a single digital asset | ||
| Overall system efficiency/costs can be significantly reduced by deciphering only when digital asset is needed (rather than at every handoff between silos/containers/transports) | ||
| Full-fledged security available through trusted proxy servers even for underpowered devices | ||
| Different stakeholders can separately apply protection unique to their interests to the same digital asset, with all parties’ interests honored | ||
| Protection criteria can consider physical (GPS) location of the device in realtime | ||
| Protection criteria can consider current time, and varying time spans of any number or patterns, when allowing access to a digital asset | ||
| Can protect the file (digital asset) on the server, even if the server protection is breached | ||
| Can detect unwanted file(s) on the operating system and provide or deny access to the digital asset accordingly | ||
| Can audit-trail access attempts made against the digital asset | ||
| Can protect the digital asset during transport | ||
| Access to each individual digital asset can be controlled through logged-on-user rights | ||
| Access to each individual digital asset can be controlled by file-system-level read-write access rights | ||
| File differences/similarities can be identified through hashes | ||
| Natively cooperates with other types of cybersecurity | ||
| Security attributes can be grouped and accessed by user-created friendly names | ||
| Can provide or deny access to the digital asset based on the detection of unwanted process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing file(s) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of a missing process(es) on the host device | ||
| Can provide or deny access to the digital asset based on the detection of unwanted hardware on the host device | ||
| Can provide or deny access to the digital asset based on the detection of missing hardware on the host device | ||
| Can perform secure financial transactions in situ within the digital asset | ||
| After the digital asset has been viewed or accessed once, no unprotected copy exists anywhere (that is, the digital asset remins secure after viewing, rendition, or access) | ||
| The digital asset remains secure (including from capture or recording) as it is being viewed or accessed | ||
| Any copies made of the digital asset are as secure as is the original | ||
| Any copies made of the protection mechanism used for protecting digital assets are as secure as the original | ||
| A protected digital asset’s embedded I/P is just as secure in any one physical location (say, the US) as it is in any other (say China) irrespective of that location’s respect for (and adherence to) Western intellectual property law | ||
| Protected mobile digital assets are equally secure no matter where or when they travel, both when traveling and once landed | ||
| Protected digital assets, as well as their protective components, can reside on any operating or storage system | ||
| Technology can be used to indentify a sender as being absolutely safe, i.e., e-mail | ||
| Both sender and receiver’s security protection can be attached to a digital asset to ensure each party’s security interests, i.e. e-mail | ||
| Can ensure the security of a financial transaction through all steps of the transaction | ||
| Can protect individual cells, rows columns, tables, views, and/or stored procedures in a database as though they were digital assets | ||
| Performs deciphering/decryption operations to a safe, hidden location where no copies can be accessed via any means by any other party | ||
| Can protect the locations, identities and metadata of, as well as access to, connection endpoints as digital assets in memory | ||
| Can protect the locations, identities and metadata of, as well as access to, code snippets (including plain-text scripts) as digital assets in memory | ||
| Can protect the digital asset based on the currently logged-on user of a host device | ||
| Each and every enciphering/encryption of a protected digital asset produces a vastly different binary output, in both size and content, even from a rendering may immediately prior for the same source on the same device | ||
| No combination of any two of the three elements used to encipher a digital asset – the source, the result, and the protection metadata or key – can be used to extract the third element | ||
| Up to two dozen families of environment detection criteria, each optional, selectable, and configurable, can be used singly or in combination with the others to create a protection level | ||
| One security technoloigy can perform the functions of dozens of other technologies, and perform each of the other functions better | ||
| Can protect individual page elements and downloads in a browser | ||
| Can fully protect blockchain ledgers and wallets | ||
| Can fully protect apps an applications, including app and application subcomponents without writing any code | ||
| Can supply a safe and secure completely independent off-O/S environment in which a digital asset can be run, viewed, rendered, or explored | ||
| All applications connected to the technology are free to the consumer – only the content provider pays a small fee (fractions of a cent) for each group of protections in a protection level applied to protect a digital asset | ||
| Maintaining full security protection does not require modification in reaction to anything a hacker does (although all security protections can be modified dynamically if desired) | ||
| In the unlikely event of a breach, the hacker can obtain only one single digital asset – no other digital assets, including copies of the digital asset breached, are accessible using the same techniques, tools, information, or point of access | ||
| Can protect massive collections of individual digital assets (dozens of terabytes) with a one-pass application of one or more protection levels even if the digital assets are not in the same physical location | ||
| Little or no human involvement (avoids human error) at system setup, requires no regular maintenance, and no runtime human interaction whatsoever is required | ||
| System can be introduced incrementally (one digital asset at a time if desired), fully cooperative with all other systems, no startup costs or fees (other than fractions-of-a-penny AMULET licensing), unlike expensive all-or-nothing systems with exorbitant startup costs | ||
| Digital asset protection costs are zero to the consumers of the digital assets, the content provider pays fractions of a penny per group of protections applied to a digital asset, applying copies of the protection groups to other digital assets is free, all software and utilities are free (other than certain AMULET-enabled versions of consumer and custom apps”), and protected financial transactions are a penny or two each. | ||
| No onerous contracts inhibiting free speech, prohibiting full accountability, or preventing the simultaneous use of competitive products. | ||
| Malware removal | ||
| File quarantine | * | |
| Threat Identification | ||
| File/Folder scanning for viruses/malware | ||
| Firewall | ||
| Privacy Controls | ||
| Block or alert the user about unauthorized inbound or outbound connection attempts | ||
| Identify and control applications on any port | ||
| File packet investigation | ||
| DDoS mitigation | * | |
| Encryption key management | * | |
| Event monitoring and logging | ||
| Data-at-Rest Encryption | ||
| Device controls | ||
| Provide wipe of device if de-provisioned or out of compliance | ||
| Application configuration | ||
| Manage user access to applications | ||
| Context-aware authentication | ||
| Vulnerability audits for the consumer (evaluation and scoring) | ||
| Threat defense recommendations | ||
| Threat detection when new devices access your network | ||
| Stops known email threats | ||
| Instant threat intelligence updates | ||
| Apply policies across the organization | ||
| Support mail validation (such as DKIM) | ||
| Supports email encryption | ||
| Restrict mobile access using URL wrapping | ||
| SPAM detection | ||
| Message tracking | ||
| Data loss prevention (DLP) – predefined dictionaries , identifiers, digital fingerprinting | ||
| Email archiving to support legal and regulatory retention requirements | ||
| Prevents “cold boot attacks” (encryption keys stored in memory) | * | |
| Can create hidden operating system | * | |
| Supports security (or cryptographic) tokens and smart cards | ||
| On-the-fly encrypted volumes | * | |
| Iterative key wrapping | * | |
| Data integrity verification – no undetected modification | ||
| Unique encryption keys used for each file and (re-)encryption | * |
* indicates a note (hover over the item to view the specific information)
NOTE: This chart represents a general summary of information across a lot of products, many of which are continually changing, so may not be representative of a specific product or version.
