Greynet Enterprise Manager (GEM)

GEM™ enables organizations to manage security policies and aggregate reporting for IM, P2P and spyware traffic across distributed enterprise environments. By integrating with RTGuardian and other components of FaceTime Enterprise Edition, GEM delivers the first network-based anti-spyware solution to targeted remediation and repair of infected endpoints without deploying client software.

GEM comprises two components:

GEM Management Console provides a unified view of all reports generated by multiple RTGuardians across the enterprise. Centralized device management provides health, status and firmware version reports.

• Reports actions taken on spyware infections down to the machine and user level, not just IP addresses
• Discovers and cross-references IM and P2P installations with policies to enforce appropriate usage
• Intelligently interprets traffic and activity on the network, providing additional insight into network performance
• Collects additional data from RTGuardian installations:
• Real-time IM, P2P, HTTP, other TCP, and UDP traffic monitoring
• IM network activities, unauthorized port usage, attempted policy breaches, and other non-typical behavior
• Gateway enforcement actions including blocking network access, file transfer, protocol type and client connection
• Prevention, usage, policy and events reports with a dashboard summary

GEM Endpoint Remediation uses information from the aggregated RTGuardian gateway reports to trigger targeted remediation of spyware-infected endpoints. The clientless architecture ensures efficient cleaning and inoculation of endpoints to prevent future infections from known spyware.

• No client software deployment - endpoint scanning is enabled through on-demand remote scanning agent
• Uses existing anti-spyware policies to determine remediation across groups of clients
• Global and custom policies can be used to enable, disable, or schedule scanning, cleaning, and inoculation
• All endpoints are scanned by default - any infections found are automatically cleaned on discovery
• Endpoints are protected from future infections by inoculation with known spyware signatures
• Administrators can specify either or both of two mechanisms for inoculating endpoints:
  • Set kill flags on Active X to prevent drive-by infections through Internet Explorer
  • Enforce Software Restriction Policies (SRP) to prevent existing spyware infections from executing

• Aggregate reports from multiple RTGuardian appliances to provide visibility into IM and P2P usage as well as endpoint spyware infections
• Deliver user and host level visibility through Active Directory integration
• Identify endpoints with phone-home spyware infections detected by RTGuardian
• Apply appropriate anti-spyware policies to scan, clean, and inoculate infected endpoints without the need for local agents
• Prevent spyware from downloading or executing on the client using patent-pending endpoint inoculation

Using GEM in conjunction with RTGuardian, organizations will benefit from:

• Greater productivity through reduced inbound threats
• Lower risk of confidential information leakage through outbound threats
• Compliance with regulatory and corporate policies and requirements
• Lower cost of deployment and management through leverage of existing IT and security infrastructure
• Investment protection through extensible framework for emerging applications and protocols