B.E. Professional security product is an enterprise solution for larger corporations who would prefer to have their B.E. Server hosted in-house.
The Administrators within the larger organizations would roll the B.E. Client out the company’s network to all relevant devices.
The Beyond Encryption solution enables any organization to target, with pinpoint accuracy, its sensitive information on a device, regardless of location, and protect it. So the B.E. Prime solution is perfect for those smaller outfits who understand the importance and critical need to protect and secure their data and mobile devices without having to deploy the larger enterprise solution.
The technology behind the solution consists of four discrete components:
- A server (B.E. Server) that maintains account information, policies, and settings associated with each individual device that has the B.E. Client deployed on it. The B.E. Server integrates with Active Directory and can maintain a live connection with same.
- A client agent (B.E. Client) that resides on each device under management, whose job it is to maintain contact with and carry out instructions issued from the B.E. Server. The B.E. Client cannot be removed from a device by the Device User.
- A Secure Communications Channel (SCC) which provides a secure encrypted point-to-point communication channel between the B.E. Client and the B.E. Server.
- A series of core security commands that the B.E. Server issues to the B.E. Client using the Secure Communications Channel for execution on the device.
The B.E. Server silently installs the B.E. Client on each of the devices under management. This is done without the need for any end user intervention. The Device user can’t prevent the solution being deployed and can’t prevent the security commands being actioned. Once the client is installed on the device it creates a heartbeat connection with the B.E. Server. This connection can be through LAN / WAN / Internet / GPRS.
When there is a direct connection between the B.E. Client and the B.E. Server the Administrator can perform any of the following actions:
- Remote Data File Transfer – silently and securely transfer any file(s) from the device back to the B.E Server
- Remote Data Freeze – silently freezes any file(s) on the device by applying a layer of AES 256 bit encryption on the file(s)
- Remote Data Erase – silently erase any file(s) on the device to DoD 5220.22-M Standard
- Remote Device Lockdown – completely remove user access to the device and put the device into a lockdown loop.
The solution has complete audit functionality. Every action that the technology performs on a device and its data is logged and available for reporting and audit compliance. This is an imperative for compliance.
In addition to the direct action Reactive Security we’ve also built a Timed Security mode and a Geographic Security mode.