Managing profiles
Netzilo ensures the protection of data on endpoints by creating secure workspace and browser protection areas through profiles, offering comprehensive protection and control for any application. These environments, equipped with various security features, allow for the addition of posture checks, facilitating the creation of advanced control and access scenarios.
Creating profiles
After accessing the Access Control > Profiles tab, click on the Add Profile button to create a new profile. In the popup, specify operating system and applied groups, and select protection methods Netzilo Workspace, Disposable Browser and Netzilo Browser Extension whatever needed. Finally, provide a name and description for your profile.
Netzilo is designed to provide protection at every stage where data is present, utilizing the latest technologies to establish high-level security areas. In the aspect of protecting data on endpoints, Netzilo has designed the following modules:
- Netzilo Workspace
- Disposable Browser
- Netzilo Browser Extension
Netzilo Workspace
Creates a secure and isolated enclave on endpoints to protect data accessed by work applications
Work Apps
To protect and run a native application within a secure environment using Netzilo, simply use the "Add Application" feature in the Workapp section.
Enter the path information of the native application you wish to secure. This section also supports regular expressions for added flexibility. Please note that the application must be present on the end user's device.
Restrictions
For the defined Workapp, you can specify the desired protection features and restrictions by selecting the 'Restrictions' tab. This tab provides a comprehensive list of all available protection features, which can be activated in real-time from this page.
Use Isolated enclave
This section facilitates the virtualization of the workspace on the operating system, ensuring all communications are fully encrypted. It also enables the configuration of virtual overlay networks for secure access to the corporate network. Additionally, document shortcuts can be created for direct desktop access. From this section, you can also decide whether encrypted documents downloaded within the workspace should be wiped or retained when the workspace is closed.
Add watermarks
In this section, you can define the watermark text that you want to appear within the workspace screen. For example, the necessary command to display the username of the workspace user and the date can be entered here.
Restrict Clipboard Access
This feature prevents users from copying and pasting data from the workspace to external applications. It is designed to prevent sensitive data within the workspace from being transferred out.
Restrict Printing
With this feature, you can block the ability to print documents or content displayed within the workspace, ensuring that sensitive information cannot be printed.
Restrict Screen Sharing
This feature prevents screen capture or sharing applications from recording the workspace screen. If an attempt is made, the screen will be completely obscured, preventing any visual information from being captured.
Record Desktop Activity
This feature enables the recording of desktop activity during the use of the workspace, with the ability to store recordings in Amazon S3 cloud or locally on Min.io. This feature cannot be activated without storage (S3 or Min.io) integration. To enable this feature, a privacy policy document link must be shared with the user. The user must accept this document before screen recording can begin; if not accepted, the workspace cannot be used. While recording is active, the user will see a continuous notification at the top of the screen. If the recording is stopped, the workspace will automatically close. The recording also stops automatically when the workspace is closed. You can view the screen recording logs in the Activity Reports.
Restrict Key-logging
This security measure protects against one of the most common attack types: keyloggers. When enabled, any keylogger software on the device is prevented from reading or stealing any data from keystrokes.
Verify Workspace Integrity
When this feature is activated, the workspace automatically protects itself in case of any attack (e.g., memory injection). The system will automatically terminate the session to safeguard the workspace.
Create Desktop Shortcut for Work Apps
This feature allows the automatic creation of a folder on the desktop for easy access to workspace applications. If these applications are also present on the device, they can be launched directly from this folder within the workspace.
Show blue border
This feature surrounds the workspace with a blue border, making it distinguishable from other applications and systems. It also indicates to the user that they are in a secure environment.
Posture Check
Additionally, you can apply extra posture check controls to the workspace created. To do this, navigate to the 'Posture Check' tab and select the 'New Posture Check' option.
At this stage, similar to the policy screen, you can add the desired posture check control from the available options to the workspace rules being created.
Once all the configurations are complete, click 'Save Changes' to activate your workspace.
This module creates a secure, isolated environment for users to perform their tasks without risking data leakage or unauthorized access. By ensuring all activities occur within this protected workspace, Netzilo minimizes the threat of data breaches and maintains strict control over sensitive information.
Disposable Browser
Choose a folder name where users can find shortcuts for disposable browsers
To enhance security, Netzilo offers disposable browsers that can be used for specific sessions and then discarded. This approach ensures that no data is left behind once the session ends, preventing any potential security breaches from lingering data. These browsers are ideal for accessing sensitive information or conducting transactions that require an extra layer of securit
Netzilo Browser Extension
Installs Netzilo enterprise browser extension to protect data delivered through web applications
You can customize DLP controls from this section. Various security controls are available, such as restricting file downloads based on domains, redacting and masking sensitive information (like SSNs and credit card numbers) from content, adding watermarks, and blocking URLs. You can instantly activate the required feature from here.
Restrict Downloads
Restrict files that could be downloaded from matching web domains
Block URLs
Define URL patterns that should be blocked from being accessed
Restrict Content
Define data restriction options and access levels
Redact Data
Define sensitive data patterns and mask them before displaying
Add Watermark
Adds a watermark to web site while visiting
Restrict Clipboard
Restrict copying and pasting data from matching web domains
Restrict Printing
Prevents browser from printing sensitive data from matching domains
Restrict Uploading Source Code
Detect and block source code upload heuristically
Restrict Viewing Source Code
Detect and redact source code snippets in pages
Restrict Viewing Classified Content
Block access to content based on your organization's data classification labels.
Prevent LLM Prompt Injections
Intercept and secure AI conversations against injection attacks
Make Session Cookies Temporary
Marks session cookies for deletion when the browser is closed
Show Gray Border
Draws a gray border around protected web content
Allow Exceptions
Define exceptions for restrictions for certain users
Additionally, you can apply extra posture check controls to the browser extension created. To do this, navigate to the 'Posture Check' tab and select the "Browse" or 'New Posture Check' option.
The browser extension offers an additional layer of security for users browsing the internet. It monitors and controls access to web applications, ensuring that data remains protected even during online interactions. This extension also provides real-time protection against web-based threats and unauthorized data access.
If necessary, you can create new groups simply by entering new names in the input box for either the source or destination lists.
Once you have finished configuring the profile, click Add Profile to save it. You will then see your new profile in the table.
