Protect On Q v3.2
Strengths: The POQ protected browser
Weaknesses: Product cost
Verdict: Good product, but overall cost a bit high
Protect On Q (POQ) v3.2 from Quarri takes a fairly unique approach to endpoint protection. It is a security software solution that helps to prevent data leakage. It employs a secure browser as the vehicle to protection. The protected browser is deployed to secure only the single web session and is controlled by corporate IT professionals via a centrally configured policy.
Using its patented technology, the POQ-hardened browser shields sensitive data from keyloggers, frame grabbers, session hijacking, cache miners and malware, while blocking inbound attacks as well. It also enables organisations to enforce security policies that prevent end-users from copying, saving, printing or screen-capturing browser-delivered data, including from browser-launched processes.
POQ is delivered on-the-fly to Windows devices when end-users log in, ensuring privacy by encrypting session data, including cache files, cookies, password store and history. All session data is overwritten and deleted at the end of the session. It also protects against session hijacking by controlling all browser networking. It enforces security in a protected session - no other browser instances or applications are affected. It integrates directly with web servers or with popular web gateway/frontends.
The tool can be configured to either be optional (end-user clicks a link on a web page to start the protected session) or required (end-user must be running a POQ browser in order to access the web application or site). When enforcing usage, this provides an encrypted value supplied in HTTP request headers validating that the inbound web communication is coming from a real POQ-protected session. This enables web applications to deliver sensitive data and transactions.
The product is easy to use as the work is done in the browser. Another interesting feature is the use of 'bypass POQ on launch failure'. This allows an authorised user to launch a URL instead of generating an error message. This is handy in a situation where it is important to have a flawless launch of the browser.
Documentation provided for POQ included a quick-start guide, an administrator guide, three software documents and a number of example files to help with policies and other features and functions. Installation started with a master console. This is delivered by either a virtual appliance or through a custom deployment into Tomcat or another engine supporting Java Servlet 3.0. In either case, the system requirements are low.
Support is provided as part of the subscription terms of one, two or three years. Standard support includes eight-hours-a-day/five-days-a-week technical assistance. An additional fee-based option is available at 15 per cent of the subscription fee. Aid is delivered by phone, email, a link on the company's website, a knowledgebase and a FAQs section.
Value for the money spent is good.