Understanding built-in and custom security policies

SES Evolution is equipped with several built-in security policies that can block the behavior and techniques used by most malicious programs, regardless of their purpose, e.g., Trojan horses, remote control tools, ransomware, password stealers, etc. The following are built-in policies:

• Default Stormshield policy - It functions on several stages in an attack cycle to guarantee deep defense. It detects attacks from as early as the initial infection – when an infected e-mail attachment is opened, for example – to when the attack is already entrenched in the information system. It therefore blocks attempts to disguise attacks, or persistent attacks, privilege escalation, password theft, the exploitation of vulnerabilities in the operating system, and even the attempts of ransomware to encrypt files.
  This security policy is applied by default to agent groups.
• Backoffice component protection policy - It guarantees the protection of SES Evolution backoffice components: the backend, agent handlers and the administration console. It contains the same protections as the default policy, but with the addition of several protection rules that strengthen the security of protected processes and block attempts to read or modify their configuration data.
  You can apply this policy as is to agent groups that contain backoffice components.

Built-in policies consist of built-in rule sets. For more information, refer to the section Understanding built-in rule sets.

If built-in policies do not cover all use cases, you can create custom security policies that adapt closely to your infrastructure. To do so, use the rule sets that make up the built-in policies or create your own rule sets. For more information, refer to the section Creating security policies.

EXAMPLE
Create rules to manage access to the corporate network of your mobile collaborators, or manage the use of trusted devices in your pool.