Stormshield Endpoint Security

The future of Next Generation Endpoint and Data Protection for the enterprise is here.

The Next Generation Endpoint Protection (NGEPP) Stormshield Endpoint Security (SES) is an innovative multi-module EPP Security Product from Airbus Defence and Space delivered through a single-agent, single management console architecture and used as a key component of their protection by leading organizations worldwide. While SES has a comprehensive suite of outstanding Next Generation protections, SES has established itself as a pioneer and leader in the area of Memory Intrusion Protection (MIPS) that allows it to provide a unique capability to identify and stop unknown attacks. As a result, SES MIPS stands alone in its capacity to identify and stop all types of malware, including fileless malware, virtually eliminating zero-day exposures.


Built on the Next Generation Endpoint Protection Model

Organizations across the world are frustrated with the ineffectiveness of traditional endpoint security products and their inability to stop the constantly increasing and ever-more sophisticated attacks.  As a result, a new generation of endpoint solutions has been created that can provide effective security.  In order to provide NGEPP effectiveness these new protections must be lightweight, work in the existing security ecosystem and work across platforms independent of a real-time connection.

Explore the core next generation endpoint protection (NGEPP) features:


SES Lightweight, multi-module, single agent next generation endpoint protection

  • Defense in depth protects the system from unknown attacks, its network connections from misuse and the data from loss and theft
  • Automatic Dynamic Policy Enforcement ensures the right endpoint protections and controls are in place at the right time based on the changing risk profile of the computer
  • Centralized management across servers, desktops and laptops provides complete endpoint control for the enterprise

Protection against advanced memory-based threats and zero-day attacks

  • Unique innovative memory intrusion prevention system (MIPS) protects against all “next generation” malwares including unknown and fileless malware
  • Proactive host intrusion prevention system (HIPS) and a host-based firewall protects the system from malicious inbound and outbound network activity
  • Integrated security functions like anti-virus, anti-spyware, and application whitelisting provide the traditional protections needed to meet internal and regulatory auditing and compliance requirements

Dynamic network/device/application monitoring, auditing and control

  • Dynamic network access controls enforce wired, wireless and VPN policies while on the corporate network, off the corporate network and on public networks
  • Wi-Fi protections secure connections and enforce policies to restrict connections to specific wireless access points
  • Integrated device control monitors, audits and enforces removable device policies at a granular level to ensure that worker productivity remains high but data remains in IT's control at all times
  • Application whitelisting capabilities gives IT confidence their systems are using the right applications for the jobs intended and automatically stops applications that are unsafe

Built-in and extensible data encryption for content protection and collaboration

  • Full disk encryption ensures the entire drive is protected in the case of a lost or stolen system
  • File and folder-based encryption applies additional protections in the case of a malicious insider
  • Removable device encryption ensures data is protected at all times, even when the data leaves the endpoint system via USB drive or other removable media
  • Integration with Stormshield Data Security for encrypted data rooms that enable secure content collaboration