The OESIS Framework features a modular software architecture. It can easily be integrated into an endpoint solution without any performance impact or excessive resource consumption. The modular architecture also enables customers to license any, some, or all of these modules. OESIS is optimized for performance and size. Below is an overview of the modules available in the OESIS Framework
Determine what applications are installed on a given endpoint. The ability to detect applications very quickly makes it easy to embed this functionality in all types of applications, including compliance checks for NAC or other access control. Detected applications are automatically classified into the proper category.
Modify the settings of applications on a given endpoint. This module supports common and application specific operations for thousands of applications. Example uses include enabling real time protection or updating malware definitions for antivirus software, or enabling antiphishing detection on the browser, or even changing the default browser.
Rapidly assess the vulnerability of any system or collection of endpoint devices. This module provides the ability to monitor software applications that are considered to be the most common vectors for attack and determine whether they are out of date. This module also provides the ability to initiate updates of applications that are found to be out of date. The Vulnerability Assessment Module has been optimized for speed and designed to focus on the applications that are most frequently targeted by malicious activities.
Quickly, silently, and efficiently remove applications from an endpoint. Applications like browser toolbars can be classified, in bulk or on granular level, as Potentially Unwanted Applications (PUA) and removed from endpoints. The Removal Module also offers the capability to remove antivirus programs that conflict with the organizations’ preferred choice even if the antivirus password is not known. The Removal Module supports many of the functionalities of OPSWAT’s AppRemover product.
Please download the OESIS Framework brochure for additional information.
The Detection Module of OESIS is used to identify applications installed on an endpoint. OESIS supports the detection of thousands of applications from 15 categories, and APIs are provided to gather application details such as vendor, version, running state, installation directory, authenticity of the product, components and more.
The Detection Module is the foundation for the other modules. Once an application is detected, you can modify its settings using the Manageability Module, check for potential threat vectors using the Vulnerability Module, or even uninstall it using the Removal Module.
After the Detection Module detects installed applications on endpoint devices, the Manageability Module enables governance of these applications. APIs provided by the Manageability Module check and remediate application specific settings. Solutions developed using these APIs allow a fine-grained control over applications.
APIs for managing different types of applications are categorized into common and advanced methods. Common functions like start and terminate application are supported for all application types. Advanced functions supported depend on the type of application.
Below are some of the features supported for several of the application types. A full set of APIs supported for different application types are detailed in the API documentation.
The APIs supported for antivirus applications include updating malware definitions, launching a full system scan, turning real time protection on or off and more. These APIs can be used to maintain an antivirus solution at an optimal state to reduce threat to an endpoint. Retrieving the threat detection log from the antivirus application is another API that can be used to gather data for analysis or to uncover potential issues, like a persistent threat that the antivirus application is not able to permanently remove. The threat detection logs can also help identify widespread threats that are spreading in your network. Having this type of information from endpoints is critical when responding to a serious security breach.
The Browser APIs allow checks for whether the antiphishing setting is enabled on all browsers or a specific browser. Phishing sites remain a very common vector for serious infections, especially with Trojans that have the potential to compromise your entire network. APIs to delete bookmarks, check validity of certificates and delete the cache are supported as well.
The APIs for firewalls enable a check for whether the firewall is enabled as well as whether any custom rules that may be mandated by your organization’s policies are being followed, such as disallowing P2P or network gaming ports and protocols. Files downloaded from P2P networks are very often infected with Trojans or viruses.
The Vulnerability Assessment Module of OESIS provides a very quick vulnerability assessment of the most commonly targeted applications by comparing the installed version against the latest available version of an application. For out-of-date applications, OESIS also provides the ability to initiate an update to the latest version. Customer solutions can utilize the information provided by the Vulnerability Assessment Module to make endpoint devices more secure.
The Vulnerability Assessment Module concentrates on applications like Browsers, Java, Operating Systems, document applications, and Adobe software that are top targets for attacks. According to recent studies, attacks on these applications contribute to the majority of attacks. Beyond these applications, common third party applications on Windows and many Antivirus applications are supported. OESIS can detect the installed versions and report whether all critical applications are running at the latest version.
Solutions like NAC and VPN need to make quick decisions on whether an endpoint can be allowed into the network. Many vulnerability assessment solutions in the market take tens of minutes to scan an endpoint to determine vulnerability. OESIS Framework makes quick vulnerability assessments by comparing the installed and the latest available versions of applications on an endpoint.
Recent studies have shown that keeping applications up to date on all machines across the entire organizational network can dramatically reduce exposure to security threats. OESIS gathers information about the latest available versions for endpoint applications by connecting to external feeds. Any mismatch between the installed and latest available versions is reported. Solutions using the Vulnerability Assessment Module can strengthen the security of endpoints by confirming all critical components are running at the latest version.
OESIS Framework implements several other vulnerability assessment mechanisms. OESIS enables customer solutions to configure, manage and remove Potentially Unwanted Applications. There are many types of applications that can be classified as potentially unwanted, and some of these may make an endpoint device vulnerable. The ability to classify, detect, and remove (supported by the Removal module of OESIS) these unwanted applications can make an end device more secure. OESIS can also be used to update Antivirus products to the latest malware definition, thus reducing the vulnerability.
For a list of supported applications, click here.
The Removal Module of OESIS, formerly known as AppRemover, provides the ability to uninstall applications from endpoints. It may be necessary to remove applications to ensure the safety and security of the endpoints and the network. Removing applications can be a difficult process due to password protection, incomplete removal by the application’s own uninstaller leaving lingering files and folders on the system, and forced end user interaction. OESIS brings simplicity into removing unwanted applications.
The Removal Module supports uninstallation of applications like toolbars, public file sharing applications, cloud storage, anti-malware applications and other security applications.
Software like Browser toolbars, Public File Sharing programs, Botware, Adware and backup or cloud sync applications may be considered unwanted applications and need to be removed from endpoints. OESIS Framework provides APIs to detect, classify, and remove these applications.
Incompatible or non-standard antivirus applications may need to be removed prior to installing Antivirus applications approved for corporate wide use. OESIS provides that ability to easily perform these uninstallations without input from the end user.
The Removal Module removes Antivirus or other applications silently, without needing any protection passwords or user interaction.
The Removal Module can also remove applications that previously failed to uninstall or left traces in the system.