The Reactive Security part of the solution is typically the starting point for the deployment.  Once the B.E. Client has been installed on the remote devices the BEenterprise™ solution can immediately begin supporting other data protection solutions that that the organization has in place.  It allows the organization to respond to data security incidents without any additional education required for the Device Users.

Remote Freeze and Unfreeze

The Administrator can send a Remote Freeze command to the device and based on the BE Smart Options selected they can freeze or encrypt anything from a single word document to the entire hard disk. Once the command is received, the BE software locally encrypts the files using AES. Once encrypted these files cannot be opened and once the process has started it cannot be stopped. The remote encryption process also encrypts the individual file names and extensions. Once the command is sent to a device the Administrator can observe real time updates on the encryption progress from the History screen on the User Interface. The data can be decrypted by sending a Remote Decrypt command.

Remote File Transfer

The Administrator can easily recover data from a compromised device by sending a File Transfer command. Any or all data can be recovered from the device with this command. When the File Transfer is received by the device the BE software locally compresses and encrypts the selected files and sends the packages back to the BE Server. When the files are received on the Server they are decompressed, decrypted and stored in a User-specific directory. File transfer is completely invisible to the device user.

Remote Destruction of Data

The Administrator can send a Destruction of Data command to any or all data files on the device. When this command is received all targeted files are immediately destroyed beyond recovery. Once the process has started it cannot be stopped by the device user. The BET Destruction of Data command exceeds the US DOD 5200.28 standard for file destruction.

Remote Lockdown of Device

Within seconds of receiving the Remote Lockdown command the device will shut down. On receipt of the Lockdown command the BE software locally disables all user accounts on the device, resets the password for the local administrator account and then shuts the device down. The BE software keeps the device in a “Lockdown Loop” until an Unlock command is received. The Administrator can unlock the device by sending an Unlock command.

Timed Lockdown

The Reactive Security component of the BE solution (described above) requires the device to connect to the Internet to receive the commands. The User may decide that they don’t want this to happen. The BE solution addresses this challenge by using a Timed Lockdown option. If the device doesn't connect to the BE server within a pre-defined period of time set by the Administrator (e.g. 1 hour, 1 day, 1 week, etc.), then the device will automatically lockdown.

In addition to locking down the device the Administrator may select if any of the following commands should also be enacted when the device doesn’t connect within the pre-defined time period:

• Encrypt the data files on the device,
• File transfer of the data files on the device back to the organization,
• Securely erase the data files on the device,
• Any combination of the above.

The commands can be dispatched either individually or in series.  For example we could send down a series of commands that would "Freeze" selected data and then lock down the device.  We can queue up the commands and then send them down in one dispatch action.

By "Freeze" we mean a layer of enterprise encryption where the encryption key resides on the BEE Server, not the device.  The BEE Server is in control, not the device user.  Currently this is AES 256 but it can be changed out to another encryption algorithm easily if required by a client organization.

Device Lockdown means that the BEE Server de-activates the local user accounts and resets the local administrator account.  If the device user tries and succeeds to access the device through brute force the BE Client will recognise that the lockdown release didn’t come from the BEE Server and will immediately start the lockdown process again.  This lockdown loop will continue indefinitely until released by the BEE Server.