This article shows you how to request optional SSProtect feature components.
SSProtect is delivered as a set of Component Services that can be enabled or disabled at any time. Configuration is managed each time you Login to your SSProtect Account using the :Foundation Client, the software you install and run on your host computer.
System services are then delivered by KODiAC Cloud Services. The set of services made available to each Account is governed by the Components licensed for its' use.
Default :Foundation Components
SSProtect utilizes a set of Core Services that deliver required baseline behavior. These include:
- :Access for access control w/ 2FA and in-use plaintext isolation; authorizes access to content
- :Confidential for data encryption; obfuscates content from unauthorized viewers w/ patented cryptographic offloading
- :Collaborate for secure sharing; manages zero-config Organization Peer sharing and Third Party Trust permissions
- :Assess for secure data access tracking; delivers Reports from audit data generated/ secured in the cloud
- :Shell to deliver seamless, end-user application workflow integration using In-Place Encryption
By closely integrating cooperative aspects of these components/ services, SSProtect delivers a Unified Data Management System that minimizes the risks associated with sensitive data disclosure without imposing inconvenient overhead to end-users and administrators.
Extended, optional service components leverage the platform's foundation to address traditional IT priorities - Confidentiality, Integrity, and Availability - while also delivering Remediation and Analysis services essential to managing today's Security Incident Response and Recovery activities, as follows:
- :Email to deliver policy-based data protection for Microsoft Outlook email messages
- :Recover that seamlessly stores version-based content for later restoration and Disaster Recovery
- :xRecovery that utilizes :Recover stored content to reconstruct data archives for secure offline access
- :Respond for both Sabotage Remediation and Objective Data Disclosure Risk Reporting
- :Honeypots that set invisible traps for early detection of potentially malicious behavior
Extended, optional Components can be enabled and disabled on the fly. In general, each is first enabled for the Organization as a whole, then independently applied to and/ or configured for member Accounts.
In many cases, this procedure is automatic and unchanging - the set of associated features is available and automatically enabled for all Organization Accounts. In other cases, Component services are made available for Organization Accounts but independently enabled and controlled for each User (Account).
For Individual Accounts, component capabilities are always enabled immediately, with a slightly different method for configuration.
Configuration details are described in related Component Service documentation throughout this site and also enumerated/ summarized toward the end of this article.
Enabling Dynamic Components
As an Organization Administrator, Organization Delegate, or Individual Account holder, you have the ability to enable and disable optional Components for your Organization or for your own Individual Account. You also manage any potential specialization required for proper configuration and execution.
Navigate to the License and Components interface using the notification icon's context menu:
In this display, an Organization Administrator Account shows that :Email is enabled for all Organization Accounts, as are all other components except Honeypots.
Because the caller is a Privileged Organization User, the Honeypots Request checkbox is enabled, as are the Conversion Mode Settings. Non-Privileged Users would be able to view this display, though these same controls would be disabled.
All Optional/ Dynamic Components rely on and make use of the :Foundation Components noted at the start of this article, though some include further dependencies as follows:
- :xRecovery requires :Recover, using stored, secured content to reconstruct secured, offline Archives for Disaster Recovery
- :Respond optionally uses :Recover to repair Sabotaged/ Ransomware'd materials (not required, but high-value)
:xRecovery and :Respond are not available to Individual Account holders; Migrate to an Organization to add these features.
As of v9.5.5, :Shell can no longer be dynamically enabled/ disabled on the fly, as it is by default and in almost all circumstances included. For those that cannot operate with the associated filesystem driver, contact Support for an Alternate installation package.
Requesting Component Activation
To submit a request for an Optional Component, choose the associated checkbox. You will be prompted for confirmation, at which point a request will be sent to KODiAC Cloud Services for processing (KODiAC manages all Organizations, Accounts, cryptographic keys, and sensitive cryptographic operations in a highly protected, isolated environment).
Dynamic Component assignment requires human interaction, serving as a check and balance for changes to any Organization or Individual Account. DefiniSec Support staff will typically service your request within 15 minutes. You will receive email confirming (or denying) activation of the selected Component. You can at that time also exchange additional information for components as necessary (see below).
When a Component is activated, you may be directed to logout and back in to SSProtect (Refresh Login) to pick up dynamic changes. This enables you to proceed with further configuration proceedings. Specifics for components are described below.
Note that you can't always request changes to your License, depending on how it was provisioned. For example, AWS Licenses are managed through the AWS Marketplace interface. Also, Individual Accounts cannot add :Respond or :xRecovery, since these Component Services are only available to SSProtect Organizations.
If you need to add a Component and cannot, as a Privileged User, contact Support for assistance.
After you make a Request, and prior to processing, the dialog will show the same UI text though the checkbox you chose will remain checked. If you inadvertently make a request, you can deselect the checkbox and, upon confirmation, cancel the pending Activation Request.
Requesting :Email is no different than requesting any other component, though once applied to your Account, operation is a bit different since new components are installed - specifically an Outlook COM Add-In that utilizes :Expand with your SSProtect :Foundation Client to protect messages. Installation is automatically carried out during subsequent Login to SSProtect. For more information, refer to, Installing :Email.
:Recover requires :Shell, rarely unavailable. When enabling :Recover, KODiAC manages dependencies and, through the coordinated efforts of DefiniSec Support staff, can address any gaps in your host install.
After you receive email notification that :Recover has been enabled, navigate to the Administer Users UI using the notification icon's context menu. Select a target Account and choose Edit, then select :Recover before choosing Save. This is only required for existing Organization Accounts since new Accounts inherit :Recover, enabled, as a starting point.
When dynamically added to an Individual Account, :Recover is automatically enabled. Individual Account holders can as a result enable/ disable Optimized Offloading/ Hybrid Encryption using the Account Configuration dialog available from the SSProtect notification icon's context menu.
Activating :Recover for Many Organization Accounts
To manage a large number of Users, from the Administer Users UI, Export your Users, make the necessary changes to the resulting CSV file, then Import changes and choose Save All to commit.
Honeypots, :xRecovery, and :Respond
Configuration for these components is a bit more straightforward - once your Request is processed, you receive email notification that changes have been made (usually indicating that you should Logout and Login to SSProtect to pick up changes). Once you carry out this operation, new features are available for your use. Further insight can be found in related articles on this site.
Note that, as of the time of this writing, :xRecovery and :Respond are not available to Individual Accounts. Migrate to an Organization Account, then make the request.
:Shell, previously an optional, dynamic Component that could be enabled/ disabled on the fly, sources critical functionality for File Explorer, allowing you to add/ remove files to/ from SSProtect's protective scope. :Shell also enables In-Place Encryption, a unique workflow integration service that utilizes a patented mechanism and trade secrets to include 2FA and continuous protection over managed content while in-use by native application software.
For example, with :Shell and In-Place Encryption, you can open Excel, use the Office Backstage View to browse to and open an SSProtect'd file, and you will be prompted to assert your 2FA presence before content is, behind the scenes, securely decrypted and presented to Excel as native plaintext. However, while in-use, content is locked-down and isolated from outside influences. When you finish working with the file and save/ close, SSProtect automatically re-encrypts content before making the resulting, obfuscated file available for further native sharing and use (while also maintaining a version-based :Recover instance for future Restoration and/ or Archive reconstruction using :xRecovery, for example).
This mechanism works with most applications that read/ write data files, including most popular business software. For related details, refer to the article, Protecting and Working with Files and, Operating Modes.
If for some reason the :Shell checkbox is disabled in the License and Components dialog, and you're an Individual Account holder or Privileged User, the filesystem driver may be improperly configured (or not installed). Contact Support if you have questions with related issues.
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to firstname.lastname@example.org, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v10.0.4 of the :Foundation Client