How Shinobi Defense System™ Works

Shinobi Defense System is an integrated and failsafe security system that absolutely secures information by preventing leaked or stolen data from being read, while also defending endpoints by preventing any unauthorized actions from running.  Active Intercept is a lightweight service that monitors and records every action on the endpoint down to the kernel, and is the heart of both Evolution DLP and DeepWhite.




It is no secret that traditional anti-virus software cannot keep up with the exponentially growing number of attacks. Whitelist based solutions are the wave of the future. Shinobi DeepWhite is the most powerful and comprehensive whitelist solution available today and is the only whitelist product to run at both the API and kernel level to validate every action on an endpoint.

Stop worrying about how malware might get on your endpoints – if it tries to take action DeepWhite will block it.  

Quality Evaluation Center (QEC)

Automates Continuous Testing of DeepWhite™ Whitelists

The Shinobi QEC located in our Tokyo Datacenter is the magic behind our API / Kernel level whitelists. Shinobi Cyber uses proprietary virtualized hardware and software to fully test and release updated whitelists that include new releases of major applications or OS versions.

Only the Shinobi QEC can test every API combination of every version of Windows™, Adobe™, Office™, etc. going all the way back to Windows 95 to support mixed environments.


Unlike solutions that require heavy end user interaction or categorization of data to try to pick and choose what is valuable or sensitive, Evolution DLP prevents data loss due to user errors and malicious insiders. Evolution DLP secures every file that leaves your Trusted Zone from being read by automatically encrypting them with a unique AES256 key when they leave the endpoint.

How Evolution DLP™ Works

Automatically Prevent User Errors and Data Theft Without Sacrificing Productivity

1 Internal users collaborate freely with clear text files

2 When any files are moved out of the Trusted Zone they are automatically encrypted with a unique 256AES key and rendered unreadable.

3 If the files are opened within the Trusted Zone, they are automatically and invisibly decrypted.

4 An Admin controlled Release Folder is used to “share with intent” externally

Additional Evolution Capabilities

Release Request Process  

Centralized process to approve and publish cleartext files or password protected files outside the company resulting in enhanced awareness.

Restricted USB

All data copied to USBs is encrypted by default. Admins can also prohibit transfer of data to non-work USBs.

Write Control

Specify applications allowed to send data outside the Trusted Zone, and block all others.

Mobile Phone and Bluetooth Control 

Mobile phones often slip by typical DLP software. Easily control or prohibit file transfer to mobile phones via USB cable or Bluetooth.

Encrypted Executables  

Put a user-specified password on files and folders to enable secure sharing with trusted outsiders.

Internet Restriction

Put strong controls on internet browser operations involving data to prevent accidental or malicious loss.

Secure Print Control 

The power to set up rules to allow or prohibit printing by application, by user, or by endpoint for each printer on your network. Capture JPG of printed materials to support forensics and deter malicious insiders.


Most comprehensive security logs in the industry

These forensic logs are indispensable in tuning your security policies and whitelist as well as any incident response analysis. Shinobi Forensics also uses a proprietary search and filtering engine that captures and compresses comprehensive and detailed log events so that admins can see exactly what is going on and identify unexpected behavior as well as collect hard evidence of unauthorized actions. In the following example of a malware attack, each Forensics line item represents an action on the endpoint and tells a complete story for admin to see. Active Intercept and DeepWhite can block every unauthorized action and provide automated alerts and reports to IT Security Admins, showing suspicious actions and demonstrating the effectiveness of the Shinobi solution.

Shinobi Forensics records all activity and data usage including:

  • who is accessing the data or action

  • when the action takes place

  • what app or file is calling it

  • where the actions originate from and where the final target is

  • which app or process is being called

  • what specific actions are being taken



Most comprehensive and easy to understand security logs in the industry. 


Proprietary search and filtering engine allows us to capture and compress detailed log events.


Built-in and custom reports to demonstrate security effectiveness and streamline daily tasks.


Discover where and how information assets are stored or transferred, then eliminate or manage the risk.