The product employs a secure browser as the vehicle to protection. The protected browser is deployed to secure only the single web session and is controlled by corporate IT professionals via a centrally configured policy. Using its patented technology, the POQ-hardened browser shields sensitive data from keyloggers, frame grabbers, session hijacking, cache miners and malware, while blocking inbound attacks as well. POQ also enables organizations to enforce security policies that prevent end-users from copying, saving, printing or screen-capturing browser-delivered data, including from browser-launched processes.
POQ is delivered on-the-fly to Windows devices when end-users login, ensuring privacy by encrypting session data, including cache files, cookies, password store and history. All session data is overwritten and deleted at the end of the session. POQ also protects against session hijacking by controlling all browser networking. The solution enforces security in a protected session - no other browser instances or applications are affected. It integrates directly with web servers or with popular web gateway/front-ends. The tool can be configured to either be optional (end-user clicks a link on a web page to start the protected session) or required (end-user must be running a POQ browser in order to access the web application or site). When enforcing usage, this offering provides an encrypted value supplied in HTTP request headers validating that the inbound web communication is coming from a real POQ-protected session. This enables web applications to deliver sensitive data and transactions. The product is easy to use as the work is done in the browser. Another interesting feature is the use of "Bypass POQ on Launch Failure." This allows an authorized user to launch a URL instead of generating an error message. This is handy in a situation where it is important to have a flawless launch of the browser.
Documentation provided for POQ included a quick-start guide, an administrator guide, three POQ software documents, and a number of example files to help with policies and other features and functions. Installation started with a master console. This is delivered by either a virtual appliance or through a custom deployment into Tomcat or another engine supporting Java Servlet 3.0. In either case, the system requirements are low.
Support is provided as part of the subscription terms of one, two or three years. Standard support includes eight-hours-a-day/five-days-a-week technical assistance. An additional fee-based option is available at 15 percent of the subscription fee. Aid is delivered by phone, email, a link on the company's website, a knowledge base and a FAQ.
Value for the money spent is good.
Good product, but overall cost a bit high.