How Shinobi Defense System Works

Shinobi Defense System is an integrated and failsafe security system that absolutely secures information with smart, automatic encryption and protects your endpoints by stopping any unauthorized actions.  Active Intercept is a lightweight service that monitors and records every action on the endpoint down to the kernel, and is the heart of both Evolution DLP and DeepWhite.




It is no secret that traditional antivirus software cannot keep up with the exponentially growing number of cyberattacks. Whitelist based solutions are the wave of the future. Shinobi DeepWhite is the most powerful and comprehensive whitelist solution available today and is the only whitelist product to run at both the API and kernel level to validate every action on an endpoint.

Stop worrying about how malware might get on your endpoints – if it tries to take action, DeepWhite will stop it.  

Quality Evaluation Center (QEC)

Automates continuous testing of Shinobi Defense System software

The QEC located in Humming Heads’s Tokyo HQ is the magic behind our broad features and compatibility. The QEC uses thousands of computers and proprietary automation software to fully test software and whitelist updates for compatibility with new releases of operating systems and applications.

Only the QEC can test every thinkable action and API combination of every version of Windows, Adobe, Office, etc. back to Windows 95 to support mixed and legacy environments.


Unlike solutions that require heavy end user interaction or categorizing data for different protection levels, Evolution DLP secures every single file that leaves your Trusted Zone. Automatic encryption with a unique AES256 key makes data unreadable to untrusted outsiders, preventing data loss due to user errors and malicious insiders.

How Evolution DLP Works

Automatically Prevent User Errors and Data Theft Without Sacrificing Productivity

1 Internal users collaborate freely with clear text files

2 When any files are moved out of the Trusted Zone they are automatically encrypted with a unique AES256 key and rendered unreadable.

3 If the files are opened within the Trusted Zone, they are automatically and invisibly decrypted.

4 An admin-supervised Release Folder is used to “share with intent” externally

Additional Evolution DLP Capabilities

Release Request Process  

Centralized process to approve and publish cleartext files or password- protected files outside the company resulting in enhanced awareness.

Restricted USB

All data copied to USBs are encrypted by default. Admins can also prohibit transfer of data to non-work USBs.

Write Control

Specify applications allowed to send data outside the Trusted Zone, and block all others.

Mobile Phone and Bluetooth Control 

Mobile phones often slip by typical DLP software. Easily control or prohibit file transfer to mobile phones via USB cable or Bluetooth.

Encrypted Executables  

Put a user-specified password on files and folders to enable secure sharing with trusted outsiders.

Internet Restriction

Put strong controls on internet browser operations involving data to prevent accidental or malicious loss.

Secure Print Control 

The power to set up rules to allow or prohibit printing by application, by user, or by endpoint for each printer on your network. Capture JPG of printed materials to support forensics and deter malicious insiders.


Most comprehensive security logs in the industry

These forensic logs are indispensable in incident response and analysis and tuning of your security configuration. A proprietary search and filtering engine lets you condense log events to see what is happening on your endpoints and identify unexpected behaviors or collect hard evidence of unauthorized actions. In the following example of a malware attack, each Forensics line item represents an action on the endpoint and tells a complete story for admin to see. Active Intercept and DeepWhite can block every unauthorized action and provide automated alerts and reports to IT security admins, showing suspicious actions and demonstrating the effectiveness of the SDS solution.

Shinobi Forensics records all activity and data usage including:

  • Who is carrying out the action

  • When the action takes place

  • What application or file is performing it

  • Where the actions originate from

  • Where the final target is

  • What application or process is being targeted

  • What action is being carried out