# Simple Data Security (SDS) # https://simpledatasecurity.com/ # Last updated: 2025-06-01 ## What is SDS? Simple Data Security (SDS) is a Windows endpoint security platform built on a default-deny execution model. It prevents ransomware, malware, and unauthorized software by blocking everything that is not on an explicit allowlist — no behavioral analysis, no AI heuristics, pure policy-based control. SDS consists of two products: - **SDS Control** — Application allowlisting / default-deny execution control - **SDS PAM** — Privileged Access Management, elevation control without standing admin rights The agent is deployed as a Windows MSI. IT teams manage policies, allowlists, elevation rules, and reporting from a centralized cloud portal (SaaS) or an on-premises deployment. ## Who is SDS for? - IT teams and security teams managing Windows workstations and servers - Managed Service Providers (MSPs) protecting multiple client tenants - Organizations in regulated industries (healthcare, finance, legal) needing least-privilege and audit trails - Any organization that wants to prevent ransomware without relying on detection ## Key capabilities - Default-deny execution: only approved applications can run - Application allowlisting by hash, certificate, path, or process name - Time-bound and count-based execution rules - Audit Mode: observes all executions without blocking, auto-generates policies - Privilege elevation management: remove local admin, approve elevation on demand - Time-bound and count-based elevation - Multi-tenant portal for MSPs - Full visibility and reporting: blocked events, allowed applications, unused apps - Lightweight agent — no measurable end-user performance impact - Works alongside EDR, AV, SIEM, and MDM tools ## How it differs from antivirus and EDR Antivirus and EDR tools detect threats after code begins executing. SDS prevents execution entirely — if a binary is not on the allowlist, it never runs. This approach stops zero-days, AI-generated malware, and supply-chain attacks automatically, because those threats are not on any allowlist regardless of whether signatures exist for them. ## Deployment The SDS Agent ships as a Windows MSI (~200-300 MB). It installs silently and requires no reboot. Deployment methods include: - Direct MSI download from the SDS Portal - PowerShell script (auto-generated per tenant, RMM/Intune/SCCM compatible) - Group Policy (GPO) software installation - Microsoft Intune Win32 app deployment Typical rollout timeline: install agents (Day 1), run Audit Mode (Days 2-5), review and build policies (Day 6), switch to Enforcement Mode (Day 7). ## Pricing Custom pricing based on deployment size. All customers receive the full platform — no feature tiers. A 30-day free trial with 3 agent licenses and full portal access is available at https://simpledatasecurity.com/download ## Company Simple Data Security is headquartered in Redondo Beach, CA. Founded and staffed by CISSP-certified security engineers. Contact: sales@simpledatasecurity.com | (202) 957-4212 ## Key pages - Homepage: https://simpledatasecurity.com/ - Product overview: https://simpledatasecurity.com/product - Why default deny: https://simpledatasecurity.com/why - Pricing: https://simpledatasecurity.com/pricing - MSP program: https://simpledatasecurity.com/msp - Visibility & reporting: https://simpledatasecurity.com/visibility-reporting - Knowledge base: https://simpledatasecurity.com/knowledge-base - Free trial download: https://simpledatasecurity.com/download - Book a demo: https://simpledatasecurity.com/demo - Contact: https://simpledatasecurity.com/contact ## Frequently asked questions Q: Does SDS replace antivirus? A: No. SDS is complementary to antivirus. AV detects known malware signatures. SDS prevents any unapproved code from executing regardless of whether signatures exist. Together they provide defense-in-depth. Q: Does SDS work for remote or hybrid employees? A: Yes. The agent communicates with the cloud portal over HTTPS. No VPN or on-premises infrastructure is required. Q: What happens when software updates? A: With certificate-based rules, updates from the same vendor are automatically trusted. Hash-only rules require re-approval when a binary changes version. Q: How long does deployment take? A: Most organizations go from zero to fully enforced in about one week. The agent installs in under a minute per machine. Q: Will SDS slow down endpoints? A: No measurable impact. The agent uses kernel-level hooks optimized for execution interception only — it does not scan file contents. Q: What happens if the portal is unreachable? A: The agent enforces the last-known policy locally without a live connection. Pre-generated offline bypass codes allow temporary access when the portal is unavailable. Q: What operating systems are supported? A: Windows 10/11 workstations and Windows Server 2016 and above.