Kernel-level protection defends against infostealers targeting sensitive data
CHICAGO, Ill. – Keeper Security, the leading cybersecurity provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software protecting passwords, passkeys, privileged accounts, secrets and remote connections, today announces Keeper Forcefield™, the first-of-its kind protection against memory-based attacks on Windows devices. Forcefield is a groundbreaking kernel-level endpoint security product that proactively defends against memory-based attacks, including credential theft from infostealers and runtime memory-scraping malware. Keeper® is the first cybersecurity software company to deliver real-time memory protection at both the user and kernel levels, raising the standard for endpoint security in enterprise environments.
Attackers are increasingly bypassing traditional cybersecurity defenses by targeting unprotected memory rather than exploiting vulnerabilities. Malicious software delivered through phishing attacks or other methods can access application memory to extract passwords, session tokens and other sensitive data – circumventing traditional encryption methods. Keeper Forcefield closes this dangerous gap by locking down memory access at the kernel level. Unlike conventional antivirus or Endpoint Detection and Response (EDR) tools, it enforces real-time memory protection capable of blocking non-privileged, fileless and zero-day attacks without degrading system performance.
“Forcefield closes one of the most dangerous blind spots in endpoint security,” said Craig Lurey, CTO and Co-founder of Keeper Security. “Malware can extract sensitive information directly from a device’s memory, even at the user level where administrative privilege isn’t required. Forcefield prevents this type of exploit entirely without disrupting trusted applications or everyday workflows.”
Forcefield provides peace of mind by actively safeguarding sensitive data from unauthorized access while operating silently in the background. It installs a lightweight, kernel-level driver that shields protected application memory from unauthorized access. Users can easily toggle Forcefield on or off within the Keeper Desktop application or deploy it via Group Policy. The solution continuously differentiates between trusted and untrusted processes in real-time, ensuring legitimate activity continues uninterrupted while malicious or unknown processes are blocked from scraping sensitive data.
How Keeper Forcefield works:
- Kernel-level protection – Actively monitors and restricts memory access to protected applications.
- Selective memory restriction – Blocks unauthorized processes from reading protected application memory.
- Smart process validation – Differentiates between trusted and untrusted processes in real time.
- Uninterrupted system performance – Runs quietly without impacting system or application performance.
Windows applications protected by Forcefield include:
- Web browsers – Chrome, Firefox, Edge, Brave, Opera and Vivaldi
- Keeper software – Desktop App, Web Vault, Browser Extensions, Gateway, Bridge, Commander and KeeperChat
- Operating systems – Windows 11 x64 and ARM64
Forcefield is available for both individual users and enterprise environments. Organizations can deploy protection across fleets of Windows devices in minutes using existing management tools, ensuring scalable and consistent endpoint defense without added friction.
For more information or to download Keeper Forcefield, visitwww.keepersecurity.com/forcefield-endpoint-protection.
