Keeper Security has unveiled Keeper Forcefield™, a new kernel-level endpoint security product designed to stop one of the fastest-growing cyber threats: memory-based attacks.
The company, known for its zero-trust and zero-knowledge Privileged Access Management (PAM) platform, says Forcefield is the first solution to deliver real-time memory protection at both the user and kernel levels, offering a proactive defence against credential theft, infostealers and memory-scraping malware.
“Forcefield closes one of the most dangerous blind spots in endpoint security,” said Craig Lurey, CTO and Co-founder of Keeper Security. “Malware can extract sensitive information directly from a device’s memory, even at the user level where administrative privilege isn’t required. Forcefield prevents this type of exploit entirely without disrupting trusted applications or everyday workflows.”
Closing a critical gap in endpoint protection
Traditional antivirus and Endpoint Detection and Response (EDR) tools often miss fileless and in-memory attacks that exploit unprotected memory rather than software vulnerabilities. Delivered through phishing or malicious downloads, these attacks can extract passwords, session tokens and other sensitive data directly from application memory — bypassing encryption and evading detection.
Keeper Forcefield addresses this by locking down memory access at the kernel level, preventing unauthorised processes from reading or scraping sensitive data. The product operates silently in the background, providing continuous protection without affecting system performance.
Supporting UK cyber resilience
The launch comes as UK organisations prepare for new obligations under the forthcoming Cyber Security and Resilience Bill, which aims to strengthen national cyber defences through alignment with the NCSC’s Cyber Assessment Framework (CAF) and Secure by Design principles.
With 43% of UK businesses reporting a cyber-attack in the past year, Forcefield’s ability to defend against advanced threats such as memory exploits and credential theft directly supports the UK’s wider resilience objectives.
How Keeper Forcefield works
Forcefield installs a lightweight, kernel-level driver that continuously monitors memory access, distinguishing between trusted and untrusted processes in real-time. It ensures legitimate applications function seamlessly while blocking unauthorised or malicious activity.
Key capabilities include:
-
Kernel-level protection – Restricts and monitors memory access to protected applications.
-
Selective memory restriction – Blocks unauthorised processes from reading application memory.
-
Smart process validation – Identifies and validates trusted processes in real-time.
-
Performance-friendly operation – Runs quietly without impacting performance or productivity.
Forcefield protects popular Windows applications including Chrome, Firefox, Edge, Brave, Opera and Vivaldi, along with Keeper’s own suite such as the Desktop App, Web Vault, Gateway, Bridge, Commander and KeeperChat. It supports Windows 11 x64 and ARM64 systems.
Rapid deployment and scalability
Available for both individual and enterprise users, Forcefield can be deployed across entire Windows environments in minutes using existing management tools, ensuring scalable, consistent endpoint protection.
More information and downloads are available at:
👉 www.keepersecurity.com/forcefield-endpoint-protection
