White Paper February McAfee Policy Enforcer. Securing your endpoints for network access with McAfee Policy Enforcer.
|
|
- Jeffrey Eaton
- 6 years ago
- Views:
Transcription
1 White Paper February 2006 McAfee Policy Enforcer Securing your endpoints for network access with McAfee Policy Enforcer
2 White Paper February 2006 Page 2 Table of Contents Executive Summary 3 Enforcing Network Access Policies Reduces Risks 3 Complete Enforcement Coverage for Network Access How It Works 4 McAfee Policy Enforcer Architecture 7 Summary 10 About McAfee 10
3 White Paper February 2006 Page 3 Securing your endpoints for network access with McAfee Policy Enforcer Executive Summary Companies are allowing broader access to information resources at a time when the risks of a security breach have never been greater. Increased collaboration and outsourcing mean that business partners perform integral business functions ranging from product design to customer service from around the globe. Guests, contractors, and consultants need access to network services and core enterprise applications at your locations. And companies workforces are increasingly mobile, with employees connecting to the corporate enterprise from Wi-Fi hotspots in hotel rooms, coffee shops, and from their homes. At the same time, external threats are evolving rapidly and increasing in sophistication. Blended threats are commonplace, such as using spam to spread worms and other malicious code. To compound the challenge, the entry of a single non-compliant laptop or handheld can render a secure network vulnerable to attack. A single employee can inadvertently infect the entire corporate network by working on an unprotected device over an untrusted connection. The challenge for enterprise security managers is to permit employees in corporate locations and home offices, as well as contractors, consultants, and other users, to access the corporate network without compromising business availability or increasing risk. Enforcing security policies for network access is more critical than ever. Stringent requirements for protecting proprietary company information and ensuring business continuity are mandated not only by companies internal business policies, but also by a growing number of legal regulations. A security breach can damage consumer trust and incur significant financial and legal penalties. The escalating cycle of newly discovered vulnerabilities and the ensuring software patches is creating patch fatigue among many security administrators, which increases the risk of widespread threats. Scheduling periodic software updates and system checks simply can t keep pace with the realities of an always-on business world. At best, locating and isolating infected systems to prevent damage from occurring is time- and resource-intensive and, at worst, impossible. A proactive approach to defining and enforcing network access policies is required. McAfee Policy Enforcer protects enterprises by preventing non-compliant systems from accessing the corporate network. Policy Enforcer is a platform-independent approach that works with most any operating system, virtual private network (VPN), or network, ensuring a low cost of ownership. Policy Enforcer uses proven, enterpriseclass technologies such as McAfee epolicy Orchestrator (epo ), which is used by more than tens of thousands of customers worldwide. It also incorporates remote scanning technology from McAfee Foundstone to identify network vulnerabilities and assess risk. Plus, Policy Enforcer extends and enhances the Cisco Network Admission Control (NAC) enforcement framework, and it will also enhance the Microsoft Network Access Protection (NAP) and Trusted Computing Group Trusted Network Connect (TNC) 802.1x frameworks as they become available. epo delivers a coordinated, proactive defense against malicious threats and attacks for the enterprise. McAfee s acquisition of Foundstone provides strong capabilities in asset management, risk management, and compliance. Proven threat prevention tools such as McAfee IntruShield, McAfee Host Intrusion Prevention System (Host IPS), and McAfee AntiSpyware Enterprise provide comprehensive protection of networks and systems. Policy Enforcer completes the picture by enforcing security policies at the network access level. This white paper provides a technical overview of McAfee Policy Enforcer, a network access control solution, and will give enterprise security and network managers an understanding of the Policy Enforcer architecture, how it works, and various enforcement scenarios. Enforcing Network Access Policies Reduces Risks McAfee Policy Enforcer is a powerful assessment and enforcement solution that protects enterprises by preventing non-compliant systems from accessing the corporate network. If a system is vulnerable or infected, the user simply cannot connect to the network or will be routed
4 White Paper February 2006 Page 4 to a quarantine area of the network designed to control attacks and where remediation can be initiated. Consider the following examples of key network risks: Onsite managed system An employee connects his laptop to the corporate network. But last night he was working from home on an unprotected connection, and his system has been compromised with a worm. Policy Enforcer identifies that the laptop lacks the protection for the newly discovered threat and redirects it to a quarantine network where the problem can be fixed. The threat is avoided Onsite unmanaged system Consultants are collaborating closely with marketers on plans for a hot new product launch. The consultants need access to relevant collaboration tools, but they do not have the security applications and patches required for full network access. Policy Enforcer can automatically place the consultants systems in a subnet of the network with limited access, so they can access the needed resources without compromising corporate security. Network access is controlled Remote managed system The vice president of sales connects to the corporate network over a VPN connection from a hotel room, but her laptop has an out-of-date antivirus definition file because she was traveling when the update became available. Policy Enforcer notes that the laptop does not comply with the network access policy, and so it prevents the VPN connection from completing until the new anti-virus definition files are downloaded. The network is protected Remote unmanaged system An outsourcing partner needs access to corporate network resources from its own site using a VPN. Policy Enforcer verifies that the partner s systems comply with the company s network access policies before allowing access via the Internet. Security is maintained Policy Enforcer performs a granular assessment of systems that connect over the local area network (LAN) or remotely to determine whether the systems comply with corporate network access policies. With Policy Enforcer, enterprise security managers can keep their networks clean and secure, and also gain a way to view, enforce, and report on the compliance of users systems to specified policies from a single management console. Policy Enforcer delivers the lowest cost of ownership by leveraging organizations existing infrastructures. It is platform-independent, so it works seamlessly in a heterogeneous environment comprised of all major types of switches, operating systems, and VPNs. It uses epo to centrally deploy updates and manage network security, which lowers implementation and integration costs. Policy Enforcer s software-based policy compliance scanners and network access sensors lower the total cost of ownership. A software-based enforcement strategy means organizations gain proactive policy enforcement without investing in expensive hardware appliances or making forklift upgrades to their existing security and network infrastructures. Organizations can leverage their existing McAfee desktop footprint to simplify deployment to tens of thousands of managed systems or can deploy Policy Enforcer in an agentless mode. Ultimately, Policy Enforcer delivers scalable policy enforcement unparalleled in the industry. Its distributed architecture is designed to scale to meet the needs of even very large enterprises while remaining easy to manage. Complete Enforcement Coverage for Network Access How It Works Policy Enforcer provides protection across all stages of network access control policy definition, system detection, system assessment, network enforcement, and system remediation. The security administrator begins by defining endpoint security policies for network access control. Policy Enforcer then detects systems as they come onto the network, actively assesses them for compliance with the specified security policies, enforces network access, and provides the remediation action specified by the administrator. Policy Enforcer is comprised of three major software components: the Policy Enforcer Server, Policy Enforcer Sensor, and Policy Enforcer Scanner. The Policy Enforcer Server provides the core administration infrastructure. Policy Enforcer Sensors, which are at key locations in the enterprise, detect systems coming onto the network and enforce policies. Policy Enforcer Scanners reside on the network, desktops, laptops, and other systems to scan for compliance with security policies. The architecture is described in detail later in this white paper. The process for defining network access policies is consistent across all types of enforcement scenarios, while the methods for detecting, assessing, and enforcing compliance vary based on connection type. The security administrator defines the network access policy based upon the organization s security requirements. Each policy consists of rules that check for the existence and configuration of software on the covered systems plus enforcement options if a system does not comply.
5 White Paper February 2006 Page 5 Network access control for LAN-based employees with McAfee host enforcement Self-enforcement or host-based enforcement is provided through the Policy Enforcer Scanner, which is deployed as a small update to all managed systems running the epo agent. In this host enforcement model, the Policy Enforcer Scanner is network-connection and location aware. Before network access is granted to a device running the Policy Enforcer Scanner, the system is locally scanned and assessed to verify that it complies with the security policy. A deep, granular compliance assessment is performed, such as verifying vital patch compliance and security application compliance for McAfee and third-party solutions, as well as ensuring that high-risk viruses are not present. (For a complete list of compliance checks, refer to Table 1.) A final list of checks is processed and executed at the endpoint. These checks are then tallied up to determine system posture, and, based on this posture, the system is either allowed network access, blocked, or quarantined. Policy Enforcer also provides for continuous scanning of systems, based on administratordefined time periods. of what happened and the remediation steps to take. This remediation Web portal can provide users with the ability to update their systems to comply with corporate security policy requirements without calling the help desk. Network access control for LAN-based guest systems with McAfee switch enforcement Unmanaged systems (or rogue systems) on the LAN typically belong to contractors, consultants, or other guests. The Policy Enforcer Sensor detects unmanaged systems as they attempt to connect to the network. The Policy Enforcer Server will use the Policy Enforcer Scanner nearest to the unmanaged system either to remotely scan the system using administrator-supplied credentials such as a domain account, or to perform a non-credentialed scan. If a managed system complies with the security policy, it grants itself full network access. If it fails to comply, the administrator can specify an action allow access, allow access and alert the administrator, confine itself to a set of quarantined network resources, or locally block access to the network. Allowing network access to non-compliant systems usually happens under special circumstances, such as when authoring new rules or in an emergency, during which the administrator would want to ignore a non-compliant system. The administrator can be notified of the system s noncompliance via or SNMP, and the event is logged. LAN-based managed systems can be quarantined or dropped. A system is prevented from communicating with the network by locking down a network driver in the Policy Enforcer Scanner, which blocks all incoming and outgoing traffic, except for remediation servers and other administrative network traffic, until a remediation action and resulting successful compliant scan is achieved. When users are denied access or placed in a quarantine area, they can be given instructions for remediation via a remediation Web portal. Administrators can customize the remediation Web portal to include a user-friendly definition Policy Enforcer Sensors detect workstations and laptops as they come onto the network. Sensors are deployed to strategic locations inside the network such as near a DHCP server, a switch, or a router, where they can view network traffic. Compliant systems are granted network access, whereas the administrator can specify an action for non-compliant or uncredentialed devices allow access, allow access and alert the administrator, quarantine to an isolated section of the network, or drop from the network at the switch port.
6 White Paper February 2006 Page 6 If an end system does not have the Policy Enforcer Scanner, it can be remotely scanned by a nearby server. An indeterminate scan result may occur if an unmanaged system does not respond to credentials provided by the administrator for remote scanning. This condition can be considered a failure, depending on administrator preferences, and may result in a network access mode change or simply a notification. Policy Enforcer can quarantine a non-compliant unmanaged system on the network by physically changing its virtual LAN (VLAN) using SNMP. Policy Enforcer instructs the switch to which the node is attached to change the VLAN on the switch port to a quarantine VLAN. This quarantine VLAN should be configured to have restricted access to resources, thereby allowing communication with remediation servers and the Policy Enforcer Server, while eliminating exposure from the non-compliant device. Unmanaged systems can also be dropped from the network. The Policy Enforcer Server and Policy Enforcer Sensor instruct the switch to physically turn off the switch port for that system, so no communication is possible. Network access control for remote IPsec VPN systems Remote managed systems are typically employees systems accessing the network over an IPsec VPN connection. VPNbased systems are detected when they try to connect to the VPN appliance or server. At that time, the VPN client requests a system scan and the VPN concentrator grants or denies network access based on the results of the scan. The scan is performed locally as the Policy Enforcer Scanner is integrated with the IPsec client. Policy Enforcer supports Check Point, Cisco, Juniper, and Nortel VPN solutions. Communication between the Policy Enforcer Sensor and Policy Enforcer Server during the quarantine ensures that moving the non-compliant system from the original switch port to the quarantine switch port neither evades quarantine operations, nor results in multiple switch ports being configured for a single node. Quarantined systems can be redirected to a remediation Web portal where the systems may be brought up to policy and granted full network usage. Once the system has achieved compliance, the system can be returned to its original VLAN. Systems that cannot be brought up to policy standards can be left in the quarantine network and given access that the policy dictates is appropriate. McAfee Policy Enforcer is tightly integrated with IPsec and SSL VPN clients.
7 White Paper February 2006 Page 7 The resulting enforcement action depends on the policy enforcement mode and the VPN provider: do nothing, quarantine, or block. Blocking prevents the VPN connection from being completed. The VPN client itself handles the block and alerts the user as to why the connection was denied. Subsequent connection attempts are reassessed by the Policy Enforcer Scanner, and once the scan passes, the VPN connection is allowed to complete. Information about the failed attempt is relayed to the Policy Enforcer Server for forensic analysis and reporting. Network access control for unmanaged SSL VPN systems Customers, partners, and contractors may access your network using a remote unmanaged system, typically via a Secure Sockets Layer (SSL) VPN connection over the Internet. Unmanaged systems connecting over an SSL VPN are detected and assessed when the VPN client attempts to create a connection to the VPN. SSL-based VPNs typically download the VPN client each time a connection attempt is requested, and because of Policy Enforcer s tight integration with the leading SSL VPNs, the Policy Enforcer Scanner components are automatically downloaded with the SSL VPN client. The Policy Enforcer Scanner scans the system for compliance with the security policy and returns a pass or fail to the VPN client. If the client passes the assessment, the connection is completed. If the system does not comply, the VPN client denies the connection or redirects it to a different network for remediation. The VPN client software alerts the user as to why the connection was denied or modified. Policy Enforcer provides a complete network access control solution for the enterprise, covering the corporate office, branch offices, remote users, and conference rooms. Tightly integrated with epo and capable of performing agent-based, agentless, and agent-on-demand compliance and risk assessment, the solution offers organizations the ability to deploy the solution in phases that align with their network access control goals. McAfee Policy Enforcer Architecture As previously noted, Policy Enforcer is a software-based solution comprised of three major components: Policy Enforcer Server, Policy Enforcer Sensor, and Policy Enforcer Scanner.
8 White Paper February 2006 Page 8 Policy Enforcer Server The Policy Enforcer Server provides the user interface and infrastructure where security administrators can define and manage network access policy, schedule assessment scans, and create reports. The Policy Enforcer Server also generates alerts. Policy rules may include how often security patches are updated, what version of the virus definitions is required for anti-virus software, or if a particular system has a different connection policy assigned because of sensitive material on the hard drive. Each rule specifies the operating system and other criteria. It also describes which end nodes should be scanned for which properties. A simple rule may state that all Windows XP end nodes on the network must have patch MS installed. A more complex rule may state that all Windows 2000 server platforms starting with the NetBIOS name SRV on the network must have Service Pack 4 and patches MS04-044, MS04-040, and MS05-002, anti-virus DAT files that are no more than one version older than the currently released DAT version, and not be infected with the MyDoom virus. If a device is not compliant with the endpoint security policy, the administrator specifies whether it is audited only, quarantined and redirected to a remediation Web portal, or dropped from the network. The administrator can create a list of trusted end nodes that are exempt from network access enforcement. These systems are tracked and reported but are never scanned or acted upon. Trusted end nodes allow for enforcement flexibility across the enterprise, preventing mission-critical end nodes such as servers, storage servers, or printers from ever being removed from the network in the event of a compliance failure. Policy Enforcer uses epo s powerful management interface and reporting and notification capabilities, enabling enterprises to gain a comprehensive policy enforcement tool with minimal effort. The Policy Enforcer Server may be installed on the same server as epo to leverage powerful server hardware, or it may be installed on a separate server to offload additional processing and provide scalability in very large enterprises. Policy Enforcer Sensor Policy Enforcer Sensors automatically detect the presence of all LAN-based end nodes, whether on wired or wireless connections, and create a real-time map of the network topology. The network topology discovery leverages protocols and technologies available on most manageable Layer 2 switches and routers. Policy Enforcer listens for broadcast traffic from the switches as well as DHCP requests from incoming nodes. The sensors examine the network traffic for information such as MAC address, subnet, and VLAN, which is securely communicated to the Policy Enforcer Server for evaluation. Sensors are deployed to strategic locations inside the network, such as near a DHCP server or router. Rules for policies can be set by operating system and other criteria.
9 White Paper February 2006 Page 9 The Policy Enforcer Sensor automatically discovers the network topology and creates a map for real-time network-access compliance enforcement. Multiple sensors may be used to cover the entire enterprise. Redundant sensors provide for maximum security and availability. Servers and other systems that use static IP addressing require a sensor deployed to their broadcast subnet so traffic may be captured and parsed. Policy Enforcer Sensors build a real-time map of the network topology switches, switch ports, routers, and other sensors. The sensors use this topology map to rapidly quarantine or remove a system that fails to comply with policy from the network before any potential damage can be done. The Policy Enforcer Sensor can also control the switch or router. If a non-compliant system is to be placed on the quarantine VLAN or blocked from the network completely, then the Policy Enforcer Server securely communicates instructions to the Policy Enforcer Sensor to configure the switch for that enforcement mode. If the switches have been upgraded to be compatible with Cisco NAC enforcement framework, then the Policy Enforcer Sensor will communicate the need to quarantine or block the system with Cisco NAC. Administrators can enable or disable topology discovery for each sensor from the Policy Enforcer Server console. Each Policy Enforcer Sensor may be managed and configured separately, allowing for flexible deployment. For strong security, the Policy Enforcer Sensors use SSL to communicate with the Policy Enforcer Server. The structure of the data is stored in XML on the Policy Enforcer Sensor and in the Policy Enforcer Server database for maximum flexibility and easy integration with third-party management applications. Policy Enforcer Scanner The Policy Enforcer Scanner intercepts and prevents network communication on the host if it fails the endpoint compliance scan. Policy Enforcer provides both host-based compliance scanning for self-enforcement of managed systems and remote compliance scanning for systems that are not directly managed by Policy Enforcer, affording the most comprehensive policy enforcement. The Policy Enforcer Scanner has three functions: detect, assess, and quarantine. The Policy Enforcer Scanner is a TDI network driver and is used in both the detection and quarantine processes. All functions are used in the selfenforcement mode and only the assess function is used in the remote scanning mode. For remote scanning, detection is accomplished with Policy Server Sensors and quarantine is accomplished through VLAN switching. The Policy Enforcer Scanner is based on Foundstone scanning technology to evaluate system compliance. Policy Enforcer offers comprehensive scanning, including the checks listed in Table 1:
10 White Paper February 2006 Page 10 Category Threat/ Mydoom infection checks Sasser Zotob Bagle Nachi Netsky Plus many others Host anti-virus Microsoft service packs Host firewall Host intrusion prevention Patch management agents Host antispyware System/policy management agents Patch assessment McAfee VirusScan Enterprise and McAfee VirusScan Symantec AntiVirus and Norton AntiVirus Trend Micro OfficeScan and ServerProtect Computer Associates eztrust AV Sophos Anti-Virus Microsoft Windows Update Microsoft patches for service packs, operating systems, Internet Explorer McAfee Desktop Firewall Sygate Firewall Symantec Firewall Microsoft Windows XP Firewall McAfee Entercept 5.0 McAfee Host Intrusion Prevention 6.0 Patchlink Update BigFix Patch Manager Microsoft Windows Update BMC Marimba Patch Management Agent McAfee AntiSpyware Webroot Spysweeper Computer Associates PestPatrol Microsoft Secure Messaging Service (SMS) IBM Tivoli Agent Symantec ESM Microsoft security patches Table 1: Compliance and threat checks The Policy Enforcer Scanner receives content and policy updates from epo, ensuring that the systems are always checked for the latest patches, high-risk vulnerabilities, software configurations, virus activity, and more. The Policy Enforcer Scanner uses SSL to communicate securely with the Policy Enforcer Server. McAfee Security Research will be continuously releasing new content to identify new threats, new patches, and new application support. Summary McAfee Policy Enforcer provides robust policy creation, assessment, and remediation to ensure application and patch compliance, plus it provides comprehensive, flexible enforcement methods for complete network enforcement coverage, both in heterogeneous environments and those supporting enforcement frameworks, such as Cisco NAC, Microsoft NAP, and Trusted Computing Group TNC. Together these capabilities provide enterprises with the most comprehensive, cost-effective, and network-agnostic enforcement solution available today. Policy Enforcer: Protects your business from non-compliant managed and unmanaged systems accessing the network. Policy Enforcer provides granular assessment, reducing the risk from managed and unmanaged systems accessing your network. It provides comprehensive policy creation, assessment, and remediation to ensure application and patch compliance, and verifies that high-risk viruses and threats are not present Supports your existing heterogeneous infrastructure. Policy Enforcer enforces network access policy across the enterprise, regardless of network or platform infrastructure, providing effective protection against threats while delivering a low cost of ownership. It supports a mixed-vendor network environment for all major types of switches, operating systems, and VPNs, including Check Point, Cisco, Juniper, and Nortel Includes fully integrated management capability. It uses your epo infrastructure for easy deployment and centralized management, reducing IT complexity and administration requirements Enables lower cost of ownership. Organizations gain enforcement across the enterprise without a major overhaul of network hardware. Policy Enforcer is an easyto-deploy software solution that includes host-based and remote-based scanners and sensors Provides network access control for the network environments of today and tomorrow. A comprehensive solution itself, Policy Enforcer also provides an enforcement solution for networks today as well as tight integration planned with enforcement frameworks Cisco NAC, Microsoft NAP, and Trusted Computing Group TNC 802.1x About McAfee McAfee, Inc., headquartered in Santa Clara, California, and the global leader in intrusion prevention and security risk management, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. McAfee, Inc Freedom Circle, Santa Clara, CA 95054, , McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners McAfee, Inc. All rights reserved. 6-sps-pe-endpt
Symantec Network Access Control Starter Edition
Symantec Network Access Control Starter Edition Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access
More informationSymantec Network Access Control Starter Edition
Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationData Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement
Simplified endpoint enforcement Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationReviewer s guide. PureMessage for Windows/Exchange Product tour
Reviewer s guide PureMessage for Windows/Exchange Product tour reviewer s guide: sophos nac advanced 2 welcome WELCOME Welcome to the reviewer s guide for NAC Advanced. The guide provides a review of the
More informationSymantec Network Access Control Starter Edition
Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationCisco NAC Network Module for Integrated Services Routers
Cisco NAC Network Module for Integrated Services Routers The Cisco NAC Network Module for Integrated Services Routers (NME-NAC-K9) brings the feature-rich Cisco NAC Appliance Server capabilities to Cisco
More informationNetworks with Cisco NAC Appliance primarily benefit from:
Cisco NAC Appliance Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that allows network administrators to authenticate, authorize, evaluate,
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationUnderstanding Network Access Control: What it means for your enterprise
Understanding Network Access Control: What it means for your enterprise Network access control is a term that is highly used, but not clearly defined. By understanding the reasons for pursuing a network
More informationSymantec Client Security. Integrated protection for network and remote clients.
Symantec Client Security Integrated protection for network and remote clients. Complex Internet threats require comprehensive security. Today's complex threats require comprehensive security solutions
More informationNovell ZENworks Network Access Control
Brochure RESOURCE MANAGEMENT www.novell.com Novell ZENworks Network Access Control Novell and Your Strong Perimeter Fast pre-connect testing that does not interfere with the end user s logging on experience
More informationMcAfee epolicy Orchestrator
McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage
More informationSymantec Security Monitoring Services
24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts
More informationWhite Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.
White Paper April 2005 McAfee Protection-in-Depth The Risk Management Lifecycle Protecting Critical Business Assets Protecting Critical Business Assets 2 Table of Contents Overview 3 Diagram (10 Step Lifecycle)
More informationHow Cisco IT Upgraded Intrusion Prevention Software to Improve Endpoint Security
How Cisco IT Upgraded Intrusion Prevention Software to Improve Endpoint Security Cisco Security Agent Version 4.5 thwarts malicious behavior while reducing costs associated with virus and worm remediation.
More informationKlaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access
Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits The Challenge of Securing
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationNetwork Access Control Whitepaper
Network Access Control Whitepaper There is nothing more important than our customers. Enterasys Network Access Control Executive Summary With the increasing importance Network Access Control (NAC) plays
More informationINSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic
Virus Protection & Content Filtering TECHNOLOGY BRIEF Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server Enhanced virus protection for Web and SMTP traffic INSIDE The need
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationCisco ASA 5500 Series IPS Edition for the Enterprise
Cisco ASA 5500 Series IPS Edition for the Enterprise Attacks on critical information assets and infrastructure can seriously degrade an organization s ability to do business. The most effective risk mitigation
More informationAugust knac! 10 (or more) ways to bypass a NAC solution. Ofir Arkin, CTO
knac! 10 (or more) ways to bypass a NAC solution August 2007 Ofir Arkin, CTO In Memory of Oshri Oz September 13, 1972 - May 27, 2007 Agenda What is NAC? NAC Basics 10 (or more) ways to bypass NAC Ofir
More informationData Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments
Trusted protection for endpoints and messaging environments Overview creates a protected endpoint and messaging environment that is secure against today s complex data loss, malware, and spam threats controlling
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationSymantec Endpoint Protection
Overview provides unrivaled security across physical and virtual platforms and support for the latest operating systems-mac OS X 10.9 and Windows 8.1. Powered by Symantec Insight and by SONAR, a single,
More informationThe McAfee MOVE Platform and Virtual Desktop Infrastructure
The McAfee MOVE Platform and Virtual Desktop Infrastructure Simplifying and accelerating security management for virtualized environments Table of Contents Wish List of Security Elements for Virtualized
More informationEnterprise Guest Access
Data Sheet Published Date July 2015 Service Overview Whether large or small, companies have guests. Guests can be virtually anyone who conducts business with the company but is not an employee. Many of
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationHazardous Endpoints Protecting Your Network From Its Own Devices
Hazardous Endpoints Protecting Your Network From Its Own Devices Abstract The increasing number and types of attacks launched from endpoint devices can no longer be ignored, and organizations must shift
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationINSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security
Symantec Enterprise Security WHITE PAPER Integrated Security: Creating the Secure Enterprise INSIDE Evolving IT and business environments The impact of network attacks on business The logical solution
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationPutting Trust Into The Network Securing Your Network Through Trusted Access Control
Putting Trust Into The Network Securing Your Network Through Trusted Access Control Steve Hanna, Juniper Networks Co-Chair, Trusted Network Connect Sub Group of Trusted Computing Group ACSAC December 2006
More informationSecuring BYOD With Network Access Control, a Case Study
Research G00226207 29 August 2012 Securing BYOD With Network Access Control, a Case Study Lawrence Orans This Case Study highlights how an organization utilized NAC and mobile device management solutions
More informationForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management
Brochure ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management Benefits Security Gain real-time network intelligence users,
More informationTeleworking and Security: IT All Begins with Endpoints. Jim Jessup Solutions Manager, Information Risk Management June 19, 2007
Teleworking and Security: IT All Begins with Endpoints Jim Jessup Solutions Manager, Information Risk Management June 19, 2007 Agenda 1 Today s Landscape 2 Trends at the Endpoint 3 Endpoint Security 4
More informationBUFFERZONE Advanced Endpoint Security
BUFFERZONE Advanced Endpoint Security Enterprise-grade Containment, Bridging and Intelligence BUFFERZONE defends endpoints against a wide range of advanced and targeted threats with patented containment,
More informationDiscovering ZENworks 11
ZENworks Take Advantage of One Unified Management Console and Agent with ZENworks 11 Since ZENworks 7 launched in 2006, the Micro Focus ZENworks family of products has provided thousands of businesses
More informationImplementing. Security Technologies. NAP and NAC. The Complete Guide to Network Access Control. Daniel V. Hoffman. WILEY Wiley Publishing, Inc.
Implementing NAP and NAC Security Technologies The Complete Guide to Network Access Control Daniel V. Hoffman m WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XIII XV Chapter 1 Chapter
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationMcAfee Total Protection for Data Loss Prevention
McAfee Total Protection for Data Loss Prevention Protect data leaks. Stay ahead of threats. Manage with ease. Key Advantages As regulations and corporate standards place increasing demands on IT to ensure
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationBUFFERZONE Advanced Endpoint Security
BUFFERZONE Advanced Endpoint Security Enterprise-grade Containment, Bridging and Intelligence BUFFERZONE defends endpoints against a wide range of advanced and targeted threats with patented containment,
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationIntroducing Next Generation Symantec AntiVirus: Symantec Endpoint Protection. Bernard Laroche Endpoint security Product marketing
Introducing Next Generation Symantec AntiVirus: Symantec Endpoint Protection Bernard Laroche Endpoint security Product marketing Agenda 1 Organizational Risk and Endpoint Challenges 32 Symantec Endpoint
More informationXerox and Cisco Identity Services Engine (ISE) White Paper
Xerox and Cisco Identity Services Engine (ISE) White Paper Contents Securing Your Networked Printing Devices... 1 Providing Security in an Internet of Things World... 1 Cisco ISE: A Powerful, Simple and
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSymantec Endpoint Protection Integration Component User's Guide. Version 7.0
Symantec Endpoint Protection Integration Component User's Guide Version 7.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms
More informationMOBILE NETWORK ACCESS CONTROL
MOBILE NETWORK ACCESS CONTROL Extending Corporate Security Policies to Mobile Devices www.netmotionwireless.com Executive Summary Network Access Control (NAC) systems protect corporate assets from threats
More informationIBM BigFix Compliance
IBM BigFix Compliance A single solution for managing endpoint security across the organization Highlights Ensure configuration compliance using thousands of out-of-the-box bestpractice policies with automated
More informationPower, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs
Business Brief Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs McAfee Compatible Solution Autonomic Software Endpoint Manager 1.2 and McAfee epo
More informationProtecting Your Digital World
Protecting Your Digital World C O R P O R A T E O V E R V I E W With revenues of more than $105 Billion, cybercrime generates more revenue than the illegal drug trade. Source: U.S. Treasury, reported by
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More information2013 InterWorks, Page 1
2013 InterWorks, Page 1 The BYOD Phenomenon 68% of devices used by information workers to access business applications are ones they own themselves, including laptops, smartphones, and tablets. IT organizations
More informationForeScout Agentless Visibility and Control
ForeScout Agentless Visibility and Control ForeScout Technologies has pioneered an agentless approach to network security that effectively helps address the challenges of endpoint visibility and control
More informationMobile Data Security Essentials for Your Changing, Growing Workforce
Mobile Data Security Essentials for Your Changing, Growing Workforce White Paper February 2007 CREDANT Technologies Security Solutions White Paper YOUR DYNAMIC MOBILE ENVIRONMENT As the number and diversity
More informationSymantec Endpoint Protection 11.0
OVERVIEW Symantec Endpoint Protection replaces Symantec AntiVirus Corporate Edition, Symantec Client Security, Symantec Sygate Enterprise protection and Confidence Online for PCs. Symantec Endpoint Protection
More informationSymantec Endpoint Protection
The next generation of antivirus technology from Overview Advanced threat protection combines AntiVirus with advanced threat prevention to deliver an unmatched defense against malware for laptops, desktops,
More informationExam: : VPN/Security. Ver :
Exam: Title : VPN/Security Ver : 03.20.04 QUESTION 1 A customer needs to connect smaller branch office locations to its central site and desires a more which solution should you recommend? A. V3PN solution
More informationRSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief
RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationCA Host-Based Intrusion Prevention System r8
PRODUCT BRIEF: CA HOST-BASED INTRUSION PREVENTION SYSTEM CA Host-Based Intrusion Prevention System r8 CA HOST-BASED INTRUSION PREVENTION SYSTEM (CA HIPS) BLENDS A STAND-ALONE FIREWALL WITH INTRUSION DETECTION
More informationSecurity Threats & Trends Arvind Sahay, Enterprise Manager India, McAfee
7/26/2005 Security Threats & Trends Arvind Sahay, Enterprise Manager India, McAfee 7/26/2005 Page 2 Outline Some Threats Current Trends Corporate Dilemma Challenges Security solutions available Q&A 7/26/2005
More informationEndpoint Security and Virtualization. Darren Niller Product Management Director May 2012
Endpoint Security and Virtualization Darren Niller Product Management Director May 2012 Table of contents Introduction... 3 Traditional Security Approach: Counteracts Virtual Performance Gains... 3 Agent-less
More informationSymantec Endpoint Protection 14
Symantec Endpoint Protection Cloud Security Made Simple Symantec Endpoint Protection 14 Data Data Sheet: Sheet: Endpoint Endpoint Security Security Overview Last year, we saw 431 million new malware variants,
More informationWireless and Network Security Integration Solution Overview
Wireless and Network Security Integration Solution Overview Solution Overview Introduction Enterprise businesses are being transformed to meet the evolving challenges of today's global business economy.
More information: Administration of Symantec Endpoint Protection 14 Exam
250-428: of Symantec Endpoint Protection 14 Exam Study Guide v. 2.2 Copyright 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and Altiris are trademarks or registered trademarks
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationWhite Paper February McAfee Network Protection Solutions. Encrypted Threat Protection Network IPS for SSL Encrypted Traffic.
White Paper February 2005 McAfee Network Protection Solutions Encrypted Threat Protection Network IPS for SSL Encrypted Traffic Network IPS for SSL Encrypted Traffic 2 Introduction SSL Encryption Overview
More informationMcAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks
McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks Key Advantages Stay ahead of zero-day threats, ransomware, and greyware with machine learning and dynamic
More informationComplying with PCI DSS 3.0
New PCI DSS standards are designed to help organizations keep credit card information secure, but can cause expensive implementation challenges. The F5 PCI DSS 3.0 solution allows organizations to protect
More informationStandardizing Network Access Control: TNC and Microsoft NAP to Interoperate
Standardizing Network Access Control: TNC and Microsoft NAP to Interoperate May 2007 Trusted Computing Group 3855 SW 153 rd Dr. Beaverton, OR 97006 TEL: (503) 619-0563 FAX: (503) 664-6708 admin@trustedcomputinggroup.org
More informationSecuring the Software-Defined Data Center
Securing the Software-Defined Data Center The future of the data center is software defined Key Advantages McAfee Network Platform 8.4 Delivers best-in-class IPS security across physical and softwaredefined
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationComplying with RBI Guidelines for Wi-Fi Vulnerabilities
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Reserve Bank of India (RBI) guidelines
More informationInternet Scanner 7.0 Service Pack 2 Frequently Asked Questions
Frequently Asked Questions Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions April 2005 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS)
More informationCisco Identity Services Engine
Data Sheet Enterprise networks are more dynamic than ever before, servicing an increasing number of users, devices, and access methods. Along with increased access and device proliferation comes an increased
More informationPower, Patch, and Endpoint Managers Expand McAfee epolicy Orchestrator Platform Capabilities While Cutting Costs
Power, Patch, and Endpoint Managers Expand McAfee epolicy Orchestrator Platform Capabilities While Cutting Costs Autonomic Software solutions are fully integrated into the McAfee epolicy Orchestrator (McAfee
More informationMobile Network Access Control Extending corporate security policies to mobile devices
Mobile Network Access Control Extending corporate security policies to mobile devices WHITE PAPER NetMotion Wireless 701 N 34th Street, Suite 250 Seattle, WA 98103 206.691.5555 www.netmotionwireless.com
More informationSIMATIC. Process Control System PCS 7 V7.0 SP1 Security Information Note: Setting up antivirus software. Preface. Using virus scanners 2
SIMATIC Process Control System PCS 7 V7.0 SP1 SIMATIC Process Control System PCS 7 V7.0 SP1 Security Information Note: Setting up antivirus software Security Information Note Preface 1 Using virus scanners
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationReducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security
Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security Healthcare provider manages threats with ease Atrius Health Customer Profile Large regional healthcare provider
More informationForeScout Extended Module for Symantec Endpoint Protection
ForeScout Extended Module for Symantec Endpoint Protection Version 1.0.0 Table of Contents About the Symantec Endpoint Protection Integration... 4 Use Cases... 4 Additional Symantec Endpoint Protection
More informationTHE SONICWALL CLEAN VPN APPROACH FOR THE MOBILE WORKFORCE
THE SONICWALL CLEAN VPN APPROACH FOR THE MOBILE WORKFORCE A Clean VPN approach delivers layered defense-in-depth protection for the core elements of business communications. Abstract The consumerization
More informationALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation
ALTITUDE DOESN T MAKE YOU SAFE Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation CYBER SECURITY IS THE GREATEST THREAT TO EVERY COMPANY IN THE WORLD. IBM CEO GINNI ROMETTY SD
More informationUnited Automotive Electronic Systems Co., Ltd Relies on McAfee for Comprehensive Security
United Automotive Electronic Systems Co., Ltd Relies on McAfee for Comprehensive Security Global Venture chooses McAfee for Complex Security Landscape UAES Customer Profile Joint venture of the United
More informationTRAPS ADVANCED ENDPOINT PROTECTION
TRAPS ADVANCED ENDPOINT PROTECTION Technology Overview Palo Alto Networks White Paper Most organizations deploy a number of security products to protect their endpoints, including one or more traditional
More informationEndpoint Security for DeltaV Systems
Endpoint Security for DeltaV Systems Decrease risk with intelligent, adaptive scanning Utilize advanced anti-malware protection Identify, remediate and secure your DeltaV system from cybersecurity risks
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationMcAfee Embedded Control
McAfee Embedded Control System integrity, change control, and policy compliance in one solution McAfee Embedded Control maintains the integrity of your system by only allowing authorized code to run and
More informationData Retrieval Firm Boosts Productivity while Protecting Customer Data
Data Retrieval Firm Boosts Productivity while Protecting Customer Data With HEIT Consulting, DriveSavers deployed a Cisco Self-Defending Network to better protect network assets, employee endpoints, and
More informationIntegrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries
Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries First united and open ecosystem to support enterprise-wide visibility and rapid response The cybersecurity industry needs a more efficient
More informationThreat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets
Threat Control and Containment in Intelligent Networks Philippe Roggeband - proggeba@cisco.com Product Manager, Security, Emerging Markets 1 Agenda Threat Control and Containment Trends in motivation The
More information