Technology Blueprint. Enforcing Endpoint Compliance on the network. Police your managed and unmanaged systems with Network Access Control (NAC)

Size: px
Start display at page:

Download "Technology Blueprint. Enforcing Endpoint Compliance on the network. Police your managed and unmanaged systems with Network Access Control (NAC)"

Transcription

1 Technology Blueprint Enforcing Endpoint Compliance on the network Police your managed and unmanaged systems with Network Access Control (NAC)

2 LEVEL SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL Security Connected The Security Connected framework from McAfee enables integration of multiple products, services, and partnerships for SECURITY CONNECTED centralized, efficient, and REFERENCE ARCHITECTURE effective risk mitigation. Built on LEVEL more than two decades 2 of 4 5 proven security practices, the Security Connected approach helps organizations of all sizes and segments across all geographies improve security postures, optimize security for greater cost effectiveness, and align security strategically SECURITY with business CONNECTED initiatives. The REFERENCE Security Connected ARCHITECTURE Reference Architecture provides a concrete LEVEL path from ideas 2 to 4 5 implementation. Use it to adapt the Security Connected concepts to your unique risks, infrastructure, and business objectives. McAfee is relentlessly focused on finding new ways to keep our customers safe. Police your managed and unmanaged systems with Network Access Control (NAC) The Situation What happens when employees bring in their own laptops, tablets, and smartphones or a business unit decides to hire contractors? You have a mix of permanent and temporary employees roaming your halls and networks with unmanaged devices. That s just one of the challenges IT faces in increasing support for remote and mobile endpoints while maintaining compliance with endpoint policies. Driving Concerns Less than a decade ago, all computing devices resided inside the corporate perimeter under the direct control of IT services. Since the organization owned and managed all these computing assets, PCs didn t exhibit policy drift over time. Now, however, several influences combine to mean today s network may be expected to support more unmanaged devices than traditional managed endpoints: Mobile laptops outnumber stationary desktops Smartphones and tablets are being adopted at a record-setting rate Macs are becoming commonplace corporate endpoints Desktop and server virtualization is exploding, making it easier to create rogue, unmanaged clients Personal PCs are used for remote access to corporate networks, and also in Bring your own PC initiatives to cut capital costs Many companies rely on contracted and outsourced labor, a workforce with its own set of laptops, smartphones, and tablets Inevitably, criminals are expanding their threat and malware development programs to this rich assortment of devices. For example, threats such as botnets and worms are becoming more common on mobile platforms. This combination of factors makes measuring and enforcing endpoint policies very difficult, yet these policies are important to protect intellectual property, prevent infection of enterprise assets, and enable adherence to industry and regulatory guidelines. Requiring adherence to policy before permitting network access isn t a new concept, but traditionally it has required complex, manual, labor-intensive processes that enable fairly binary access to the network: either full access or zero access. For the last few years, IT has used Network Access Control (NAC) to automate these processes. Real-time enforcement by endpoint agents has ensured policy compliance or forced remediation before allowing access. However, this traditionally challenging task has become even more cumbersome because of the disappearing perimeter of the network, the changing nature of the endpoint, and the changing requirements of end users. Infrequently used and disconnected laptops and rogue or stale virtual machines compound the problem. To reassert control over this endpoint environment, IT must implement a network access architecture that will handle: Unmanaged clients. Limit but allow access to the internal network by unmanaged clients, a range of personally-owned computing devices such as smartphones, tablets, personal laptops, and personal PCs. Monitor systems after access to prevent post-admission infections and compliance violations (such as deactivation of anti-virus). Managed clients. Enforce and document policy compliance of traditional managed endpoints, as well as virtual machines. Monitor managed clients to ensure systems are not infected by malware after they 2 Enforcing Endpoint Compliance

3 have gained access. Privileges. Different devices have different degrees of security. Different users merit different access freedoms. The architecture should enforce different access policies for different devices (smartphones vs. PCs) and user communities (executives vs. contractors). It should enable secure access to appropriate network resources such as the Internet, printers, contractor database, etc. Rogue devices. Many companies are unaware of all of the devices attached to their networks. Personal laptops, game consoles, virtual machines, medical devices, Linux or Macintosh machines, unauthorized printers, and rogue wireless access points: all of these devices can exist in the environment and pose a threat. Plus, the ease of creation and portability of unapproved or stale virtual machines are yet another vector of potential risk from unapproved software or outdated security settings. Solution Description Today, many companies break these issues up into three implementations, depending upon the business problem. Employee-owned smartphones and tablets demand a purpose built mobile solution. Employeeowned PCs or Home machines require a different approach to network access control than that for managed clients. And finally, many companies are looking to VDI to address the problem in a new and innovative way creating a managed client to run on unmanaged systems. The ideal solution should make it easy for these specialized implementations to work together for operational efficiency in management, auditing, and compliance reporting. The core requirements are: Unmanaged clients. Automate network access by unknown and personally-owned devices using a network-based NAC sensor»the» solution should intercept the initial connection attempt and use a temporary agent to detect and assess the security and compliance state of personally-owned PC platforms as they connect to the network»to» ensure compliant remote access via VPN from an unknown, unmanaged device such as a home PC with corporate VPN software installed a network-based NAC sensor deployed with the corporate VPN concentrator should intercept, authenticate, assess, and provision appropriate network access based on system health»the» provisioning process should use the same IT policy checks that are applied to managed machines, thus reducing the manual, labor-intensive moves/adds/changes process»the» solution should continue to enforce policies post-admission, checking on a scheduled basis to ensure continuous compliance Managed clients. Measure and maintain system health of known corporate assets»to» ensure that a wide range of corporate endpoints such as desktops, laptops, and virtual machines adhere to IT or regulatory policies, an agent on the endpoint should scan the software, validate required software is in place (such as patches and DAT releases), block or remediate systems with issues, and allow access for approved and compliant devices. This is a traditional scenario sometimes known as health-based NAC.»To» enforce compliance of virtual desktops, the solution should allow the same admission controls with virtual machines as those used with a physical PC, Linux, or Mac platform.»the» solution should continue to enforce policies post-admission, checking patches, configurations, and security software levels on a scheduled basis or at a network change to validate continuous compliance. This function ensures users are healthy when they initially connect and that they stay healthy after they re granted access. A movie theater analogy helps illustrate this: A teenager purchases a movie ticket and enters the multiplex (pre-admission). After the movie is over, the teen decides to sneak into another theater and watch another movie without paying for it (postadmission). A NAC solution that only performs pre-admission checks could expose an organization to Decision Elements The best solution for your organization will depend on your specific goals and the range of managed, unmanaged, and unmanageable clients you need to handle. The following internal and external forces may affect your architecture: Does your organization need to adhere to company, IT, or regulatory policies, such as appropriate use, PCI, SOX, HIPAA, or FDCC? For the above requirements, for which devices would you need to provision, measure, and enforce compliance? How frequently are you planning to allow network access from personally owned PCs or laptops? From smartphones or tablet PCs? From virtualized infrastructure? Do you have any currently deployed solutions, such as network IDS/IPS, that could assist in the integrated detection and management of unknown or badly-behaving devices (outdated or rogue virtual machine images and hosts) on your network? Enforcing Endpoint Compliance

4 post-admission health changes or violations. Privileges. The solution will allow different policies to be written and enforced on different types of devices based on device capabilities and users, accommodating different access modes, times of day, and other variables that could affect compliance and risk. Network segmentation and a guest portal will allow unknown users to have highly restricted access to the public Internet and other networked resources as appropriate. Rogues. A solution must continually scan the network for any unmanaged or unmanageable IP-based device and notify IT staff Technologies Used in the McAfee Solution McAfee offers an integrated product suite to address the full spectrum of network access requirements. We combine host-based software on managed endpoints with network appliances that control and monitor unmanaged devices. For smartphones and tablets, we use dedicated mobility management software to allow access and enforce policies specific to smartphones and tablets. A centralized management platform connects these components with the rest of your security and compliance infrastructure. Agent/Host-Hosted Service Network Network/Host McAfee NAC Client Software DB 2 epolicy Orchestrator Guest NAC Appliance NAC Appliance Mail Servers Remote Workers and WAN 2 NAC Appliance Appliance Branch Office Appliance Desktop Laptop Guest Guest Firewall Router Server Guest Enterprise Headquarters Typical Enterprise NAC deployment The architecture graphic shows a fully configured solution that would handle all of the above requirements. The proper McAfee solution for your needs depends on your existing environment and security goals. At a minimum, you would start with identity- and health-based access to specific subnets or applications, implemented throughout the network using a McAfee NAC appliance or the McAfee Network Security Platform (NSP) with NAC Module. This control would apply to all clients: managed, unmanaged, and unmanageable (such as printers and cameras). 4 Enforcing Endpoint Compliance

5 McAfee NAC Appliance The McAfee NAC appliance controls network access for both managed and unmanaged endpoints. It can be deployed inline or out of band, the latter using 802.x or SNMP to manage access at the switch port level. Access policies can be configured to include user identity (based on Active Directory status), systems health status from the NAC client, and much more. Unmanaged devices can be presented with temporary, network-segmented access or offered a dissolvable client that assesses its health posture against policy. Hosts can then be directed to a guest remediation portal or other network resources for self or automated remediation.»» McAfee Network Security Platform (NSP) with NAC Module Optionally, the NAC sensor can be added on to a McAfee Network Security Platform IPS system. This option adds post-admission network monitoring it checks on the health of machines that have already been admitted to a network, both managed and unmanaged clients. This in-line monitoring will catch systems that become infected with malware, such as bots or worms, for full post-admission threat mitigation and host quarantining. For customers with the Network Security Platform, in-line NAC can be added easily. The next concern would be exerting extra control over managed clients. For this capability, you would deploy NAC clients to your managed endpoints. McAfee NAC client software. This agent can be purchased as part of McAfee Endpoint Protection Advanced Suite or McAfee Total Protection for Endpoint Enterprise Edition, or as a standalone solution. Completely customizable, it ensures that endpoints have the correct security configurations, up-to-date operating system patches, and other required applications. The consolidated McAfee NAC policy library allows companies to use a single, common policy dictionary to define policy requirements across hosts. In addition to the 000 native checks in our policy library, you can directly import any XCCDF or OVAL content. These McAfee components are connected by the McAfee epolicy Orchestrator (McAfee epo ) management platform. Integration with McAfee epo reduces the number of management consoles and simplifies reporting for all network devices. Using this centralized management console, the administrator defines a system health policy that includes benchmarks with rules based on checks. New checks can be created here to supplement those provided in our policy library or imported from external sources. McAfee epo pushes the policy to managed clients. The clients (through the agent) perform a selfassessment against the policy and are provisioned with appropriate network access depending on system health. Health status can be monitored and reported through McAfee epo. To allow different privileges for different groups, policies can be created for different classes of users, leveraging existing user populations in your Active Directory or LDAP directory. This flexibility replaces binary yes/no access with truly granular, automated, policy-driven network access and better alignment with business goals instead of a one size fits all method. Smartphones and tablets including Apple iphones, Apple ipads, and Android devices require one addition to your deployment. Although the NAC network appliance (or NAC module on the McAfee Network Security Platform) will treat these devices as unmanageable clients, McAfee Enterprise Mobility Management allows you to exert policy-based control. McAfee Enterprise Mobility Management (McAfee EMM). McAfee EMM is a full featured mobile device management snap-in for McAfee epolicy Orchestrator that allows mobile devices to participate securely in the corporate infrastructure. McAfee EMM combines secure mobile application access, anti-malware, strong authentication, high availability, a scalable architecture, and compliance reporting in a seamless system. It configures mobile devices to match corporate security policies and enforces compliance prior to network access. To accommodate the different functionalities of different smartphones, device policies (such as the ability to install apps), are managed via EMM. Enforcing Endpoint Compliance 5

6 These are the basic elements of your NAC solution. They can be configured to handle some of the specific business requirements we have covered: Guest and Contractor Access. When an unmanaged guest device requests network access (over Wi-Fi, VPN, or LAN connection), the McAfee NAC Appliance or NAC add-on to the McAfee Network Security Platform will assess whether an endpoint is a managed client or an unidentified device and then place that user into a pre-admission network. Appropriate access can be granted and automatically provisioned based on system health or user credentials. That user will then be placed into the appropriate network segment based on policy. Rogues. McAfee can help you discover unapproved IP-enabled devices attaching to your network, from smartphones, printers, and gaming consoles to medical devices and cameras. The McAfee solution needed for this is the Rogue System Detection capability in McAfee epo. It will scan your network for any unmanaged or unmanageable IP-based device and alert IT staff for action. Impact of the Solution Deploying a full-spectrum McAfee NAC solution can help you: Enforce compliance. Enforce policy-driven compliance in real time as hosts join and leave the network, reducing the need for helpdesk calls Streamline operations. Slash or virtually eliminate the need for manual moves/adds/changes to improve the user experience, reduce help desk calls, and allow IT staff to focus on more critical areas Lower security spending. Unified management reduces the number of consoles needed to administer a perimeter-to-end node NAC deployment, drastically lowering TCO Leverage existing investments. Snap-in NAC agents, add-on network IPS modules, and McAfee epo integration allow organizations to leverage past investments in McAfee software and hardware and greatly reduce implementation time 6 Enforcing Endpoint Compliance

7 Q&A I ve heard NAC is confusing and difficult to deploy. Have you made it easier? Yes. NAC has matured over the years from science project technology to a mainstream solution. McAfee s multi-method deployment options (host and network) allow an organization to leverage an existing McAfee epo endpoint management deployment or McAfee Network IPS installation to deploy NAC rapidly, enterprise wide. The McAfee NAC consolidated policy library allows companies to use a single common policy dictionary to define policy requirements across both network and hosts. Cisco included a NAC solution with a recent networking purchase that we made. Why do I need anything else? Cisco is a networking company; they don t have the McAfee heritage of over 20 years of dedicated security focus. McAfee offers a proven security research team that allows us to provide much more than a top 20 approach to NAC. McAfee s policy library alone includes more than 000 native checks as well as the ability to directly import any XCCDF or OVAL content. I understand NAC is aimed at Microsoft operating systems, what about my Mac/Linux machines? McAfee Network Access Control (MNAC) supports installation on a range of enterprise operating systems, including Microsoft Windows, Mac OS X, and Red Hat. Additionally, McAfee Enterprise Mobility Manager adds full control of smartphone and tablet platforms such as iphones, ipads, and Android. Enforcing Endpoint Compliance 7

8 Additional Resources McAfee Network Access Control how does it work? (Video) For more information about the Security Connected Reference Architecture, visit: About the Author Michael Ward has 5 years of security engineering experience including several in the Network Access Control and directory enabled networking fields. He holds a Bachelors of Arts in Economics from George Mason University and is both a Certified Information Systems Security Professional (CISSP) and a Certified Ethical Hacker (CEH). The information in this document is provided only for educational purposes and for the convenience of McAfee customers. The information contained herein is subject to change without notice, and is provided AS IS without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. 282 Mission College Boulevard Santa Clara, CA McAfee, McAfee Enterprise Mobility Management, McAfee EMM, McAfee epolicy Orchestrator, McAfee epo, McAfee Network Access Control, McAfee Network Security Platform, and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications, and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 20 McAfee, Inc. 705bp_endpt-compliance-L_0

White Paper. Unify Endpoint and Network Security with McAfee Network Access Control (NAC)

White Paper. Unify Endpoint and Network Security with McAfee Network Access Control (NAC) Unify Endpoint and Network Security with McAfee Network Access Control (NAC) Unified Endpoint and Network Security with McAfee Table of Contents Executive Summary Network Access Control 3 Evolution of

More information

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection Technology Blueprint Secure Your Virtual Desktop Infrastructure Optimize your virtual desktop infrastructure for performance and protection LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL

More information

Total Protection for Compliance: Unified IT Policy Auditing

Total Protection for Compliance: Unified IT Policy Auditing Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.

More information

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and

More information

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement Comprehensive Endpoint Enforcement Overview is a complete, end-to-end network access control solution that enables organizations to efficiently and securely control access to corporate networks through

More information

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time Technology Blueprint Assess Your Vulnerabilities Maintain a continuous understanding of assets and manage vulnerabilities in real time LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1

More information

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync McAfee Enterprise Mobility Management Versus Microsoft Secure, easy, and scalable mobile device management Table of Contents What Can Do? 3 The smartphone revolution is sweeping the enterprise 3 Can enterprises

More information

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Addressing BYOD Challenges with ForeScout and Motorola Solutions Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless

More information

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2 WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Secure Network Access Control Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with

More information

The User is Evolving. July 12, 2011

The User is Evolving. July 12, 2011 McAfee Enterprise Mobility Management Securing Mobile Applications An overview for MEEC The User is Evolving 2 The User is Evolving 3 IT s Challenge with Mobile Devices Web 2.0, Apps 2.0, Mobility 2.0

More information

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security... WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive

More information

Secure Virtualization in the Federal Government

Secure Virtualization in the Federal Government White Paper Secure Virtualization in the Federal Government Achieve efficiency while managing risk Table of Contents Ready, Fire, Aim? 3 McAfee Solutions for Virtualization 4 Securing virtual servers in

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...

More information

Reducing the cost and complexity of endpoint management

Reducing the cost and complexity of endpoint management IBM Software Thought Leadership White Paper October 2014 Reducing the cost and complexity of endpoint management Discover how midsized organizations can improve endpoint security, patch compliance and

More information

Whitepaper. Securing Visitor Access through Network Access Control Technology

Whitepaper. Securing Visitor Access through Network Access Control Technology Securing Visitor Access through Contents Introduction 3 The ForeScout Solution for Securing Visitor Access 4 Implementing Security Policies for Visitor Access 4 Providing Secure Visitor Access How it works.

More information

Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs

Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs Business Brief Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs McAfee Compatible Solution Autonomic Software Endpoint Manager 1.2 and McAfee epo

More information

Symantec Mobile Management Suite

Symantec Mobile Management Suite Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

McAfee Enterprise Mobility Management (McAfee EMM ) 12.0

McAfee Enterprise Mobility Management (McAfee EMM ) 12.0 Technical FAQ McAfee Enterprise Mobility Management (McAfee EMM ) 12.0 Frequently Asked Questions Q. What types of mobile devices does McAfee Enterprise Mobility Management (McAfee EMM ) support? A. McAfee

More information

Athena Mobile Device Management from Symantec

Athena Mobile Device Management from Symantec Athena Mobile Device Management from Symantec Scalable, Secure, and Integrated Device Management for ios and Android Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile

More information

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org

More information

Symantec Mobile Management for Configuration Manager 7.2

Symantec Mobile Management for Configuration Manager 7.2 Symantec Mobile Management for Configuration Manager 7.2 Scalable, Secure, and Integrated Device Management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices

More information

Technology Blueprint. Protect Your Servers. Preserve uptime by blocking attacks and unauthorized changes

Technology Blueprint. Protect Your Servers. Preserve uptime by blocking attacks and unauthorized changes Technology Blueprint Protect Your Application Servers Preserve uptime by blocking attacks and unauthorized changes LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security Connected

More information

Symantec Mobile Management 7.1

Symantec Mobile Management 7.1 Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology,

More information

ForeScout Technologies Is A Leader Among Network Access Control Vendors

ForeScout Technologies Is A Leader Among Network Access Control Vendors For ForeScout Technologies Is A Leader Among Network Access Control Vendors Excerpted From The Forrester Wave : Network Access Control, Q2 2011 by John Kindervag with Stephanie Balaouras, Robert Whiteley,

More information

McAfee Security Architectures for the Public Sector

McAfee Security Architectures for the Public Sector White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed

More information

Technology Blueprint. Protect Your VoIP/SIP Servers. Insulating your voice network and its servers from attacks and disruption

Technology Blueprint. Protect Your VoIP/SIP Servers. Insulating your voice network and its servers from attacks and disruption Technology Blueprint Protect Your VoIP/SIP Servers Insulating your voice network and its servers from attacks and disruption LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

Symantec Mobile Management 7.1

Symantec Mobile Management 7.1 Scalable, secure, and integrated device management for healthcare Data Sheet: Industry Perspectives Healthcare Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any

More information

Providing a work-your-way solution for diverse users with multiple devices, anytime, anywhere

Providing a work-your-way solution for diverse users with multiple devices, anytime, anywhere Solution Overview BYOD Smart Solution Providing a work-your-way solution for diverse users with multiple devices, anytime, anywhere 2012 Cisco and/or its affiliates. All rights reserved. This document

More information

Technology Blueprint. Enforce Security on Smartphones + Tablets. Protect the business while allowing personally-owned devices to access the network

Technology Blueprint. Enforce Security on Smartphones + Tablets. Protect the business while allowing personally-owned devices to access the network Technology Blueprint Enforce Security on Smartphones + Tablets Protect the business while allowing personally-owned devices to access the network LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE

More information

Avoiding the Top 5 Vulnerability Management Mistakes

Avoiding the Top 5 Vulnerability Management Mistakes WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability

More information

Symantec Mobile Management 7.2

Symantec Mobile Management 7.2 Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology

More information

IBM Tivoli Endpoint Manager for Security and Compliance

IBM Tivoli Endpoint Manager for Security and Compliance IBM Endpoint Manager for Security and Compliance A single solution for managing endpoint security across the organization Highlights Provide up-to-date visibility and control from a single management console

More information

Embracing BYOD with MDM and NAC. Chris Isbrecht, Fiberlink Gil Friedrich, ForeScout

Embracing BYOD with MDM and NAC. Chris Isbrecht, Fiberlink Gil Friedrich, ForeScout Embracing BYOD with MDM and NAC Chris Isbrecht, Fiberlink Gil Friedrich, ForeScout 1 Today s Agenda The BYOD Landscape Network Access Control (NAC) 101 Embracing BYOD with MDM and NAC Use Cases 2 The BYOD

More information

ForeScout CounterACT. Continuous Monitoring and Mitigation

ForeScout CounterACT. Continuous Monitoring and Mitigation Brochure ForeScout CounterACT Real-time Visibility Network Access Control Endpoint Compliance Mobile Security Rapid Threat Response Continuous Monitoring and Mitigation Benefits Security Gain real-time

More information

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work. Deployment Guide Revision C McAfee Web Protection Hybrid Introduction Web Protection provides the licenses and software for you to deploy Web Gateway, SaaS Web Protection, or a hybrid deployment using

More information

Kaseya IT Automation Framework

Kaseya IT Automation Framework Kaseya Kaseya IT Automation Framework An Integrated solution designed for reducing complexity while increasing productivity for IT Professionals and Managed Service Providers. The powerful, web-based automation

More information

Efficient and easy-to-use network access control and dynamic vlan management. Date: 4.12.2007 http:// F r e e N A C. n e t Copyright @2007, Swisscom

Efficient and easy-to-use network access control and dynamic vlan management. Date: 4.12.2007 http:// F r e e N A C. n e t Copyright @2007, Swisscom Efficient and easy-to-use network access control and dynamic vlan management Date: 4.12.2007 http:// F r e e N A C. n e t Copyright @2007, Swisscom 1 Connection to the enterprise LAN is often (too) easy

More information

IBM Endpoint Manager for Mobile Devices

IBM Endpoint Manager for Mobile Devices IBM Endpoint Manager for Mobile Devices A unified platform for managing mobile devices together with your traditional endpoints Highlights Address business and technology issues of security, complexity

More information

Symantec Mobile Management 7.2

Symantec Mobile Management 7.2 Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology

More information

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM) 10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM) CONTENT INTRODUCTION 2 SCOPE OF BEST PRACTICES 2 1. HAVE A POLICY THAT IS REALISTIC 3 2. TAKE STOCK USING A MULTIPLATFORM REPORTING AND INVENTORY TOOL...3

More information

IBM Tivoli Endpoint Manager for Security and Compliance

IBM Tivoli Endpoint Manager for Security and Compliance IBM Endpoint Manager for Security and Compliance A single solution for managing endpoint security across the organization Highlights Provide up-to-date visibility and control from a single management console

More information

Best Practices for Secure Mobile Access

Best Practices for Secure Mobile Access Best Practices for Secure Mobile Access A guide to the future. Abstract Today, more people are working from more locations using more devices than ever before. Organizations are eager to reap the benefits

More information

Securing BYOD With Network Access Control, a Case Study

Securing BYOD With Network Access Control, a Case Study Securing BYOD With Network Access Control, a Case Study 29 August 2012 ID:G00226207 Analyst(s): Lawrence Orans VIEW SUMMARY This Case Study highlights how an organization utilized NAC and mobile device

More information

Endpoint Security More secure. Less complex. Less costs... More control.

Endpoint Security More secure. Less complex. Less costs... More control. Endpoint Security More secure. Less complex. Less costs... More control. Symantec Endpoint Security Today s complex threat landscape constantly shifts and changes to accomplish its ultimate goal to reap

More information

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6 Integration Guide Manager for use with epolicy Orchestrator 4.6 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Server Security

McAfee Server Security Security Secure server workloads with low performance impact and integrated management efficiency. Suppose you had to choose between securing all the servers in your data center physical and virtual or

More information

McAfee Enterprise Mobility Management

McAfee Enterprise Mobility Management Technical FAQ McAfee Enterprise Mobility Management Frequently Asked Questions Device Management Q: Which devices do you currently support? A: McAfee Enterprise Mobility Management (McAfee EMM ) offers

More information

McAfee Enterprise Mobility Management

McAfee Enterprise Mobility Management McAfee Enterprise Mobility Management Providing mobile application enablement and HIPAA security compliance Table of Contents HIPAA and ephi 3 Overview of 3 HIPAA Compliance for Remote Access 4 Table 1.

More information

SA Series SSL VPN Virtual Appliances

SA Series SSL VPN Virtual Appliances SA Series SSL VPN Virtual Appliances Data Sheet Published Date July 2015 Product Overview The world s mobile worker population passed the 1 billion mark in 2010 and will grow to more than 1.3 billion by

More information

Network Access Control in Virtual Environments. Technical Note

Network Access Control in Virtual Environments. Technical Note Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved

More information

Mobile Device Strategy

Mobile Device Strategy Mobile Device Strategy Technology Experience Bulletin, TEB: 2012-01 Mobile Device Strategy Two years ago, the Administrative Office of Pennsylvania Courts (AOPC) standard mobile phone was the Blackberry.

More information

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013 MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY EMEA Webinar July 2013 Protecting the Enterprise Full Footprint Mobile user Application access management & Application security Enterprise headquarters

More information

Tivoli Endpoint Manager. Increasing the Business Value of IT, One Endpoint at a Time

Tivoli Endpoint Manager. Increasing the Business Value of IT, One Endpoint at a Time 1 Tivoli Endpoint Manager Increasing the Business Value of IT, One Endpoint at a Time Endpoint Management Cost Today s Endpoint Management Challenges Drive IT Costs Up More than 50% of end users change

More information

Virtualization Beyond the Data Center: Increase Network Infrastructure Utilization and Efficiency to Reduce Operational Costs

Virtualization Beyond the Data Center: Increase Network Infrastructure Utilization and Efficiency to Reduce Operational Costs . White Paper Virtualization Beyond the Data Center: Increase Network Infrastructure Utilization and Efficiency to Reduce Operational Costs Executive Summary The concept of virtualization has gotten renewed

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

McAfee Total Protection Reduce the Complexity of Managing Security

McAfee Total Protection Reduce the Complexity of Managing Security McAfee Total Protection Reduce the Complexity of Managing Security Computer security has changed dramatically since the first computer virus emerged 25 years ago. It s now far more complex and time-consuming.

More information

CA Anti-Virus r8.1. Benefits. Overview. CA Advantage

CA Anti-Virus r8.1. Benefits. Overview. CA Advantage PRODUCT BRIEF: CA ANTI-VIRUS CA Anti-Virus r8.1 CA ANTI-VIRUS IS THE NEXT GENERATION IN COMPREHENSIVE ANTI-VIRUS SECURITY FOR BUSINESS PCS, SERVERS AND PDAS. IT COMBINES PROACTIVE PROTECTION AGAINST MALWARE

More information

Symantec Mobile Security

Symantec Mobile Security Advanced threat protection for mobile devices Data Sheet: Endpoint Management and Mobility Overview The combination of uncurated app stores, platform openness, and sizeable marketshare, make the Android

More information

McAfee Endpoint Protection Products

McAfee Endpoint Protection Products McAfee Total Protection Security Overview for MEEC Sumeet Gohri, CISSP Sr. Sales Engineer GovED + Healthcare McAfee, Inc. Agenda Protection Challenges McAfee Protection Products McAfee epo walkthrough

More information

Embracing Complete BYOD Security with MDM and NAC

Embracing Complete BYOD Security with MDM and NAC Embracing Complete BYOD Security with MDM and NAC Clint Adams, CISSP, Director, Mobility Solutions Keith Glynn, CISSP, Sr. Technical Solutions Engineer August 22, 2013 Today s Speakers Clint Adams, CISSP

More information

NAC at the endpoint: control your network through device compliance

NAC at the endpoint: control your network through device compliance NAC at the endpoint: control your network through device compliance Protecting IT networks used to be a straightforward case of encircling computers and servers with a firewall and ensuring that all traffic

More information

Preparing your network for the mobile onslaught

Preparing your network for the mobile onslaught IBM Global Technology Services Thought Leadership White Paper Preparing your network for the mobile onslaught How networks can overcome the security, delivery challenges posed by mobile devices 2 Preparing

More information

Cisco TrustSec Solution Overview

Cisco TrustSec Solution Overview Solution Overview Cisco TrustSec Solution Overview 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 10 Contents Introduction... 3 Solution Overview...

More information

IBM Tivoli Endpoint Manager for Lifecycle Management

IBM Tivoli Endpoint Manager for Lifecycle Management IBM Endpoint Manager for Lifecycle Management A single-agent, single-console approach for endpoint management across the enterprise Highlights Manage hundreds of thousands of endpoints regardless of location,

More information

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS Traditionally, IT risk management has balanced security investment and the impact of the threat, allowing each business

More information

Secure iphone Access to Corporate Web Applications

Secure iphone Access to Corporate Web Applications F5 Technical Brief Secure iphone Access to Corporate Web Applications The way corporations operate around mobile devices is currently shifting employees are starting to use their own devices for business

More information

Cisco Mobile Collaboration Management Service

Cisco Mobile Collaboration Management Service Cisco Mobile Collaboration Management Service Cisco Collaboration Services Business is increasingly taking place on both personal and company-provided smartphones and tablets. As a result, IT leaders are

More information

BYOD Policy & Management Part I

BYOD Policy & Management Part I Introduction Many of today s endpoints are neither known nor protected. According to Gartner, enterprises are only aware of 80 percent of the devices on their network. Those 20 percent of unknown devices

More information

Endpoint Security for DeltaV Systems

Endpoint Security for DeltaV Systems DeltaV Systems Service Data Sheet Endpoint Security for DeltaV Systems Essential protection that consolidates endpoint and data security. Reduces the time and effort spent deploying and managing security

More information

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...

More information

Mobile Network Access Control

Mobile Network Access Control Mobile Network Access Control Extending Corporate Security Policies to Mobile Devices WHITE PAPER Executive Summary Network Access Control (NAC) systems protect corporate assets from threats posed by devices

More information

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009 Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

SECURE ACCESS TO THE VIRTUAL DATA CENTER

SECURE ACCESS TO THE VIRTUAL DATA CENTER SOLUTION BRIEF SECURE ACCESS TO THE VIRTUAL DATA CENTER Ensure that Remote Users Can Securely Access the Virtual Data Center s Virtual Desktops and Other Resources Challenge VDI is driving a unique need

More information

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Tech Brief Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Introduction In today s era of increasing mobile computing, one of the greatest challenges

More information

Symantec Client Management Suite 8.0

Symantec Client Management Suite 8.0 IT Flexibility. User Freedom. Data Sheet: Endpoint Management Overview of Symantec Client Management Suite Symantec Client Management Suite automates time-consuming and redundant tasks for deploying, managing,

More information

The ForeScout Difference

The ForeScout Difference The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete

More information

WhatWorks in Blocking Network-based Attacks with ForeScout s CounterACT. Automating Network Access, Endpoint Compliance and Threat Management Controls

WhatWorks in Blocking Network-based Attacks with ForeScout s CounterACT. Automating Network Access, Endpoint Compliance and Threat Management Controls WhatWorks in Blocking Network-based Attacks with Automating Network Access, Endpoint Compliance and Threat Management Controls WhatWorks is a user-to-user program in which security managers who have implemented

More information

ForeScout MDM Enterprise

ForeScout MDM Enterprise Highlights Features Automated real-time detection of mobile Seamless enrollment & installation of MDM agents on unmanaged Policy-based blocking of unauthorized Identify corporate vs. personal Identify

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

McAfee Certified Product Specialist McAfee epolicy Orchestrator

McAfee Certified Product Specialist McAfee epolicy Orchestrator McAfee Certified Product Specialist McAfee epolicy Orchestrator Exam preparation guide Table of Contents Introduction 3 Becoming McAfee Certified 3 Exam Details 3 Recommended Exam Preparation 4 Exam Objectives

More information

SECURING TODAY S MOBILE WORKFORCE

SECURING TODAY S MOBILE WORKFORCE WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table

More information

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview Deployment models C H A P T E R 6 Implementing Network

More information

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and

More information

Sygate Secure Enterprise and Alcatel

Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and

More information

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software McAfee Global Threat Intelligence File Reputation Service Best Practices Guide for McAfee VirusScan Enterprise Software Table of Contents McAfee Global Threat Intelligence File Reputation Service McAfee

More information

IBM Endpoint Manager for Lifecycle Management

IBM Endpoint Manager for Lifecycle Management IBM Endpoint Manager for Lifecycle Management A single-agent, single-console approach for endpoint management across the enterprise Highlights Manage hundreds of thousands of endpoints regardless of location,

More information

Best Practices for Outdoor Wireless Security

Best Practices for Outdoor Wireless Security Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information