ENDFORCE

Citation

• www.endforce.com

Annotation

Endpoint Security Policy (ESP)

• Server-based arch: need admin privilege on the remote device in order to scan. Not scalable.
• Server/applet arch: thin-client (web-based VPN access). For mobile workers.
• Server/arch: scalable.

3 phases to deployment:

• Report-only Mode - information about every endpoint is only being collected, not acted upon. Helps an enterprise establish an optimal policy for each group of users.
• Report and Message Mode - Inform the users of their compliance states and the action that will begin to be taken when they are out of compliance in the future.
• Endpoint Enforcement -Turn on the quarantine and network access control functionality. All non-compliant and rogue users can be re-directed to a quarantined segment of the network until they gain compliance.

ENDFORCE Enterprise™

How It Works

ENDFORCE Enterprise is a software-based, vendor-neutral framework that protects enterprise networks from non-compliant or untrusted endpoints by enabling enterprises to enforce security policies and gain control of their network security. Leveraging the existing network, user store and security software infrastructures, ENDFORCE Enterprise enables enterprises to:

• Centrally define security policies for endpoints
• Proactively assess compliance prior to network access and also during the network session
• Report the state of compliance over time and systematically enforce compliance

This extensible solution allows enterprises to deploy a network access control solution today that provides comprehensive security policy management and enforcement, which extends the capabilities of Cisco NAC, Microsoft NAP and TCG/Trusted Network Connect architectures as they are developed.

• Define Policy

The ENDFORCE Enterprise Web interface provides a central location for enterprises to define policies and associated compliance and enforcement actions. Policy details may include the installed and running version of the software, a signature file (if applicable), and any required security patches or service packs. Policies can be defined to include applications that must be installed and running as well as those that must not be installed and running, such as file sharing applications. Additionally, customers can define custom detections for any process, file, or registry key that requires endpoint inspection.

• Assess Endpoints

An ENDFORCE Agent determines whether each endpoint is in compliance with the defined policy. For managed endpoints, this inspection can be performed by a distributed low-profile client that performs rules-based assessment of software applications and OS patch compliance and reports the results of compliance assessment back to the ENDFORCE application server. A clientless Web Agent can also be utilized to perform the same level of assessment for unmanaged or managed endpoints where a client may not be possible.

• Report and Alert Results

ENDFORCE Enterprise includes a rich set of tools that report and alert on the compliance status of all enterprise endpoints. Enterprises must know the state of security compliance of their endpoints and users. The ENDFORCE Enterprise Web interface provides data and intelligence relating to user session, policy compliance, quarantine, and network access. This data is a realistic view of endpoints that are compliant or non-compliant with the defined security policies. Numerous predefined reports exist along with the ability to create custom reports. The combination of robust reporting, and real-time alerts allow administrators to react quickly to significant compliance issues as they occur and improved risk management of the enterprise network environment.

• Enforce Compliance

Enterprises need to enforce compliance with their defined security policies to protect their networks from threats arising from non-compliant endpoints. Through endpoint authentication and access enforcement, ENDFORCE Enterprise permits, quarantines, or denies access to the network based on each endpoint’s compliance with policy.

____________________________________

Context Aware Authorization™ (CONTEXT™) Technology

ENDFORCE developed Context Aware Authorization (CONTEXT) technology to power ENDFORCE Enterprise. CONTEXT technology combines the awareness of a user's role, access method, endpoint health, and available threat responses when determining authorization to enterprise network resources. By defining security policy using CONTEXT technology, the enterprise can customize access to its network resources based on the current state of system security. CONTEXT technology allows granular enforcement; users may be placed in quarantine or permitted restricted access until they become compliant with enterprise security policy.

• User Role

Access to specific enterprise resources are based on clearance level and requirements of defined organizational roles. These roles may include executive management, employees, remote employees, and contractors.

• Access Method

A single policy is enforced independently of access method and technology — or can be tailored to the differing risk profile of various access methods, such as LAN, WiFi? , broadband, and remote.

• Threat Response

Available responses to security vulnerabilities, such as OS patches and security application updates, are automatically made available for enforcement when determining resource authorization.

• Endpoint Health

Endpoint status is determined through contextual analysis of the status of a device's operating system, installed security applications, service packs, OS patches, and related applications and customized assessments.