Based on the H3C Intelligent Management Center (IMC) platform, Endpoint Admission Defense (EAD) minimizes network vulnerabilities by integrating security policy management and endpoint posture assessment to identify and isolate risks at the network edge.
The IMC EAD security policy component enables administrators to control endpoint admission based on identity and the posture of the endpoint. If the endpoint is not compliant with required software packages and updates, network assets can be protected by blocking or isolating endpoints' access. Additionally, non-intrusive actions such as endpoint monitoring and notification can be enabled.
EAD reduces the risk of malicious code infecting your network or other security breaches by detecting endpoint patches, viruses, Address Resolution Protocol (ARP) attacks, abnormal traffic, installation and running of sensitive software, as well as the status of system services. To ensure continued security, EAD provides continual monitoring of each endpoint's traffic, installed software, running processes and registry changes.
Most Network Access Control (NAC) solutions involve multiple separate functions that all need to work together, but which are deployed, configured, managed and audited separately. The IMC management platform consolidates these functions in a single environment to avoid the complex configuration issues associated with a fragmented solution. EAD integrates security evaluation, security threat location, security event awareness and execution of protective measures into a centrally managed and monitored platform that reduces implementation costs and complexity while increasing overall network security.
Reduce the risk of infected devices on the network
An important function associated with NAC is minimizing the risk of malware-infected PCs, laptops and other devices connecting to and compromising your network. The IMC EAD component works in conjunction with the User Access Manager (UAM) component to apply the appropriate security posture policy to each user or device on the network.
Automatically block devices sending suspicious traffic
Ensuring that devices connecting to your network are configured to meet predefined security policies is only one method of keeping infected devices from interfacing with your network. Even a well configured and protected PC or laptop could be infected with a new or undiscovered vulnerability that locally running security applications cannot detect. To ensure devices that have been compromised in this way cause the minimum damage or disruption, IMC has an integrated Attack Control Center (ACC) component that can be configured to receive security events from intrusion prevention systems (IPSs) and other security-aware devices in the network, and act on those events to isolate or block the endpoint to protect network assets.
Leverage existing user directories
As well as its own internal database for standalone deployments, UAM also has the ability to integrate with existing IT directory services. Via a standard Lightweight Directory Access Protocol (LDAP) v2/3 interface, UAM can either synchronize with an external directory, or completely offload the user and device ID/password authentication process. This eliminates duplicated effort as well as accuracy and delay issues associated with maintaining multiple instances of the same information.
Enforce posture compliance
EAD, in cooperation with the iNode desktop client, collects endpoint posture information to determine if an endpoint is compliant with set policies. Status checks include the O/S, O/S Patches, registry settings, applications, processes and services that are installed and/or running on a particular device. In addition to basic security requirements, administrators can build these custom requirements into their EAD policies to ensure that only devices that comply with the organization's desktop policies can connect or stay connected to the network.
Protect sensitive data
EAD regulates network access based on user identity, posture, location and time of day to prevent unauthorized access to network assets and resources. With the iNode desktop client, key data theft protection features can be enabled, such as controlling USB and CD drive access.
User-based traffic analysis
IMC unlocks the power of data being monitored by network infrastructure devices, including NetStream and sFlow data, to enable greater visibility and control of network usage. Interaction with the integrated UAM component enables traffic flows to be linked with users rather than just IP addresses for comprehensive auditing of network usage. For current and historical auditing purposes, this facilitates associating a specific user with particular activity on the network.
Flexible and highly scalable deployment
IMC delivers an extensive set of capabilities for managing, monitoring and controlling large heterogeneous networks. This self-contained solution provides scalability and high availability through a flexible, distributed deployment model. With its modular design, IMC can be deployed across multiple servers to provide maximum scalability and resilience as the number of infrastructure devices and associated networked users and devices grows.