Endpoint admission defense – H3C Technologies H3C Intelligent Management Center User Manual
Page 31

17
•
A single, central database of devices, users, and available services—important for networks that
include more than one remote communications server and access device.
•
Topology view of access services provides immediate visualization of the access infrastructure and
online users. This provides a tool for monitoring and managing access systems and users.
User Access Manager is integrated with other IMC services and features, providing operators with one
pane for managing critical network resources.
Endpoint Admission Defense
The Endpoint Admission Defense (EAD) component supports operators in reducing network
vulnerabilities by integrating security policy management and endpoint posture assessment for
identifying and evaluating, alerting on, and isolating risks at the network edge.
Network Access Control (NAC) solutions have typically involved the integration of several functions that
were usually deployed, configured, managed, and audited as independent systems.
The H3C IMC management platform provides all of these functions in a single platform, eliminating the
complexity of managing multiple systems.
With EAD, IMC integrates security threat evaluation, identification, location, security event awareness,
and the execution of protective measures into a centrally managed and monitored platform. IMC reduces
implementation costs and complexity while increasing overall network security.
EAD provides the following functionality:
•
Reduces the risk of malicious code or actions by detecting endpoint patches, viruses, ARP attacks,
abnormal traffic, the installation and execution of sensitive software, as well as the status of system
services.
•
Works in conjunction with the user access manager to define and apply appropriate security
posture policies to every user or device on the network. With EAD, administrators can build policies
for operating systems and operating system patches, registry settings, applications, processes, and
services into their EAD policies.
•
The EAD security policy component allows administrators to control endpoint admission based on
identity and the posture of the endpoint. Network operators can regulate network access based on
identity, posture to prevent unauthorized access to network assets and resources. If an endpoint is
not compliant with required software packages and updates, network assets can be protected by
blocking or isolating endpoints' access or by non-intrusive actions such as notification and
monitoring of the endpoint.
•
Works in conjunction with the iNode desktop client to gather endpoint posture information to
determine if an endpoint is compliant with established security policies.
•
With the iNode desktop client, key data theft protection features can also be enabled, such as
controlling access to USB and CD drives, to protect sensitive data.
•
To ensure continued security, EAD provides continual monitoring of endpoint traffic, installed
software, running processes and registry changes.
•
IMC leverages the existing instrumentation of network devices supporting NetStream and sFlow
data to provide greater visibility and control over network usage.
Interaction with the integrated UAM component enables traffic flows to be linked with users rather
than IP addresses alone for comprehensive auditing of network usage. EAD also provides
operators with an EAD Service report that allows administrators and operators to view and
analyze statistics related to security services.