Extreme Networks Data Sheet ™ Sentriant AG While efforts to improve network security have been focused on locking down the network perimeter and securing critical internal network assets, the security of endpoint devices, which make up the majority of networks, have gone largely untouched. Attackers, however, are increasingly targeting endpoint devices, such as LAN workstations, remote access laptops and home computers to compromise networks. Their motivation is simple: endpoint devices typically bypass standard perimeter security measures and connect directly into the network. Extreme Networks® Sentriant™ AG verifies that Endpoint policy compliance—protects the network by making endpoint devices, such as laptops and desktops, certain that endpoint devices are free from threats and accessing the network are free from security in compliance with IT security policies. threats and in compliance with the organization’s security standards. It systematically tests end- point devices for compliance with organizational Noncompliant Endpoint Remediation security policies, quarantining non-compliant • Flexible access policies machines before they can damage the network. • Agent-less solution Sentriant AG dramatically reduces the cost and • Protection for remote and local connections effort of securing those devices—devices used by remote employees and contractors using VPN Comprehensive Yet Scalable Solution or dial-up, devices connecting to the network directly, and devices connecting through • Deep endpoint testing wireless networks—including devices your IT • Simple, easy deployment group may not own or adequately control. • Flexible enforcement options Target Applications Powerful Enterprise Integration • Wireless and mobile computing • Enterprise Integration Framework • Regulatory compliance for security initiatives • Sharing endpoint compliance data • Quarantines endpoint devices that are not in compliance • Acting on input from other systems • Remote access using devices that are not controlled by the organization Endpoint security—Safeguarding your network. Extreme Networks Data Sheet Noncompliant Endpoint Remediation Sentriant AG intercepts device connections and examines the connecting device to see if it meets the organization’s policies for security such as security settings, patches and antivirus safeguards. Devices not meeting policy can be denied access or quarantined. Flexible Access Policies • Sentriant AG agent—Tests method, while on remote access or VPN endpoint through installed client connections, the agent-less option might be Using Sentriant AG, administrators the desirable method. create access policies that define which applications and services are permitted The agent-less option is ideal for testing ® Protects Remote and Local and specify the actions to be taken when Windows 2000 and Windows XP Pro devices do not comply. Sentriant AG machines. It offers zero-maintenance device Connections administration as no client needs to be tracks all testing and connection activity Sentriant AG also protects the LAN from installed or supported on the endpoint. and produces a range of reports for threats by remote users or from internal auditors, managers and IT staff. users. Any machine that poses a risk can be The ActiveX plug-in tests all Microsoft– quarantined, whether that machine is supported Windows operating systems and connecting from an external location via a Agentless Solution foreign endpoints where an installed agent VPN, or connecting locally (see Figure 1). Sentriant AG is very simple to deploy is impractical. because it does not require an agent to VPN connections secure information, but be installed on endpoint devices. Sentriant AG agent also tests all Microsoft– they do not protect your network from However, for organizations that prefer an supported Windows operating systems and infected devices or malicious traffic. agent-based approach, Sentriant AG can be used for internal legacy devices such Sentriant AG identifies remote devices that provides that alternative too. There are as those running Windows 98 or NT. three options for testing endpoint pose a threat and quarantines the device. devices: Administrators can prioritize the order that Sentriant AG also protects from threats by • Agent-less—No client-side agent testing options are applied as devices initially internal users (see Figure 2). Compliant required on endpoint connect to the network. For example, on an devices are allowed LAN access while internal network, the Sentriant AG agent • ActiveX plugin—Tests endpoint noncompliant devices are quarantined. through web browser might be selected as the preferred testing Sentriant AG Firewall VPN and Pass RAS Up-to-date Corporate-owned LAN Computer Internet Cable Fail Modem Unpatched Home Computer New Connections Tested by Sentriant AG ! Quarantine Deny access completely or give limited access Figure 1: Protection from Remote Users DHCP Sentriant AG Server Firewall 1 2 3 4 5 6 7 8 9 11 12 13 14 15 16 17 19 20 21 22 23 24 1 2 3 4 5 6 7 8 9 11 12 13 14 15 16 17 19 20 21 22 23 24 STACK NO STACK NO Internet CONSOLE CONSOLE Edge Switch Core Switch Fail Pass ! Quarantine New Connections Tested by Sentriant AG Figure 2: Protection for internal LAN Connections © 2006 Extreme Networks, Inc. All rights reserved. Sentriant AG—Page 2 Extreme Networks Data Sheet Comprehensive and Scalable Solution Sentriant AG is a powerful endpoint security solution that provides deep and comprehensive testing of endpoint devices. At the same time, it is easily deployed, supports industry standards and scales to meet the needs of the largest organizations. Flexible Enforcement Options – Software required and software Linux operating system, so the installation not allowed—Defined by process is fast, easy and completely self- Sentriant AG supports IEEE 802.1x, administrator contained. Because Sentriant AG requires DHCP, inline and other enforcement – Worms, viruses and Trojans— no client-side agents, setup, administra- schemes for maximum deployment Checks for the presence of dozens tion and deployment is greatly simplified. options and easy integration with existing of attacks and infections security systems. These industry-wide Sentriant AG easily scales from the initiatives enable the network infrastruc- Simple, Easy Deployment smallest to the largest networks. Most ture to enforce security policy compli- importantly, the solution is cost-effective. ance on all devices seeking to access Sentriant AG installs on a dedicated network computing resources. server. Installation includes the hardened Sentriant AG also adds extensive policy compliance and enforcement features in order to verify that the applications and Network Protection services running on endpoint devices comply with security and access policies. Feature Benefit Figure 3 highlights the key features and Tests endpoints as they connect to the network Mitigates network damage caused by infected or benefits of the Sentriant AG. unsafe endpoints Test library updated as frequently as hourly Automatically protects against newly released threats Deep Endpoint Testing Multiple test categories, dozens of tests Protects from the range of endpoint-specific threats Access policies consist of one or more Fast custom test creation through open API Organization-specific testing tests to assess operating system Flexible enforcement options (grant, deny or quarantine Does not inhibit the flow of business integrity, verify that key hotfixes and access) driven by corporate security policies patches have been installed, verify that Offers range of enforcement on a per access policy basis, Graduated enforcement anti-virus and other security applications from passive monitoring (no enforcement) to strict are present and up-to-date and detect enforcement; allows controlled rollout of Sentriant AG the presence of other malware. Any Unlimited number of customizable access policies tailored to, Provides tailored testing/enforcement for variety of incidence of potentially dangerous for example, the level of threat, operating system and user types (e.g., visitors, executive staff and Windows applications such as file sharing, Peer-to- organizational requirements 2000 users) Peer (P2P), or spyware is also checked. Enterprise Integration Framework: Leverages existing network security investments • Allows import/export of security compliance data Administrators can also create custom • Allows third-party systems to control Sentriant AG functions tests through Sentriant AG’s Application Programming Interface (API). Sentriant Compliance and Reporting AG ships with dozens of out-of-the box Tests endpoints against user-defined access policies Verifies that endpoints conform to security policy(s) tests in the following categories: Regularly retests endpoints while logged in on administrator- Eliminates threat from endpoints that become non- specified schedules compliant while connected • Operating systems—Tests for services packs and hotfixes Endusers of non-compliant endpoints informed of the steps Reduces administrative overhead required to bring devices into compliance • Browser security policy—Verifies Detailed reporting meets the needs of auditors, managers and Documents security/compliance status browser security settings match the IT staff members organization’s policy Administration • Security settings—Tests for Offers three flexible endpoint testing methods: Maximizes protection/endpoint coverage with macros, services, Windows security • Agent-less minimal demands on IT resources
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages6 Page
-
File Size-