Endpoint admission defense – H3C Technologies H3C Intelligent Management Center User Manual

17

•

A single, central database of devices, users, and available services—important for networks that

include more than one remote communications server and access device.

•

Topology view of access services provides immediate visualization of the access infrastructure and
online users. This provides a tool for monitoring and managing access systems and users.

User Access Manager is integrated with other IMC services and features, providing operators with one

pane for managing critical network resources.

Endpoint Admission Defense

The Endpoint Admission Defense (EAD) component supports operators in reducing network

vulnerabilities by integrating security policy management and endpoint posture assessment for

identifying and evaluating, alerting on, and isolating risks at the network edge.
Network Access Control (NAC) solutions have typically involved the integration of several functions that

were usually deployed, configured, managed, and audited as independent systems.
The H3C IMC management platform provides all of these functions in a single platform, eliminating the

complexity of managing multiple systems.
With EAD, IMC integrates security threat evaluation, identification, location, security event awareness,

and the execution of protective measures into a centrally managed and monitored platform. IMC reduces

implementation costs and complexity while increasing overall network security.
EAD provides the following functionality:

•

Reduces the risk of malicious code or actions by detecting endpoint patches, viruses, ARP attacks,

abnormal traffic, the installation and execution of sensitive software, as well as the status of system
services.

•

Works in conjunction with the user access manager to define and apply appropriate security
posture policies to every user or device on the network. With EAD, administrators can build policies

for operating systems and operating system patches, registry settings, applications, processes, and

services into their EAD policies.

•

The EAD security policy component allows administrators to control endpoint admission based on

identity and the posture of the endpoint. Network operators can regulate network access based on
identity, posture to prevent unauthorized access to network assets and resources. If an endpoint is

not compliant with required software packages and updates, network assets can be protected by

blocking or isolating endpoints' access or by non-intrusive actions such as notification and

monitoring of the endpoint.

•

Works in conjunction with the iNode desktop client to gather endpoint posture information to
determine if an endpoint is compliant with established security policies.

•

With the iNode desktop client, key data theft protection features can also be enabled, such as
controlling access to USB and CD drives, to protect sensitive data.

•

To ensure continued security, EAD provides continual monitoring of endpoint traffic, installed
software, running processes and registry changes.

•

IMC leverages the existing instrumentation of network devices supporting NetStream and sFlow
data to provide greater visibility and control over network usage.
Interaction with the integrated UAM component enables traffic flows to be linked with users rather
than IP addresses alone for comprehensive auditing of network usage. EAD also provides

operators with an EAD Service report that allows administrators and operators to view and
analyze statistics related to security services.