The Pulse Secure Blog

Exploring and Discussing Secure Access Trends and Technologies

Intelligent Access Security

The evolution to a remote workforce presents new challenges when connecting to enterprise resources because mobile devices can enter the network within and outside the company. They are also less controlled and less controllable than corporate PCs. How to manage this challenge was the focus of a recent webinar hosted by Lisa Lorenzin, Pulse Secure’s Principal Solutions Architect. The webinar can be accessed via this link: View Webinar

Customer Challenges Organizations with a remote workforce that use BYOD must balance business security with user productivity that empowers users to work in ways that most benefits them allowing them to access the information they need; from the sites they want. Moreover, the frameworks and policies placed on organizations that adhere to regulatory compliances require sensitive data to be limited to authorized users only, while requiring organizations to prove to auditors that the data is protected. These challenges are key drivers of Mobile Ready Secure Access.

Mobility Ready Secure Access Mobile Ready Secure Access delivers comprehensive visibility the ability to see what users and devices are on your network, and the type of information they are accessing. Once you have an awareness of what is occurring on your network, you have the context to build comprehensive access-control policies based on:

  • Who I am.
  • My role in the organization.
  • Where I am entering the network.
  • Whether I am using a BYOD or corporate device to gain network access. Because BYODs use disparate operating systems, the ability to integrate (or “onboard”) these devices automatically into your environment is also critical.
  • Whether the device complies with corporate policies.

In the Beginning Pulse Connect Secure was born in the early 2000s, when a firewall at the edge of the corporate network provided adequate defense against hackers and unauthorized users. Back then, Pulse Connect Secure was a Secure Sockets Layer (SSL) Virtual Private Network (VPN) gateway with granular role-based access control that identified external devices requesting access to the corporate network and provided the appropriate access to those devices.

The popularity of Pulse Connect Secure prompted customers to ask whether the application could be directed inwardly toward an organization’s internal resources. To address this demand, the policy engine from Pulse Connect Secure was used to create a separate entity: Pulse Policy Secure.

Pulse Policy Secure Pulse Policy Secure is an intelligent policy server. It combines granular context-based role assignments with the ability to provision resource-access policies down to an IEEE 802.1x Layer 2 switch, access point, or firewall within any enterprise-class network-edge infrastructure that supports 802.1x and Remote Authentication Dial-In User Service (RADIUS).

Pulse Policy Secure integrates with the captive portal capabilities found on Aruba, Juniper, and Cisco for allowing users onto their guest networks and capturing relevant information.

In addition to working with managed devices, Pulse Policy Secure works just as well with unmanaged devices, such as printers, VoIP phones, and IP-enabled cameras. By integrating with our own profiling solution as well as those from Great Bay Software, Pulse Policy Secure can build a database of the unmanaged devices on the network and assign them to profiles, so they can have the same access security as managed devices.

Pulse Policy Secure provides the leading-edge advantage of being able to collect information from third-party components in the network and use that behavioral information to modify access control within the network.

Pulse Policy Secure also ties together SSL VPN and network-access control policy enforcement. With this synergy, a user who logs in to the company network using the Pulse Policy Secure client and is mapped to a role, and then wants to access a firewall-protected resource deeper in the network, need be authenticated and authorized only one time (at the Pulse Policy Secure login) and not a second time (at the firewall), since the user is already mapped to a role that defines what he can and cannot access. In this way, user sessions can be “federated” from the SSL VPN to the NAC policy server, as well as between multiple policy servers distributed over a wide range of geographical areas, such as multiple cities in a particular region or multiple countries for global deployments.

Pulse Policy Secure works with leading global-device management solutions from MobileIron and AirWatch to augment the information obtained from other backend data stores, such as Active Directory and Lightweight Directory Access Protocol (LDAP). This enables Pulse Policy Secure to identify whether devices accessing the network are BYODs or corporate devices and compliant with organizational and mobile device management (MDM) policies. For devices that are not within the MDM policies, decisions can be rendered about pushing the devices through an onboarding process that allows users to use personal devices that will continue to be unmanaged and yet be able to access limited resources.

Get more information on Intelligent Access Security via Pulse Policy Secure by clicking here.