Visibility and Access Control for Endpoints and IoT

Automated Endpoint Compliance
and Integrated Threat Response

Complete Visibility and Zero Trust Security for Remote and Local Endpoints

Network Access Control (NAC) solutions provide organizations with continuous visibility, endpoint and IoT access control, and automated threat mitigation. Pulse Profiler provides full visibility of local and remote endpoints, so organizations know what’s connected at any time. Pulse Policy Secure (PPS) enables strong Zero Trust based “comply to connect” policy enforcement so users and endpoints are authenticated and their security posture are validated before they are connected to the network with appropriate access for their role.

Detect and Profile

Detect and profile all local and remote endpoints including IoT

Automated Network

Automated network segmentation and enforcement of endpoint security posture policies

Automated Threat Response

Automated threat response on endpoint level to break down security silos

Continuous Endpoint Compliance to Limit Risk Exposure

Endpoints are continuously targeted by attackers to gain further access into the network and its resources. Obsolete or unpatched systems with known vulnerabilities make an attacker’s job easy. PPS lets organizations see exactly what endpoints connect to the network and ensure their security posture is compliant, limiting unauthorized access, plus easing the auditing burden.

Endpoint attacks keep increasing

It is crucial to ensure an endpoint’s security posture is maintained throughout the connectivity lifecycle.

Security breaches result in loss of end-user productivity

Beyond the much cited but difficult to measure loss of reputation, loss of productivity is an immediate detractor of a business’ top line.

Segmentation is essential for compliance

Devices that manage critical data (such as PII, financial data) must never be on the same network as a regular workstation. Automated network provisioning and segmentation ensures continuous PCI-DSS or HIPAA compliance.

Know your endpoints

Ensure all endpoints (remote, local, IoT) are profiled and comply with security policies to avoid compliance breaches because devices with obsolete OS (e.g. Windows XP, Windows 7) are on the network.

Shortage of skilled security staff

Pulse Profiler and PPS are easy to use and deploy so security staff can focus on strategic tasks.

MAC spoofing, DGA attacks, IoT rogue devices increase threat risk

PPS offers User and Entity Behavioral Analytics (UEBA) to scan the network and isolate threats.

Key Capabilities

End-to-end Zero Trust Access
PPS or PCS/VPN can enforce endpoint security posture with Host Checker functionality
Session federation enables seamless roaming from VPN to on-premise
Dynamic access control on access network and firewalls

Key NAC Features

Every organization’s network infrastructure and endpoint needs are different. There are many NAC features to consider:

Network visibility

With an ever-increasing number of endpoints due to BYOD and IT/OT integration, it is important to know what is on the network in order to define secure policies that cover all access use cases.

Device and user authentication

To validate users and devices, NAC needs to integrate with leading IAM and MDM solutions, for all remote and local access scenarios, wired and wireless.

Access control & policy engine

Users and devices must receive access on a least privilege basis, and endpoints handling critical data such as PII or financial transactions should be strictly segmented. Shadow IT or social media apps exposes devices and data to resources outside of an organization’s corporate policies. NAC can limit access for non-compliant endpoints and remediate the issue.

Bi-directional integration

Integration with security solutions such as SIEMs and NGFWs enable a NAC to make threat alerts actionable on the endpoint level; breaking down the security silos of such security products.

Guest access management

Enterprises need contractors and guests to have limited network access, and an easy to use self-registration portals or sponsor-based approval process without compromising security.