Operations
Logical Security Zoning
Control access to resources by isolating users, servers and clients into one or more private communities without regard to their physical location. For increased flexibility, zones may be based on users, user groups, IP addresses or ranges, ports and geographic regions - almost any factor.
Identity and Secure Policy Enforcement New!
Policies can be set to grant user or system access to one or more logical security zones or to deny “un-trusted” user or system access. User authentication uses Kerberos tickets and system authentication uses digital certificates so both user and system authentication are cryptographically secure.
Policy-Based Encryption of Data in Motion
Network data communications between users and virtual or physical systems may efficiently be secured through policy-based encryption of data in motion based on identity. Secure, IPsec “supported” data encryption algorithms DES, 3DES, AES-128 or AES-256 are used.
Preventive Jump-Off New!
A single EpiForce Agent on a Microsoft Windows or Citrix XenApp Terminal Server can control multiple remote users and their security policies to prevent “jump-off” or unauthorized access to critical data on a network.
Policy Persistence
Security policy remains persistent, regardless of the physical location of a user, server or client. In the event of a location change, the security policy follows the user or system and requires no additional administrative action. In EpiForce VM, agents also automatically reconfigure security policy when a VM is restarted avoiding a security gap. Other security solutions lack this feature and pose a security risk.
Distributed Architecture
To maintain high availability, EpiForce software was designed with a distributed architecture that allows multiple instances of management components to be installed to maintain fault tolerance. Policies are enforced between servers and clients themselves, eliminating the bottlenecks and single points of failure common in appliance-based solutions like firewalls, VLANs and NAC.
Unprotected Host Support
Servers, clients, printers and other devices that do not have Enforce installed may be included in logical security zones to control access to those critical resources.
Minimal Performance Impact
VeriTest, an independent testing lab, found that EpiForce VM imposes a minimal impact to CPU utilization and typical network traffic flows. Click here to download the report.
Management and Reporting
Centralized Management Interface
Policies are easily deployed and managed from a centralized console with a user-friendly graphical user interface (GUI) from anywhere on the network. A management console may also be installed in the data center or remote offices to allow flexibility in central office, regional branch or organizational unit management.
VM-Enabled Admin Console (EpiForce VM only)
Install EpiForce VM Admin Console on one or more VMs, physical machines or both, increasing greater administrator flexibility.
Activity Logging
Penetration attempts, operational status, IPsec protocol status and an audit trail of key management and encapsulation protocols are just a few of the key activities stored in standard Syslog and Microsoft Windows Events Log formats.
Management Reporting Integrated with Third-Party Tools
Administrators can generate reports on security activities such as client software alerts, configurations, exceptions and system status through open software or standard tools such as Splunk and Crystal Reports. Data used for these reports are obtained from Syslog and Microsoft Windows Event Logs.
Dynamic Real-Time Policy Management New!
Administrators can quickly make immediate policy changes on-the-fly to meet urgent needs.
Role-Based Delegation of Admin Privileges
Security administrators may deploy security policy by delegating administrator privileges to six roles including Super User, Account Management, System Settings, Operations, Audit and Read-Only to maximize flexibility.
Powerful Administrator Workflow
Administrators can use powerful workflows to create, submit, approve and commit security policy. All administrator actions are tracked as Change Sets and entered into the workflow process. Committed changes are deployed based on user-defined schedules.
Installation and Interoperability
Cross-Platform Support New!
EpiForce Agents support Windows, UNIX and Linux platforms, providing the flexibility to secure complex heterogeneous enterprise environments. EpiForce VM Agents have additional support for VMware vSphere (VMware ESX Server, vMotion and vCenter Server) and LPAR IBM. Legacy operating systems or platforms can be protected with an EpiForce Guardian Security Appliance.
Microsoft Active Directory (AD) Synchronization New!
To deliver simplified administration and secure identity verification, user IDs from Microsoft Active Directory (AD) are synchronized with EpiForce.
Legacy Platform Support
Legacy platforms and mission-critical systems are easily protected with EpiForce Guardian appliance.
Network Layer Transparency
EpiForce functions at the network layer to be transparent to users and applications, avoiding time-consuming user training or physical changes to the network. Legacy applications can easily be secured, eliminating the cost, time and incompatibilities associated with rewriting applications.
Broad VPN Client Support New!
EpiForce communications over a VPN is accomplished through UDP encapsulation enabling compatibility with VPN client software from vendors such as Cisco, Check Point and Nortel. This allows extended coverage of security policies to remote locations.
Enterprise-Class Security
Security and zoning policies have been tested and can scale to more than 300,000 agents. Therefore, EpiForce is able to meet the expanded needs of fast growing organizations who want to protect their security solution investment.
Auto Install Support
EpiForce Agents can be customized to install on thousands of systems remotely through standard remote installation tools. This feature streamlines deployments and saves considerable time.
Auto Registration Support New!
Systems with agents may have security policies configured through a pre-designed image to allow them to automatically add themselves to EpiForce. This eliminates data entry time and the possible errors associated with that activity.
|
