SYGATE SECURE ENTERPRISE

Solution

Business needs today are driving enterprise networks to be more open than ever before. Whether due to partnerships, outsourcing, tele-working, or remote access, the enterprise network perimeter is vanishing, making the network perimeter-based security model less and less effective.

As a result, many enterprises have taken a layered approach to securing open networks by implementing several security products, such as antivirus software, host firewalls, host IDS, and patch management systems on endpoints (laptops, desktops, embedded devices, and servers). Yet, hackers and thieves continue to disrupt enterprise networks because no solution capable of enforcing continuous policy compliance has emerged . . . until now.

Sygate changes the game. For the first time, commercial and government enterprises can gain a strategic advantage over hackers with the industry's first enterprise security solution that ensures that company-owned devices are uncompromised, continuously compliant with security policies, and protective of confidential data.

Benefits:

Minimizes Network Downtime and Business Disruption
Protects infrastructure from rogue users, compromised devices, and applications
Alleviates liability concerns and regulatory pressures with Continuous Compliance
Addresses today's urgent needs and tomorrow's evolving needs with strategic platform

Reduces Security Costs
Automates compliance checking, enforcement, and remediation
Reduces help desk costs and protects user productivity
Leverages existing infrastructure by interoperating with other vendor's products

Ensures Regulatory Compliance
Protects customer, patient, and employee privacy
Achieves Continuous Compliance, thus protecting the integrity of internal controls and governance

How It Works:

Sygate Secure Enterprise combines a sophisticated security agent that runs on each client, one or more policy management servers distributed across the enterprise, and enforcement on servers inside the network and on endpoints.

Sygate Security Agents: Protect all network-enabled endpoints in an enterprise through an application-centric firewall and intrusion prevention engine. The Sygate Security Agent automatically adapts its security policies based on the vulnerabilities and threats of each endpoint's network environment. Using Endpoint Enforcement, Sygate Security Agent can automatically check compliance at a configurable interval and quarantine non-compliant endpoints to a remediation area. Endpoint Enforcement ensures compliance for all endpoints whether they are local, remote, or not currently connected to the corporate network.

Sygate Management Server: Used to articulate and report on security policies that link users, connectivity technology, applications, and network communication to best practices. Sygate policies are managed and inherited through group structures of users, workstations, and servers that can be imported and synchronized with NT Domain, Active Directory, and/or LDAP. Sygate Management Servers can be centralized or distributed in a global enterprise to provide scalability, fault tolerance, load balancing, and policy replication.

Sygate Universal Enforcement: Ensures that all endpoints are compliant with security policy before permitting network access. Policy compliance is enforced regarding patch levels, operating system configurations, and the correct versions of and up-to-date signature files for applications, such as antivirus software, personal firewall, and intrusion prevention. Devices that fail to meet enterprise security policy can be flagged for network administrators, blocked from network access, or confined to remediation resources until automated remediation is completed. Sygate Enforcers are placed at network entry points, such as VPN, Wireless Access Points, and RAS dial-up servers, on the internal LAN using 802.1X EAP Authentication, or on the endpoints themselves via Endpoint Enforcement.

Features:

Adaptive Protection: Sygate Secure Enterprise dynamically adapts security policies based on the user, the hostility of the network environment, and the access method. In addition, administrators can give users limited context-based control over security policy while retaining a baseline of enterprise security policy control.

Application-Centric Firewall: Sygate Security Agents incorporate an application-centric firewall that stealths host systems, provides stateful firewalling, applies rule-based security policy, and controls application usage.

Intrusion Prevention Engine: Sygate Security Agent's intrusion prevention engine applies patterns of known attacks to all incoming and outgoing traffic as a second layer of defense. Sygate's unique application-based approach to intrusion prevention uses application layer information and deep packet inspection to identify and block known and unknown attacks.

Host Integrity Checking: Sygate Security Agent can check the security status of the endpoint, including the status of executables (antivirus, host firewall, host IPS, sandbox), files (antivirus signature, host firewall policies, host IDS signatures, MD5 checksum, file version), registry values, versions, patches, and operating system configurations.

Universal Enforcement (including 802.1X support): Universal Enforcement ensures that all endpoints are 100% compliant with security policies before permitting network access. Enforcement can be accomplished through Endpoint Enforcement, LAN Enforcer (full 802.1X support), Gateway Enforcer, and enforcement in conjunction with third-party products, such as VPNs or wireless access points. Devices that fail to meet enterprise security policy can be monitored, blocked, or directed to remediation resources.

LAN Sensors: Monitor ARP traffic to identify in real–time all IP-addressable devices trying to connect to the network. LAN Sensors are able to characterize un-agented devices and report their discoveries so that remedial actions can be taken.

Automated Remediation: Sygate Secure Enterprise automatically repairs the security integrity of authorized endpoints that are denied access due to non-compliance with security policies. Sygate Security Agent can automatically initiate a remediation action, such as downloading and installing a software patch or update, executing command line instructions, turning applications or OS features on or off, thereby returning the endpoint to policy compliance without user or help desk intervention.

Enterprise Policy Management: Sygate Secure Enterprise enables enterprises to create policies about applications, data, and configurations that must be in place for secure communication. Based on a fault-tolerant, multi-server architecture with outstanding performance and unlimited scalability, Sygate Secure Enterprise provides a reliable foundation for creating and managing policy across global enterprise networks.

Highly Scalable Architecture: Sygate Secure Enterprise is designed for deployment in large and distributed enterprise networks. Sygate's multi-server architecture provides outstanding performance and unlimited scalability, fault-tolerance, performance optimization, and policy uniformity across global enterprise networks.