Endpoint Compliance

Reduce Endpoint Vulnerabilities

You’ve established your organization’s policies for approved endpoints and operating systems, patch levels, anti-virus and anti-spyware software, and other required (or prohibited) software applications. But, can you be sure that users on your network are following those policies?

• Scan devices to validate security posture
• Ensure endpoint security compliance through automated controls
• Offer self-remediation capabilities. Reduce endpoint vulnerabilities

Bradford’s powerful Endpoint Compliance extension ensures that all devices accessing the network meet your required security standards. It allows endpoints to be scanned to validate compliance with established policies prior to allowing access to the network. Endpoints found to be ‘at risk’ can be securely quarantined, while enabling users to remediate compliance issues without having to engage Help Desk or other IT staff.

Endpoints can be checked prior to connecting to the network, as well as periodically after they’ve connected to insure ongoing compliance with security policies.

Bradford’s Agent Technology

Network Sentry with the Endpoint Compliance extension utilizes Persistent or Dissolvable software agents in the process of assessing the security posture of endpoint devices.

Persistent Agent

Installed on the endpoint

Dissolvable Agent

Downloaded and run on-demand from the Network Sentry platform via a captive web portal.

The agents scan endpoints using pre-defined scan policies set by IT, and scan results are sent to Network Sentry to be used in the process of enforcing network access policies.

While both persistent and dissolvable agents provide the same scanning functions, the persistent agent has added benefits of allowing scans to be done on a scheduled basis, allowing ongoing monitoring of the endpoint, as well as the ability to send alerts or emergency notification messages directly to users via a pop-up, or dialog box, on the endpoint. The dissolvable agent is typically deployed for use on unmanaged devices (such as those owned by guests) without requiring software to be installed permanently.

Bradford agents do not monitor content or traffic going to or from an endpoint (i.e., they are not “keystroke loggers”, content filter agents, or host IDS/IPS agents). They are designed to validate the security posture of the endpoint device. For example:

• Is the endpoint running an approved operating system (OS)?
• Is the OS up to date with the latest security patches?
• Is the endpoint running an approved (and up to date) version of anti-virus and/or anti-spyware software?
• Are all required applications installed on the endpoint to enable the user to perform work relative to his or her role?
• Are there any prohibited applications present on the endpoint?

Bradford agents validate compliance with these and other endpoint security policies without violating users’ privacy.

Directory-based Scanning

With Bradford’s unique directory-based scanning feature, Windows endpoint scans can also be initiated transparently from a Windows directory server as part of the normal user login process. This eliminates the need for a persistent agent to be installed on the endpoint, or for requiring users to go through a captive portal interface to download and run a dissolvable agent.

Mobile Agent

Bradford’s Mobile Agent for Apple iOS is an application that enables secure registration of Apple iOS mobile devices (iPhone, iPad, iTouch) on your network. In addition to enhancing network visibility, the Mobile Agent for Apple iOS gives IT administrators the ability to:

• Simplify the process of on-boarding iOS devices and provisioning network access;
• Automatically register each iOS device via a unique identifier;
• Differentiate between corporate-issued and personal iOS devices;
• Check each device for iOS jailbreaking

Bradford Networks customers can download the Mobile Agent App at the Apple App Store.

* Mobile agents for other platforms such as Android and Windows will follow