Endpoint Compliance
Transcript of Endpoint Compliance
Highlights
Enhanced Endpoint Security verifies devices for:
• Anti-virus, anti-spyware software
• Personal firewall software
• Specific OS versions
• Patch levels
• Browser types
Maintains security state of endpoint devices
Use pre-defined or custom policies to protect your network
Quarantine, remediate, deny, or grant access to non-compliant devices
Supports Windows, Mac, Linux, iOS, Android, and Google Chrome
Leverages Trusted Computing Group’s endpoint security specifications
OverviewUsers demand access to applications in the cloud and data center using their own devices. And in today’s BYOD world, administrators rarely know if devices comply with security policies. Employees, contractors, and third parties may be using devices infected with malware or spyware, or threat actors may be using stolen devices or credentials.
Pulse Secure’s Enhanced Endpoint Security feature queries every device before – and during – a connection to the network to ensure that it meets corporate security policies. Enhanced Endpoint Security makes sure that jailbroken or rooted devices, or devices with unpatched operating systems, don’t connect to your Hybrid IT resources. And, even better, non-compliant devices can be quarantined or remediated, reducing the chance of malware propagation.
How it WorksEndpoint devices are checked prior to — and during — a remote access session based on pre-defined or custom policies that administrators define. Enhanced Endpoint Security performs endpoint health and security checks to ensure a device meets corporate security requirements. Administrators can choose from a variety of pre-defined and custom policies. Pre-defined policies check for third-party applications such as the presence of antivirus and antispyware, OS versions, hard disk encryption status, patch levels, and browser types.
FEATURE BULLETIN
Endpoint ComplianceEnsures devices meet compliance policies before accessing cloud & data center resources
PRE-DEFINED POLICIES
Anti-virus software installed
Operating System (OS) version
Firewall software installed
Anti-spyware software installed
Hard disk encryption
Patch management
CVE Checks
CUSTOM POLICIES
Remote integrity verifiers
Check for third-party or custom DLLs
Verify open/closed ports
Confirm running/stopped processes
Check for file presence on remote device
Confirm registry keys are set
Check NetBIOS name, MAC addresses, and machine certificate validity
Custom rules can include inspection checks such as absence or presence of specific files, certificate checks, TCP ports, processes, registry key settings, NetBIOS name, MAC addresses or certificate of the client machine and third-party in-spection methods (custom DLLs).
Policies at-a-glancePolicies can be used individually or combined for advanced host checking. Wildcards and environment variables can be used. Host Checker policy results can also be stored and reused at a later time to validate one or more devices.
www.pulsesecure.net
ABOUT PULSE SECUREPulse Secure provides easy, comprehensive software-driven Secure Access solutions for people, devices, things and services that improve visibility, protection and productivity for our customers. Our suites uniquely integrate cloud, mobile, application and network access to enable hybrid IT in a Zero Trust world. Over 23,000 enterprises and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance. Learn more at www.pulsesecure.net.
www.facebook.com/pulsesecure1
twitter.com/PulseSecure
linkedin.com/company/pulse-secure
Corporate and Sales Headquarters Pulse Secure LLC2700 Zanker Rd. Suite 200San Jose, CA 95134(408) [email protected]
Copyright 2019 Pulse Secure, LLC. All rights reserved. Pulse Secure, Pulse Secure logo is a registered trademark and Pulse SDP is a trademarks of Pulse Secure, LLC. All trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Pulse Secure assumes no responsibility for any inaccuracies in this document. Pulse Secure reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
VERSION: 09/16/2019
Remediation based on a policy can be automatic, where changes are made on the remote device, or manual, where the user is notified that their device is out of compliance. Such devices can be also be quarantined, limiting access until the device is corrected. Reports can be generated that show which devices are compliant, non-compliant, remediated, or not assessed during specified intervals.