Highlights

Enhanced Endpoint Security verifies devices for:

• Anti-virus, anti-spyware software

• Personal firewall software

• Specific OS versions

• Patch levels

• Browser types

Maintains security state of endpoint devices

Use pre-defined or custom policies to protect your network

Quarantine, remediate, deny, or grant access to non-compliant devices

Supports Windows, Mac, Linux, iOS, Android, and Google Chrome

Leverages Trusted Computing Group’s endpoint security specifications

OverviewUsers demand access to applications in the cloud and data center using their own devices. And in today’s BYOD world, administrators rarely know if devices comply with security policies. Employees, contractors, and third parties may be using devices infected with malware or spyware, or threat actors may be using stolen devices or credentials.

Pulse Secure’s Enhanced Endpoint Security feature queries every device before – and during – a connection to the network to ensure that it meets corporate security policies. Enhanced Endpoint Security makes sure that jailbroken or rooted devices, or devices with unpatched operating systems, don’t connect to your Hybrid IT resources. And, even better, non-compliant devices can be quarantined or remediated, reducing the chance of malware propagation.

How it WorksEndpoint devices are checked prior to — and during — a remote access session based on pre-defined or custom policies that administrators define. Enhanced Endpoint Security performs endpoint health and security checks to ensure a device meets corporate security requirements. Administrators can choose from a variety of pre-defined and custom policies. Pre-defined policies check for third-party applications such as the presence of antivirus and antispyware, OS versions, hard disk encryption status, patch levels, and browser types.

FEATURE BULLETIN

Endpoint ComplianceEnsures devices meet compliance policies before accessing cloud & data center resources

PRE-DEFINED POLICIES

Anti-virus software installed

Operating System (OS) version

Firewall software installed

Anti-spyware software installed

Hard disk encryption

Patch management

CVE Checks

CUSTOM POLICIES

Remote integrity verifiers

Check for third-party or custom DLLs

Verify open/closed ports

Confirm running/stopped processes

Check for file presence on remote device

Confirm registry keys are set

Check NetBIOS name, MAC addresses, and machine certificate validity

Custom rules can include inspection checks such as absence or presence of specific files, certificate checks, TCP ports, processes, registry key settings, NetBIOS name, MAC addresses or certificate of the client machine and third-party in-spection methods (custom DLLs).

Policies at-a-glancePolicies can be used individually or combined for advanced host checking. Wildcards and environment variables can be used. Host Checker policy results can also be stored and reused at a later time to validate one or more devices.

www.pulsesecure.net

ABOUT PULSE SECUREPulse Secure provides easy, comprehensive software-driven Secure Access solutions for people, devices, things and services that improve visibility, protection and productivity for our customers. Our suites uniquely integrate cloud, mobile, application and network access to enable hybrid IT in a Zero Trust world. Over 23,000 enterprises and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance. Learn more at www.pulsesecure.net.

www.facebook.com/pulsesecure1

twitter.com/PulseSecure

linkedin.com/company/pulse-secure

info@pulsesecure.net

Corporate and Sales Headquarters Pulse Secure LLC2700 Zanker Rd. Suite 200San Jose, CA 95134(408) 372-9600info@pulsesecure.netwww.pulsesecure.net

Copyright 2019 Pulse Secure, LLC. All rights reserved. Pulse Secure, Pulse Secure logo is a registered trademark and Pulse SDP is a trademarks of Pulse Secure, LLC. All trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Pulse Secure assumes no responsibility for any inaccuracies in this document. Pulse Secure reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

VERSION: 09/16/2019

Remediation based on a policy can be automatic, where changes are made on the remote device, or manual, where the user is notified that their device is out of compliance. Such devices can be also be quarantined, limiting access until the device is corrected. Reports can be generated that show which devices are compliant, non-compliant, remediated, or not assessed during specified intervals.