There are 2 stages to LAN Security – Pre-Connect and Post-Connect.
1. PRE-CONNECT: The Pre-Connect process PREVENTS unauthorized access to the network by non-compliant endpoints. Within Pre-Connect there are 3 requirements that must be met before a user is allowed on the network:
(i) Safe – scan the endpoint to check for AV, OS & Spyware updates
(ii) Authenticated – verify user credentials with AAA infrastructure
(iii) Authorized – Create a binding of User ID, Mac and IP address and retrieve group membership from AAA or Directory service
2. POST-CONNECT: The Post-Connect process includes user access CONTROL and DETECTs threats and other malware. CONTROL – and monitor user activity through simple, automated creation of policies for each user based on their role in the organization and group memberships in existing AAA and directory infrastructure. Enforce application policies at the network level utilizing Nevis’ stateful, per user firewall. Quarantine and/or Alert inappropriate access on a per flow basis in line with company policies. DETECT – threats on the network at wirespeed by inspecting every packet looking for known signatures and anomalies in every flow to and from the user. Quarantine and/or Alert on a per flow basis in line with company policies.
Nevis’ Identity-driven LAN Security is unique because Pre-Connect and Post-Connect security is continuously applied to all flows and user activity on the network, before, during and after authentication. Nevis LANenforcer continuously scans endpoints, controls user access to information and identifies & eliminates threats on the network.