Network Access Control / Endpoint Firewall

Network firewalls have become ubiquitous within organizational IT security strategies. However, mobile endpoints must also be protected when not connected to the corporate network. In addition, not every attack will cross a network perimeter, as many network-based attacks originate within the corporate network itself. To maintain a defense in depth strategy, firewalls on the endpoints themselves are needed, as well as a way to prevent insecure devices from connecting to the network.

While endpoint firewall management and network access controls protect the network, what users really need is for their devices to be secure so they can connect and do their jobs. With BigFix, organizations use the same agent, management server and console to implement integrated endpoint protection, patch management, and configuration compliance for comprehensive security. BigFix can also be used to supplement and extend other 3rd party frameworks such as Cisco, Microsoft, Still Secure, etc. to help minimize or even avoid quarantine time.

What is BigFix's Network Access Control and Endpoint Firewall Solution?

Offered as part of the Endpoint Protection suite, BigFix Network Access Control consolidates and integrates the management of endpoint firewalls through the BigFix console, where administrators can easily combine BigFix policies to define network access levels based on granular assessment of endpoint state. It allows users to dynamically and automatically make changes to firewall policies based on environmental criteria to address the latest security threats. And the BigFix Network Access Control supports NAC solutions by helping enterprises set and maintain desired configurations to proactively meet network admission standards. This not only reduces the time endpoint computers might spend in NAC quarantines, it converts NAC from a gate keeper function to a proactive endpoint security management solution.

Features and Benefits

• Pervasive, always-on configuration and policy maintenance to expedite endpoint NAC admission processes
• Policies that remain in force when endpoints are off the network for continuous protection
• Pre- and post-admission health checks for continuous compliance
• Endpoints that securely report status and request relevant updates any time they connect to the Internet or other wide area network to ensure compliance before reconnecting to company network
• Policy baselines set for specific groups or classes of computers—for example, differing policies for computers accessing a “product engineering” or “sales and marketing” domain