HIPAA News

FullArmor Endpoint Policy Manager Enforces Continuous Security Compliance

(March 19, 2007)--FullArmor unveiled FullArmor Endpoint Policy Manager (FullArmor EPM), which automates the delivery, enforcement, and auditing of critical security policies on mobile, disconnected and unmanaged endpoint devices, including guest machines with temporary access to the network. As a pre-admission solution for Network Access Protection (NAP) and Network Access Control (NAC), FullArmor EPM assesses, and intelligently applies the proper security policies and settings to remote desktops, laptops, mobile devices, and point-of-sale terminals.

“Securing remote, mobile, and unmanaged devices that need access to protected network resources represents a large and growing risk for today’s decentralized organizations,” said Chris Liebert, Senior Analyst for the Yankee Group. “IT departments need help enforcing consistent security policies on client machines regardless of whether they are connected or disconnected from the network.”

With the explosive growth of road warriors, tele-workers, temporary workers, and mobile users, it is virtually impossible for organizations to ensure that endpoint devices are secure and compliant. FullArmor EPM enforces consistent policy settings on endpoints whether they are connected or disconnected from an enterprise’s Active Directory. This capability enables organizations to use their existing Group Policy infrastructure to intelligently enforce endpoint policy settings as devices drift in and out of the network. To prevent security policy “decay”, FullArmor EPM automatically corrects out-of-compliance settings when they are inadvertently changed. In addition, FullArmor EPM limits quarantine and remediation events in NAP and NAC environments by keeping endpoint configurations locked-down.

To maintain security across a wide range of usage scenarios, FullArmor EPM intelligently applies specific policy settings to devices and users based on their role and/or state. For example:

* An authorized guest machine logging onto the network could only receive device policy settings, not user settings
* An authorized user authenticating to the network from an unmanaged device (home computer, Internet kiosk, etc.) could be subject to stricter policy settings
* An authorized user connecting to the network via a Windows Mobile device could receive user policies, but not device policy

For organizations that are governed by regulatory and industry mandates such as GLBA, HIPAA, FISMA, or PCI, FullArmor EPM maintains a comprehensive audit trail of applied security settings to automate compliance reporting. Unlike native Group Policy reports which only query one machine at a time and report on expected (not actual) policy settings, FullArmor EPM provides robust reporting and audit capabilities.

FullArmor EPM pulls and compares data from the following three sources to conclusively report on security policy compliance: Expected policy supplied by the device; Expected policy supplied by the directory; Actual policy settings supplied by the device registry.

To simplify compliance audits, generate reliable reports, and accelerate remediation, FullArmor EPM enables security and audit professionals to: Search and correlate status of policy settings across all machines; Verify that appropriate policy settings were applied to machines, inside and outside Active Directory; Map and pinpoint exceptions between regulatory policy requirements and in-force security settings.

For at-a-glance views of policy enforcement status on specific devices, groups of devices, and enterprise-wide, FullArmor EPM provides a security dashboard with convenient drill-down capabilities. The EPM dashboard identifies compliance problems and inconsistencies between expected policy status and actual policy settings for each endpoint/machine. To enable different types of users – security, operations, and audit professionals – to create views that match their unique requirements, the dashboard is fully customizable. For example, security and operations professionals can quickly generate remediation to-do lists, while auditors can easily pinpoint and address compliance issues.

Share or bookmarklet this web page at: