HIPAA News

AEP Networks Unveils Advanced Identity-Based Access Control Solution For Granular Policy Enforcement Within The Data Centre

(Aprl 01, 2008)-- AEP Networks unveiled AEP IDpoint, an advanced identity-based access control (IBAC) appliance. IDpoint is an identity-driven, stealth-mode, wire-speed policy enforcement point for use in the enterprise data center in front of critical application resources. By inserting proof of user identity into IP packets and enforcing resource access policies based on group membership, IDpoint can greatly aid organizations in adhering to internal governance as well as achieving compliance with industry regulations, such as PCI DSS and HIPAA. IDpoint addresses customer demand for tighter control over user access to critical, high-value information assets in order to preserve data integrity and reduce business risk. IDpoint has been in use by multiple early access customers from a range of industries.

“Compliance considerations leave us with the burden of proof that we protect confidential medical records. IDpoint has addressed this pain with a simple, intuitive policy enforcement engine that gives us proof of user access to private medical information,” said Bryce Bowman, Systems Administrator at Medical Associates of the Lehigh Valley. “The value of IDpoint is not just controlling user access; it's providing a detailed audit report to prove compliance with regulations such as HIPAA.”

“We are able to drop in IDpoint – without making any infrastructure changes – and add the initial set of access policies integrated with our user directory in under an hour,” said Andrew Lingenfelter, General Manager of NCS DataCom, Inc., a managed security service provider. “IDpoint provides a distinct security advantage for our customers because we now have tremendous control over what specific resources and applications individual users and/or customers are authorized to access. Not to mention we then have a full audit trail for compliance related issues."

Designed for the enterprise, IDpoint is placed in-line directly in front of certain sensitive application resources or servers in the data center as a hardened policy enforcement point. It enforces network-layer and specific application-layer (such as FTP) access policies and privileges to determine individual user access to the protected resources while stopping unauthorized network traffic from getting through – even an unauthorized TCP ping is blocked. This granular access control allows organizations to easily build identity-driven security zones to ring-fence valuable network resources – limiting access to just those users with a “need to know” and isolating critical resources from exposure to non-authorized staff, partners, customers, devices, etc.

The IDpoint token inserts a secure, unique cryptographic representation of user identity, called AEP PacketTag, into every IP packet destined for a protected resource. This ‘proof of identity’ tag is only added to packets destined for protected resources. As such, it eliminates the potential for unauthorized access to resources. However, all access attempts made against protected resources – whether allowed or denied – are logged for reporting.

IDpoint provides comprehensive, identity-correlated logging and reporting showing which users accessed what critical information resources from where, when, and for how long. Detail policy violations and PacketTag anomalies are logged as on-screen and printable reports. This unalterable audit trail greatly aids reporting and compliance challenges for PCI DSS, HIPAA, and other regulatory guidelines. Further, IDpoint segmented networks limit the scope and, therefore, complexity of compliance audits.

Share or bookmarklet this web page at: