ECA – Endpoint Context Agent

Slides:

Advertisements

Similar presentations

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Advertisements

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

1 Enabling Secure Internet Access with ISA Server.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Installing Samba Vicki Insixiengmay Jonathan Krieger.

Course 201 – Administration, Content Inspection and SSL VPN

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Intranet, Extranet, Firewall. Intranet and Extranet.

Securing Large Applications CSCI 5931 Web Security Rungang Mo, Yingying Sun.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.

1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP Library Encryption - LTO4 Key.

Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665.

Module 5: Configuring Internet Explorer and Supporting Applications.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

802.11n Sniffer Design Overview Vladislav Mordohovich Igor Shtarev Luba Brouk.

Module 7: Advanced Application and Web Filtering.

Prepared by: Azara Prakash L.. Contents:-  Data Transmission  Introduction  Socket Description  Data Flow Diagram  Module Design Specification.

FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Module 7: Implementing Security Using Group Policy.

Module 10: Windows Firewall and Caching Fundamentals.

Introduction to Active Directory

Module 8 Implementing Security Using Group Policy.

Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Information Systems Design and Development Security Precautions Computing Science.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Fundamental of Databases

TOPIC: HTTPS (Security protocol)

Installing TMG & Choosing a Client Type

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

NET 536 Network Security Firewalls and VPN

Tutorial on Creating Certificates SSH Kerberos

Module Overview Installing and Configuring a Network Policy Server

Secure Sockets Layer (SSL)

Implementing Network Access Protection

Securing the Network Perimeter with ISA 2004

Web Services Security.

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Web Caching? Web Caching:.

Tutorial on Creating Certificates SSH Kerberos

Security of a Local Area Network

Introduction:. Vendor : Cisco Certifications : Next-Generation Firewall Express Security Engineer Exam Name : Cisco ASA Express Security Exam Code :

IBM Certified WAS 8.5 Administrator

2018 Real Cisco Dumps IT-Dumps

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

CANalytics TM CAN Interface Software BY.

Operating Systems Security

IS 4506 Server Configuration (HTTP Server)

Purdue University Fort Wayne

Time Gathering Systems Secure Data Collection for IBM System i Server

Purdue University Fort Wayne

AbbottLink™ - IP Address Overview

Agenda Create certificates for the GlobalProtect Portal, internal gateway, and external gateway. Attach certificates to a SSL-TLS Service Profile. Configure.

Introduction to Network Security

Building Security into Your System

Unit 8 Network Security.

Advanced Computer Networks

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

ECA – Endpoint Context Agent

Gathered via the operating system APIs Quick overview of eCA ECA collects the endpoint metadata and sends it to NGFWs NGFW Provides access control and/or/logging based on: Logged-in user Executable responsible for the flow Platform attributes Presence of ECA (i.e. not BYOD) Metadata Gathered via the operating system APIs Network Attributes Application Attributes User Platform Endpoint Context Agent Client Collects and sends the endpoint metadata to Forcepoint NGFW Hold TCP connections until permitted Able to send Metadata to 1-8 NGFWs Endpoint Context Agent Listener NGFW receives ECA metadata on TCP port 9111 in TLS socket (configurable) Enforce ECA access policy Log ECA information

Quick overview of what ECA is Replacement for McAfee EIA Agent for extra metadata for logging/reporting/access control and other policy features Unique competitive advantage Feature that is bundled with NGFW without extra cost Supports Windows 7, 8, 10, 2012, 2016 Uses secure TLS to transmit (potentially sensitive) metadata to NGFW NGFW authenticates ECA using custom certificate ECA authenticates NGFW using built-in StoneGate certificate ECA holds communication to ensure that NGFW processed metadata before getting actual traffic

Application attributes Executable binary name from the signed executable file SHA256 and MD5 checksums Product name Version Fingerprint of the signer certificate or public key Signature check result Signer name Platform attributes Local antivirus status BIOS serial number Endpoint load Full computer name Listening sockets, interfaces andports Local firewall status OS updates OS version User login/logout event User attributes Username (username@domain) User group information User ID User type

Major ECA customer use cases Reliable user identification Especially in thin client environment Many customers given up on their existing NGFW user identification… we can make a difference Firewall policy based on endpoint application For example, block outdated web browsers Firewall policy based on endpoint properties No recent windows updates = No internet access BYOD segregation Separate policy for BYOD even if they are on the same subnet TLS decryption bypass for thick clients Decryption bypass without whitelisting whole domain/service