Download presentation
Presentation is loading. Please wait.
1
ECA – Endpoint Context Agent
2
Gathered via the operating system APIs
Quick overview of eCA ECA collects the endpoint metadata and sends it to NGFWs NGFW Provides access control and/or/logging based on: Logged-in user Executable responsible for the flow Platform attributes Presence of ECA (i.e. not BYOD) Metadata Gathered via the operating system APIs Network Attributes Application Attributes User Platform Endpoint Context Agent Client Collects and sends the endpoint metadata to Forcepoint NGFW Hold TCP connections until permitted Able to send Metadata to 1-8 NGFWs Endpoint Context Agent Listener NGFW receives ECA metadata on TCP port 9111 in TLS socket (configurable) Enforce ECA access policy Log ECA information
3
Quick overview of what ECA is
Replacement for McAfee EIA Agent for extra metadata for logging/reporting/access control and other policy features Unique competitive advantage Feature that is bundled with NGFW without extra cost Supports Windows 7, 8, 10, 2012, 2016 Uses secure TLS to transmit (potentially sensitive) metadata to NGFW NGFW authenticates ECA using custom certificate ECA authenticates NGFW using built-in StoneGate certificate ECA holds communication to ensure that NGFW processed metadata before getting actual traffic
4
Application attributes
Executable binary name from the signed executable file SHA256 and MD5 checksums Product name Version Fingerprint of the signer certificate or public key Signature check result Signer name Platform attributes Local antivirus status BIOS serial number Endpoint load Full computer name Listening sockets, interfaces andports Local firewall status OS updates OS version User login/logout event User attributes Username User group information User ID User type
5
Major ECA customer use cases
Reliable user identification Especially in thin client environment Many customers given up on their existing NGFW user identification… we can make a difference Firewall policy based on endpoint application For example, block outdated web browsers Firewall policy based on endpoint properties No recent windows updates = No internet access BYOD segregation Separate policy for BYOD even if they are on the same subnet TLS decryption bypass for thick clients Decryption bypass without whitelisting whole domain/service
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.