Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECA – Endpoint Context Agent

Published byCecil Hudson Modified over 5 years ago

Similar presentations

Presentation on theme: "ECA – Endpoint Context Agent"— Presentation transcript:

1 ECA – Endpoint Context Agent

2 Gathered via the operating system APIs
Quick overview of eCA ECA collects the endpoint metadata and sends it to NGFWs NGFW Provides access control and/or/logging based on: Logged-in user Executable responsible for the flow Platform attributes Presence of ECA (i.e. not BYOD) Metadata Gathered via the operating system APIs Network Attributes Application Attributes User Platform Endpoint Context Agent Client Collects and sends the endpoint metadata to Forcepoint NGFW Hold TCP connections until permitted Able to send Metadata to 1-8 NGFWs Endpoint Context Agent Listener NGFW receives ECA metadata on TCP port 9111 in TLS socket (configurable) Enforce ECA access policy Log ECA information

3 Quick overview of what ECA is
Replacement for McAfee EIA Agent for extra metadata for logging/reporting/access control and other policy features Unique competitive advantage Feature that is bundled with NGFW without extra cost Supports Windows 7, 8, 10, 2012, 2016 Uses secure TLS to transmit (potentially sensitive) metadata to NGFW NGFW authenticates ECA using custom certificate ECA authenticates NGFW using built-in StoneGate certificate ECA holds communication to ensure that NGFW processed metadata before getting actual traffic

4 Application attributes
Executable binary name from the signed executable file SHA256 and MD5 checksums Product name Version Fingerprint of the signer certificate or public key Signature check result Signer name Platform attributes Local antivirus status BIOS serial number Endpoint load Full computer name Listening sockets, interfaces andports Local firewall status OS updates OS version User login/logout event User attributes Username User group information User ID User type

5 Major ECA customer use cases
Reliable user identification Especially in thin client environment Many customers given up on their existing NGFW user identification… we can make a difference Firewall policy based on endpoint application For example, block outdated web browsers Firewall policy based on endpoint properties No recent windows updates = No internet access BYOD segregation Separate policy for BYOD even if they are on the same subnet TLS decryption bypass for thick clients Decryption bypass without whitelisting whole domain/service

Download ppt "ECA – Endpoint Context Agent"

Similar presentations

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Installing Samba Vicki Insixiengmay Jonathan Krieger.

Installing Samba Vicki Insixiengmay Jonathan Krieger.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
Securing Large Applications CSCI 5931 Web Security Rungang Mo, Yingying Sun.

Securing Large Applications CSCI 5931 Web Security Rungang Mo, Yingying Sun.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.

Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)

1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP Library Encryption - LTO4 Key.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP Library Encryption - LTO4 Key.

Similar presentations

Ads by Google