All checks and remediation effort worked as expected. If the checks failed, we restricted access to a Web site at which a user could download and install the missing software. We configured checks for Sophos AV and missing security patches. The abilities to run firewall checks or define your own custom checks are not available. Registry entries are also able to be checked with a click of a button. ![]() VirusWall can run a system threat check to identify any memory-resident viruses that exist on the endpoint. In addition to assessing a client’s status upon entry to the network, ongoing assessments can be configured as neededĮndpoint assessments are available out-of-the-box for a substantial number of antivirus products, including the more popular products and lesser-known ones, such as Softwin and Jiangmin and Microsoft patches. Minimal information is reported about from the endpoint – only user information and IP and MAC addresses. The dissolvable agents are distributed over HTTP. ![]() Trend Micros’s persistent agents are deployed through standard remote-logon processes, which may not always function if the endpoint device is running a firewall. The agent is either a persistent one or an ActiveX-dissolvable one. To perform endpoint assessments, VirusWall uses an agent to perform integrity scans. NAC policies are based on these VirusWall-specific groups, not a user’s group as defined in Active Directory, which is a management drawback In a Trend Micro NAC deployment, groups are defined based on physical interface, IP address, MAC address, or virtual-LAN assignment. If, for example, you want to have both groups running antivirus software, but then only authenticated users to have a specific registry key in place. You are unable to select both options within the policy GUI, so if you have a policy that needs to apply to both groups of users, you need to define the policy twice. Assessment policies are defined to apply either to an authenticated or nonauthenticated user. Guests are defined as a nonauthenticated users, and therefore you can define a more restrictive set of access policies than what is allowed for the general, trusted user population. For testing, we configured the VirusWall to authenticate users against our Active Directory database without issue. User authentication is supported against the standard user repositories in Active Directory and Lightweight Directory Authentication Protocol. Management is available on the appliance using a Web GUI, or Trend Micro offers a centralized management program called Control Manager, which can drive multiple VirusWall devices.Įndpoints that are not in compliance with set policy can be placed in quarantine, where traffic to and from the endpoint is blocked except for traffic explicitly allowed by policy, such as the ability to access the URL to receive the missing software. It can also fail open to allow network traffic to continue to pass in the event of a device failure. ![]() ![]() VirusWall appliances can run a primary/secondary pair for availability. Trend Micro’s offering is similar to those shipping from ForeScout and ConSentry, but those products provide more in-depth functionality in intrusion prevention, such as anomaly detection and analysis on full traffic streams. The appliance sits in-line on the network, monitoring all packets for malicious traffic and assessing endpoints for both active infections and key vulnerabilities that could lead to infection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |