SOLUTION
NAC Network Access Control
SCENARIO

Can you ensure that everything joining your networks is visible and managed? The issue of cyber threats continues to be a vital challenge for every organization. A holistic solution is needed in order to identify all devices with critical information, assess posture and compliance by security policies, and enforce access control across your networks. All connected devices must be continuously monitored, and the network automates response while anomalous behaviors are detected.

SOLUTION

UPAS NAC is able to manage a wide range of devices and endpoints for Windows, Linux, macOS, Android, and iOS. It is capable of collecting IP/MAC data, enforcing security policies, automatically blocking non-compliant devices from connecting, identifying IP entity location and quickly locating the device which is not updated and remediated.

FEATURES
Allowlist protection and management of cross-VLAN event
It can protect important host via IP binding to prevent it from IP address tampering. In addition, it can provide cross-VLAN notification and issue warnings to assist in the detection of unauthorized movement of office network devices.
Automate drawing diagram of switch connection
It is capable of automatically searching for the hierarchical relationship of serial switches' connection, and automatically figuring out the switch location and port connection method to create a network topology. In addition, it supports various brands of switches. All switches supporting v1/v2/v3 of SNMP protocol will have access to the information, and it can distinguish different VLAN IDs of switches.
MAC/Port information summary and binding
Clear interface helps you aggregate data of multiple MAC addresses on single port as a list renewed by scheduled, and lock a specific port to MAC address. When there is any unauthorized connection of Hub or IP router or Port switching, a redirect webpage will pop up as a remediation.
Comprehensive management of external device
It is capable of automatically discovering and classifying connected devices. Based on the pack analysis technology, identifying diverse devices and providing accurate information like device and IP type, computer name, NIC manufacturer, IP/MAC address, location, workgroup, switch name, port no. etc. Build-in search function and customize column accelerate operation. Support more than 30 types of endpoints.
Orchestrate with multiple antivirus/asset management software
It can orchestrate with the most widely used antivirus software and asset management software in the industry. It provides comprehensive information such as OS version update rate, antivirus software deployment rate, antivirus software update rate, virus signature update rate, asset management software deployment rate and update rate, and deployment/update rates of various software.
Identify the risk and threats, and remediate in time
With continuous and real-time security information of endpoints, if there is any non-compliant access to the intranet, a warning will be issued and the connection will be blocked. Any possible risk and damage can be avoided from imposing policy-based controls and rapid reponse to incidents.
Streamline Workflow with Information Chart Analysis
Real-time information including devices’ configuration, compliance state and all non-compliant behavior events of IP-connected devices can be aggregated and analyzed via a visual information chart dashboard.
MODULES
ARPScanner
The UPAS NOC main module uses the patented ARP packet analysis technology, which can perform data collection, device identification and high-strength access control without installing Agent. The key functions are IP/MAC management, assets inventory, device access management (NAC, Network Access Control), and network blocking. Multiple bindings between IP / MAC / DHCP segment / computer name / hardware fingerprint (UUID) can be performed on all connected devices to achieve IP protection, IP reservation, IP invalidate, IP conflict prevention, and MAC impersonating. With the built-in reports, managers can manage intranet IP resources and devices in real-time.
IPLocator
IPL uses the SNMP protocol to automatically establish the correlation between the upper and lower switches, identify the physical location of the IP address, generate the network topology, and provide the records of MAC/IP/Switch/Port/VLAN ID. It supports most of the switch brands in the market and can gather device information from different operating systems such as Windows, Linux, macOS, Android, and iOS, to assist managers in inventory assets. A single Port multi-MAC list can be established or MAC/Port binding can be set. If any unauthorized access event occurs, the system will automatically alert and pop up a correction prompt to ensure the intranet security.
Security Integration Management
Without installing Agent on the endpoint device, the module can interface with WSUS host, various anti-virus software (Symantec / Trend Micro / Macfee / Kaspersky) and asset management software (WinMatrix / X-FORT / IP-guard / SmartIT / Ivanti / SCOM) / SCCM) to achieve integrated management and conduct multiple compliance checks. Non-compliant devices can be set with different levels of authority restrictions, such as network blocking and redirecting the page, to force users to repair to compliance. SIM module uses the IP/MAC system to achieve nearly 100% of WSUS management rate, antivirus software installation and update rates, and asset management software installation and update rates, so that endpoint devices comply with corporate security policies.
CASE
Taipei Hospital: Implement IP management in the intranet to stabilize the quality of medical services
In the 10-year stable cooperation, UPAS strengthened IP/MAC management and host identification for the Ministry of Taipei Hospital, improved the stability of the medical system, and established reliable audit data for personal information protection.
September 30, 20
Taichung Bank: Improve internal network management and strengthen personal asset protection
Since 2012, Taichung Bank has worked closely with UPAS to strengthen equipment IP management, implement security policies, and reduce the risk of personal information leakage to comply with personal information laws and regulations.
October 05, 20