SOLUTION
SCENARIO
With the explosion of unmanaged and managed IP-connected devices in the workplace, the manual method is no longer a reliable solution. Can you ensure that everything joining your networks is visible and managed? The issue of cyber threats continues to be a vital challenge for every organization. A holistic solution is needed in order to identify all devices with critical information, assess posture and compliance with security policies, and enforce access control across your networks. All connected devices must be continuously monitored, and the network automates response while anomalous behaviors are detected.
SOLUTION
UPAS NAC is able to manage a wide range of devices and endpoints for Windows, Linux, macOS, Android, and iOS. It is capable of collecting IP/MAC data, enforcing security policies, automatically blocking non-compliant devices from connecting, identifying IP entity location and quickly locating the device which is not updated and remediated.
FEATURES
Comprehensive management of external device
It is capable of automatically discovering and classifying connected devices. Based on the pack analysis technology, identifying diverse devices and providing accurate information like device and IP type, computer name, NIC manufacturer, IP/MAC address, location, workgroup, switch name, port no. etc. Build-in search function and customized column accelerate the operation. Support more than 30 types of endpoints.
Build-in allowlist management function
It can collect aggregate important information such as IP/MAC, computer name, and OS version of all connected devices, and add devices to allowlist in compliance with security policies. The system also provides customized columns such as basic information about employees, and comprehensive IP usage records gaining the visibility and control of the intranet network.
Automate allowlist management
The system enforces policy-based controls that enable you to automatically add compliant devices to the allowlist by assessing the devises format of computer name, type, OUI (the first six digits of MAC), and AD domain policy.
Control over IP usage and real-time configuration in your network
With IP usage records, administrators can compare IP address, user, and point in time to receive a holistic understanding of the intranet and facilitate workflow. In addition, it also provides an IP configuration list showing all used and unassigned IP addresses, and assigned numbers in each network segment.
Allowlist protection and management of cross-VLAN event
It can protect important hosts via IP binding to prevent them from IP address tampering. In addition, it can provide cross-VLAN notifications and issue warnings to assist in the detection of unauthorized movement of office network devices.
Synchronize management of IPv4 and IPv6
It can identify all devices connected to Intranet and sub-domain, automate adding devices to allowlist in compliance with access policies, and support continuous IP monitoring and management of IPv4 and IPv6.
Automate drawing diagram of switch connection
It is capable of automatically searching for the hierarchical relationship of serial switches' connection and automatically figuring out the switch location and port connection method to create a network topology. In addition, it supports various brands of switches. All switches supporting v1/v2/v3 of SNMP protocol will have access to the information, and it can distinguish different VLAN IDs of switches.
MAC/Port information summary and binding
A clear interface helps you aggregate data of multiple MAC addresses on a single port as a list renewed by scheduled and lock a specific port to a MAC address. When there is any unauthorized connection of Hub or IP router or Port switching, a redirect webpage will pop up as remediation.
Streamline Workflow with Information Chart Analysis
Real-time information including devices' configuration, compliance state, and all non-compliant behavior events of IP-connected devices can be aggregated and analyzed via a visual information chart dashboard.
Orchestrate with multiple antivirus/asset management software
It can orchestrate with the most widely used antivirus software and asset management software in the industry. It provides comprehensive information such as OS version update rate, antivirus software deployment rate, antivirus software update rate, virus signature update rate, asset management software deployment rate and update rate, and deployment/update rates of various software.
Identify the risk and threats, and remediate them in time
With continuous and real-time security information of endpoints, if there is any non-compliant access to the intranet, a warning will be issued and the connection will be blocked. Any possible risk and damage can be avoided by imposing policy-based controls and rapid response to incidents.
Non-compliant behavior event warning notification
Against the issues of internal and external IP conflict, IP address tampering, MAC spoofing, or cross-VLAN unmanaged behavior, the system gives warnings and provides various report data (such as the IP/MAC address of the non-compliant device) to administrators. It helps administrators discover and respond to the threat in a short time.
MODULES
ARPScanner
The UPAS NOC main module uses the patented ARP packet analysis technology, which can perform data collection, device identification and high-strength access control without installing Agent. The key functions are IP/MAC management, assets inventory, device access management (NAC, Network Access Control), and network blocking. Multiple bindings between IP / MAC / DHCP segment / computer name / hardware fingerprint (UUID) can be performed on all connected devices to achieve IP protection, IP reservation, IP invalidate, IP conflict prevention, and MAC impersonating. With the built-in reports, managers can manage intranet IP resources and devices in real-time.
Security Integration Management
Without installing Agent on the endpoint device, the module can interface with WSUS host, various anti-virus software (Symantec / Trend Micro / Macfee / Kaspersky) and asset management software (WinMatrix / X-FORT / IP-guard / SmartIT / Ivanti / SCOM) / SCCM) to achieve integrated management and conduct multiple compliance checks. Non-compliant devices can be set with different levels of authority restrictions, such as network blocking and redirecting the page, to force users to repair to compliance.
SIM module uses the IP/MAC system to achieve nearly 100% of WSUS management rate, antivirus software installation and update rates, and asset management software installation and update rates, so that endpoint devices comply with corporate security policies.
IPLocator
IPL uses the SNMP protocol to automatically establish the correlation between the upper and lower switches, identify the physical location of the IP address, generate the network topology, and provide the records of MAC/IP/Switch/Port/VLAN ID. It supports most of the switch brands in the market and can gather device information from different operating systems such as Windows, Linux, macOS, Android, and iOS, to assist managers in inventory assets. A single Port multi-MAC list can be established or MAC/Port binding can be set. If any unauthorized access event occurs, the system will automatically alert and pop up a correction prompt to ensure the intranet security.
IPv6 Management
The IPv6 module provides comprehensive IPv6 management. t can detect three types of IPv6 addresses, including unicast, multicast, and anycast, and perform compliance checks on IPv6 devices and block foreign devices that use IPv6. It also provides IPv6 real-time information, historical records, and an IPv4-mapped list.
CASE
Taipei Hospital: Implement IP management in the intranet to stabilize the quality of medical services
In the 10-year stable cooperation, UPAS strengthened IP/MAC management and host identification for the Ministry of Taipei Hospital, improved the stability of the medical system, and established reliable audit data for personal information protection.
September 30, 20
