TW / EN / JP
TW / EN / JP
SOLUTION
NAC Network Access Control
SCENARIO SOLUTION FEATURES MODULES CASE
SCENARIO

With the significant growth of access network devices in type and quantity, enterprises and government bodies must consider security risks of these devices.

• How does a company realize comprehensive device inventory and intranet access control and ensure network security without installing an Agent?

• It is necessary to automatically establish device whitelists according to security policies, and forbid non-compliant devices to have access to intranet.

• It is expected to do trusted device verification when devices go online and provide comprehensive device security protection.

SOLUTION

• The NAC system of UPAS uses the ARP patented package resolution technology to realize Agent-less data collection, device identification and highly-intensified access control, and realize 100% asset inventory, including IP/MAC management and network access control.

• The UPAS system can set access rules as demanded, automatically establish a device whitelist, and prohibit the access of unauthorized external devices. At the same time, it provides alert mechanisms of page redirection, Agent UI, MSG, etc., to ensure intranet security.

• The module of DAM device authentication performs hardware or software protection level check, including the functions of enquiring about device health information and authentication histories. The system notifies the administrator of authentication failure in the manner of event.

FEATURES
Comprehensive management of external device
It is capable of automatically discovering and classifying connected devices. Based on the pack analysis technology, identifying diverse devices and providing accurate information like device and IP type, computer name, NIC manufacturer, IP/MAC address, location, workgroup, switch name, port no. etc. Build-in search function and customized column accelerate the operation. Support more than 30 types of endpoints.
Build-in allowlist management function
It can collect aggregate important information such as IP/MAC, computer name, and OS version of all connected devices, and add devices to allowlist in compliance with security policies. The system also provides customized columns such as basic information about employees, and comprehensive IP usage records gaining the visibility and control of the intranet network.
Automate allowlist management
The system enforces policy-based controls that enable you to automatically add compliant devices to the allowlist by assessing the devises format of computer name, type, OUI (the first six digits of MAC), and AD domain policy.
Allowlist protection and management of cross-VLAN event
It can protect important hosts via IP binding to prevent them from IP address tampering. In addition, it can provide cross-VLAN notifications and issue warnings to assist in the detection of unauthorized movement of office network devices.
Streamline Workflow with Information Chart Analysis
Real-time information including devices' configuration, compliance state, and all non-compliant behavior events of IP-connected devices can be aggregated and analyzed via a visual information chart dashboard.
Non-compliant behavior event warning notification
Against the issues of internal and external IP conflict, IP address tampering, MAC spoofing, or cross-VLAN unmanaged behavior, the system gives warnings and provides various report data (such as the IP/MAC address of the non-compliant device) to administrators. It helps administrators discover and respond to the threat in a short time. 
MODULES
ARPScanner
By virtue of the ARP patented packaging and resolution technology, it can realize data collection, device authentication and intensified access control without Agent installation. It can do 100% assent inventory to realize IP/MAC management, device access management (network access control) and network blocking. An administrator can make access rules as demanded, and then the UPAS system can automatically establish a device allowlist; it only allows devices complying with security policies to have access to the intranet, and prohibits unauthorized external devices, and provides alert mechanisms of page reduction, Agent UI, MSG, etc., to ensure the intranet security fundamentally.
DAM Device Authentication Management
The module of DAM through the Agent deployed at terminal devices, can inspect the hardware of software protection levels of the devices. It can verity whether the accessed devices are trusty when they go online, but also can be applied in resource access scenarios. Comprehensive security protection measures are available through integrating with identity authentication vendors.
CASE
Taipei Hospital: Implement IP management in the intranet to stabilize the quality of medical services
In the 10-year stable cooperation, UPAS strengthened IP/MAC management and host identification for the Ministry of Taipei Hospital, improved the stability of the medical system, and established reliable audit data for personal information protection.
September 30, 20
Read More