SOLUTION
IAM Identity & Access Management
SCENARIO

The trend towards BYOD (Bring your own device) drawing people’s attention to cyber threats caused by non-compliant network environment that is vulnerable to attack. To prevent confidential information leakage and employee's unauthorized leaving AD domain, enterprises need to enforce device identity authentication policy, requiring employees to use the account and password of AD/LDAP/POP3/RADIUS to login.

SOLUTION

It requires all devices login AD accounts and integrates AD account with IP/MAC, Computer name, and information of other accounts. It can also identify and verify the compliance of visitors and BYOD, and provides exhaustive device information, helping administrators gain visibility and control over all devices within the intranet.

FEATURES
Mandatory login via Active Directory (AD)
All devices must be logged in via AD accounts, and logging from the host is prohibited. The AD account can be bound to the computer name, so users only log in to the designated account.
Integration of identity and asset information
The system integrates employee information, including IP usage record, IP configuration list, Computer name, AD account, MAC address, brand of network card and login type, and provides the date, time, and the number of "Entry/Exit" and "Login/Logout" of the AD domain. 
Dynamic control of personnel identity
Streamline identity authentication workflow of BYOD, including device identification and connection permission via existing AD/LDAP/POP3/RADIUS server. This carries out a reliable security policy that prevents threats and risks initially.
Raise AD management standard
Automate detection of leaving AD domain or device not added into the domain with AD login/online information. Force the blocking and remediate the device upon adding into the AD domain. Additionally, the blocked device is able to be added into the domain. Raise AD management rate by up to 98%.
Guest Intranet connection certification
It provides guest on-site application or guest appointment. After passing verification, the device is added into the allowlist and able to connect to the intranet. The system is also equipped with the function of setting the guest available access period, and automatically disconnecting it while expired. 
Clearly displayed device information
It provides clear device configuration list and account information, including device IP/MAC, computer name, Switch, Port, and AD account. With a single interface, the administrator can manage and monitor all device and employees on Intranet, and have reliable information of the devices which is unmanaged.
MODULES
ARPScanner
The UPAS NOC main module uses the patented ARP packet analysis technology, which can perform data collection, device identification and high-strength access control without installing Agent. The key functions are IP/MAC management, assets inventory, device access management (NAC, Network Access Control), and network blocking. Multiple bindings between IP / MAC / DHCP segment / computer name / hardware fingerprint (UUID) can be performed on all connected devices to achieve IP protection, IP reservation, IP invalidate, IP conflict prevention, and MAC impersonating. With the built-in reports, managers can manage intranet IP resources and devices in real-time.
IDChecker
The module uses AD / LDAP / POP3 / RADIUS server to perform identity verification of BYOD, quickly identify devices and manage connection permissions, and establish zero trust security for personnel and devices. When a person enters the network, the system will use the redirect page to guide for authentication. After verifying the identity according to the security policy, the system will automatically grant the person corresponding access permissions (extranet/intranet/specific network segment) and effective timeliness. It can also require the devices to be regularly verified every fixed time.
ADVantage
You can force all computers to follow corporate security policies by binding computers with AD accounts, prohibiting local login, prohibiting privately exit the domain, and using specific AD accounts to log in to specific PCs. The AD security policy and management cover all Windows devices, integrate more than 20 AD and device information. It also provides account usage records. AD module can detect files and changes of shared folders, and SID conflict events, generate the privileged account login/logout records and local account information to assist managers in finding abnormal behavior, and manage all the devices which should join the AD domain.
Guest Access Management
When the guests’ devices want to access the corporate network, the GAM module can provide two application methods: guest appointment application and on-site application, through automatic permission, manual permission, and respondent permission to give access.  Guests who apply by appointment will obtain the Pin in advance. After entering the corporate network, enter the Pin on the application connection page to access the network. All guests can be set the intranet and extranet access authorities and access timeliness. The system will automatically invalidate the authorities when the time limit expires. The automated mechanism facilitates the definition and management of guests, and can generate detailed record reports for auditing.
CASE
Taipei Hospital: Implement IP management in the intranet to stabilize the quality of medical services
In the 10-year stable cooperation, UPAS strengthened IP/MAC management and host identification for the Ministry of Taipei Hospital, improved the stability of the medical system, and established reliable audit data for personal information protection.
September 30, 20
Taichung Bank: Improve internal network management and strengthen personal asset protection
Since 2012, Taichung Bank has worked closely with UPAS to strengthen equipment IP management, implement security policies, and reduce the risk of personal information leakage to comply with personal information laws and regulations.
October 05, 20