SOLUTION
ITAM IT Asset Management
SCENARIO

The explosion of unmanaged and IoT devices continues to be a critical challenge for every organization. Can you identify laptops running an unpatched version of Windows? Can you maintain the compliance of devices by updating antivirus software and virus signature constantly? Real visibility means you need to see more than devices, but vulnerable applications running on those devices. Further management method is needed to enforce the security policies of installation and compliance on the network. By designing trust zones for external devices, you can mitigate the effects of information breaches and related incidents.

SOLUTION

UPAS ITAM can identify and monitor every device continuously with deep and detailed information. The system automates the identification and remediation of application installation with a real-time application list, ensuring compliance without security risk in your network. A trusted zone for external devices limits accesses from/to vulnerable devices, enforcing the security policy with a Zero Trust architecture.

FEATURES
Monitor installed software of compliance and copyright in real-time
UPAS ITAM is able to check the legal software copyright for Windows, Mac and Linux OS. Further compliance information, including the installation/version/update of the antivirus software and virus signature, is provided for Windows OS. You can define appropriate policy for non-compliant devices to be blocked or remediate.
Automatic software blocking policy
Windows OS can be prohibited from running specific applications (including portable software), and the non-compliant applications will be blocked to eliminate the risk.
User-defined USB access policy
It allows you to control the access of USB device, memory card, mobile device, USB network card, and external CD drive, and set read and write permission to prevent unauthorized, rogue and impersonating device connection. This policy also embraces Zero Trust security by enforcing least-privilege access based on identification.
Identify the risk and threats, and remediate in time
UPAS ITAM provides continuous and real-time security information of endpoints, including the installation and update rate of device OS, antivirus software and virus signature. Any possible risk and damage can be avoided by imposing policy-based controls and rapid response to incidents.
Enhancing the device compliance ratio
Build a real-time inventory of every device’s configuration and compliance state. Non-compliant devices will be blocked and remediate upon connection. Enhancing the device compliance ratio up to 98% prevents threats from existing infrastructure.
Passively detect potential risk of unmanaged devices
UPAS ITAM is able to identify devices’ application installation state without agent that reducing the risk of business disruption, and remediate the device with the redirect page of installation files.
MODULES
ARPScanner
The UPAS NOC main module uses the patented ARP packet analysis technology, which can perform data collection, device identification and high-strength access control without installing Agent. The key functions are IP/MAC management, assets inventory, device access management (NAC, Network Access Control), and network blocking. Multiple bindings between IP / MAC / DHCP segment / computer name / hardware fingerprint (UUID) can be performed on all connected devices to achieve IP protection, IP reservation, IP invalidate, IP conflict prevention, and MAC impersonating. With the built-in reports, managers can manage intranet IP resources and devices in real-time.
Patch Management
PM can periodically scan and obtain the software summary of the intranet connected devices, Windows OS version/KB, anti-virus software information and virus signature version by deploying Agent on the endpoint device. Through the collection of the software summary table, the following checks can also be performed: permit software, prohibited software, software copyright quantity, software version. If there is a non-compliance event (it should be installed but not installed, should not be installed but installed, using pirated software, should be updated but not updated), the network connection can be blocked and the redirect page will show up to inform the reason. Non-compliant devices can be set to different levels of authority to facilitate the stable operation of the device and still guide the repair to comply with the security policy.
Device Management
By deploying Agent on endpoint devices, DM module can identify and manage USB storage devices, memory cards, USB ports, USB network cards, and optical disk drives. It can set up the authorities for USB devices, such as whether have authority to read and write, to prevent from leaking confidential data, and can set USB device allowlist to prevent unauthorized USB devices from accessing and transmitting data.  In terms of device network management, it can detect and prohibit devices from using wireless networks or Bluetooth, preventing the use of private networks to transmit sensitive data by bypassing corporate networks.
CASE
Taipei Hospital: Implement IP management in the intranet to stabilize the quality of medical services
In the 10-year stable cooperation, UPAS strengthened IP/MAC management and host identification for the Ministry of Taipei Hospital, improved the stability of the medical system, and established reliable audit data for personal information protection.
September 30, 20
Taichung Bank: Improve internal network management and strengthen personal asset protection
Since 2012, Taichung Bank has worked closely with UPAS to strengthen equipment IP management, implement security policies, and reduce the risk of personal information leakage to comply with personal information laws and regulations.
October 05, 20