Dynamic Policy Enforcement | Network Access Control | Mirage Networks

Network Access Control Eliminates Threats, Before they Impact the Network

Top Ten Network Access Control Questions

Home » Products » Dynamic Policy Enforcement

Discover What Dynamic Policy Enforcement Can Do For You.
A dynamic policy enforcement engine comprises the core of Mirage’s Endpoint Control capabilities. This engine ensures that devices are policy compliant throughout their lifecycle on the network, from network admission to exit. Policy enforcement plays a critical role in agentless Network Access Control, risk assessment, and threat protection.

Out-of-the-box, Mirage comes with built-in policy checks that determine characteristics about any device entering or on the network, including:

Known or unknown device status
Registered or unregistered device status
Services running, such as instant messaging, peer-to-peer networking, and FTP services
Threat and policy compliance history
Wired or wireless network access
Network segment entered
OS patch levels
Antivirus signature updates
Presence or absence of spyware and firewall software

Determining this information enables you to better control the endpoints on your network by defining critical risk characteristics according to security policy and the user type. If desired, Mirage can also perform deeper vulnerability scans through third-party software. If you have existing technologies in place, Mirage leverages this investment using our open API, making it painless to integrate with other security technologies.

Mirage allows you to easily establish different policies for each segment of your network to give you additional Endpoint Control. For example, you may wish to have significantly different security policies on your IP Telephony network segment, your guest network segment, and your developer network segment:

On the IP Telephony segment, only IP phones and call managers may be allowed to enter this portion of your network and the services may be limited to IPT services only. All other devices attempting to enter this segment can immediately be quarantined by Mirage.
On the guest segment, you may require deeper vulnerability scans to be performed on all unmanaged devices, like a contractor’s laptop, before granting network admission; additionally, Windows, MacOS and Windows CE devices may be permitted, but you may wish to restrict services such as peer-to-peer networking.
On the developer segment, all unmanaged devices may be required to register on the network before gaining admission, but all device types – from PDAs to IP phones to Linux servers – may be allowed. You can even specify that all quarantined devices on this network segment receive a particular type of threat scan.

By enabling you to quickly and flexibly establish policies for your network segments, Mirage provides the Endpoint Control you need to secure the network interior.

Next »

Mirage Network Access Control Dynamic Policy Enforcement

Next »

Analysts on Mirage

From Gartner

“Gartner clients that have deployed Mirage’s product report simple installation and effective security...without false actions during normal activity.”
- Gartner, Cool Vendors in Security and Privacy

on noncompliant & Rogue systems

From Intel Magazine

"To address security in today's network environments, two aspects must be considered: network admission control and system remediation. It is imperative that rogue systems are denied access to the enterprise network. Moreover, once a noncompliant system is identified, network administrators must have the tools to bring the system into compliance quickly and accurately."
- Technology @ Intel Magazine, May 2006

The Facts on Access

From Gartner

"With the increase in laptop adoption, the variety of connection methods and the mobility of employees, the importance of having more comprehensive network access control has increased."
- John Pescatore, Gartner analyst, May 2006