The architectural flexibility of Network Sentry enables the solution to be deployed as a hardware appliance, a virtual appliance, or a cloud service — ensuring that Network Sentry adapts to the unique needs of any network environment.
Some of the key feature and benefits of Network Sentry are:
- Continuous view of all endpoint devices on the network – Reduce attack surface with knowledge of known and unknown endpoint devices
- Discovery of all network infrastructure devices – Detect and prevent risky network infrastructure changes
- Automated guest management – Enable self-registration to shift workload from IT staff
- Monitor security posture of each endpoint device – Enforce compliance with corporate and regulatory mandates
- Dynamic configuration using “EasyConnect” – On-board thousands of endpoint devices concurrently
- Role-based dynamic network access control – Enable logical network segmentation to control access to sensitive data
- Correlate and prioritize security events – Rapid triage of security events to generate actionable alerts and enforce endpoint containment
- Policy-based Automated Threat Response – Reduce containment time from days to seconds
- Built-in analytics – Accelerate forensics effort by analyzing historical data tied to a security event
How it works?
Using a centralized and highly scalable architecture, Network Sentry leverages the built-in commands of network switches, routers and access points to establish a Live Inventory of Network Connections and enforce control over network access. It seamlessly integrates with authentication technologies such as 802.1X, RADIUS, and Active Directory to automatically determine if a device is corporate issued or employee owned, and the appropriate level of network access for the user of that device.
The flexibility of the architecture enables the solution to be deployed as a hardware appliance, a virtual appliance, or a cloud service — ensuring that Network Sentry adapts to the unique needs of any network environment.
Collecting Asset Information
- Poll operations allow Network Sentry to periodically query network infrastructure to determine devices that have connected, or that have been disconnected
- Leveraging Mac-Notification or Link State Traps, Network Sentry can be alerted to the addition, or removal of devices to the network.
- Through third party “trust point” integrations, Network Sentry can identify, and use classifications defined by systems such as IPAM, MDM, Inventory Control systems
- Device profiling can leverage methods such as DHCP fingerprinting, Active Scan operations, open TCP/UDP ports, Mac OUI, VLAN, SSH, Telnet, SNMP, location, and passive scan options.
- Through Active Directory integration, Network Sentry can leverage passive registration and scan options to identify hosts, and users connecting to the network through a domain join.
- Distribution of a persistent agent
- Captive Portal
Network Sentry minimizes the risk of unauthorized access to corporate assets and intellectual property, protects the brand, and reduces the impact, time, and costs of containing cyber threats. To make it cost-effective, Network Sentry delivers this functionality by integrating with leading third-party networking, security, directory and mobility products using its underlying SmartEdge Platform. This open platform provides a REST-based Application Programming Interface (API) that enables bi-directional communication to and from Network Sentry to extend visibility, control and response to the edge of the enterprise network.
Collecting Configuration Information
Network Sentry can leverage scan policy to identify operating system, OS version, patch detail, hostname, adapter(s) associated to host, application inventory, Antivirus and Antispyware operational, and current definition status, Domain membership, certificate validation, and custom scan operations including running process(es), services, registry key value, file presence, etc.
Using Adapter, Host, User, or Application detail, with wildcarding capability administrators can create User/Host profiles as granular as required to assert network access, endpoint compliance, or authentication policy.
Asset Responsibility Mapping
Network Sentry can leverage single sign on operations, or captive portal functions to directly associate the user that has possession of a host or has logged into a host. Such association can be further leveraged to deliver appropriate network access or endpoint compliance validation.