Sygate enhances its enterprise security

Sygate Inc. has beefed up its security software making it possible to secure all endpoints on a network – servers, desktops, via remote access or on the LAN – by making sure they are compliant with corporate security policies.

Sygate Secure Enterprise 3.5 software can deny or restrict use of corporate networks by any machine running a Secure Enterprise agent. Previously, Sygate could enforce policies at key network access points, but not on all machines with the agent software.

Additionally, the new version can direct users of machines that don’t comply with corporate security policies to servers that can download the updates they need.

Secure Enterprise 3.5 consists of management server software that can be configured for specific corporate and group security policies, security agent software for PCs and servers, and enforcer software at network access points such as VPN concentrators, remote access servers and wireless access points. The agents can now act as enforcers.

Agents check whether machines have the proper operating system configurations, appropriate patches, and security applications such as firewalls, antivirus and intrusion detection. Devices that come up short can be monitored, blocked from network access or referred to update servers. Previous versions could check for processes and applications running and correlated to a specific date.

Bringing machines into compliance with security policies can now be done automatically via a feature called Automatic Remediation. This would run a command line to download missing files, rechecking whether the host machine is compliant, and then granting access. Before, if an agent found a device to be non-compliant, it would trigger a display telling the user to manually download an update.

The company says this feature will prevent the machine from becoming compromised when it is used for non-corporate purposes, such as a laptop used for Web surfing when it is taken home at night.

Another new feature with the 3.5 release called Policy Arbitration allows individual users some control over how much access they will allow to their PC from other machines. This is to accommodate those who want to lock down their machines as much as possible yet still allow access by network management and security applications.

Unisys, which is beta testing Secure Enterprise 3.5, wants this feature for its more sophisticated users who need to protect their computers from others users. At the same time, corporate security administrators need some access to, for instance, make sure antivirus software is updated, Unisys Chief Information Security Officer Kerry Ruhl says. “Some user don’t want anyone to touch their machine,” Ruhl says. Policy Arbitration gives them the ability to do that, within corporate security limits, he says.

Unisys plans to install agents on 38,000 devices, both desktops and laptops, to use as a way to contain attacks that may break their way into a network. So by quickly changing rule sets that the agents enforce, the company can shut down infected machines to stop them from infecting others, Ruhl says. “It’s a temporary containment measure until we get a patch,” he says.

Also new in Secure Enterprise 3.5, the agent senses what connection method is being used – wireless, DSL, LAN connection – and can adjust policy based on that. So wireless links might require shutting down file sharing and turning on encryption before allowing connections, for example.

Before, the software could identify machines based on IP address, MAC address of the system, DNS MAC, DHCP MAC, Gateway MAC and connection to the Management Server. Now the software can identify them based on additional parameters: DNS IP, WINS IP, DHCP IP or MAC, Gateway IP or MAC, VPN connection status, and Dial-Up Networking status.

The software is compatible with Windows operating systems from Windows 95 through Windows Server 2003. It is available now.