|
 EpiForce® security software enables an organization to create an identity-aware network across a mixed data center that protects critical network data and communications from intruders.
The Four Components
EpiForce consists of four key components that work together to enable logical security zoning and policy-based encryption of data in motion based on identity:
- EpiForce Agent software is installed on each server and/or client as a shim into the TCP/IP stack, monitor all incoming and outgoing data frames (packets) and applying policy to each packet (block, allow, encrypt or CLEAR).
- EpiForce Admin Console offers an intuitive centralized management interface for creating and deploying policy to all EpiForce Agents, regardless of the physical location or geography of the server or client.
- EpiForce Database stores all security policies
- EpiForce Admin Server distributes policies, and handles messaging and queuing between the EpiForce Agents.
Microsoft Active Directory (AD) Synchronization
To deliver simplified administration and secure identity verification, user IDs from Microsoft Active Directory (AD) are synchronized with EpiForce. The way it works is a user sends a request to forward their credentials from EpiForce Agent to the EpiForce Admin Server. If the user is valid, the Authentication Server responds with encrypted credentials and forwards them from the user to EpiForce Admin Server. The EpiForce Admin Server validates the user through the EpiForce Agent and EpiForce security policy will apply. This allows the IT manager to set either host or user-based access control. If user-based access control is established, the policy will follow the user without regard to the system the user is on. User authentication is integrated with Active Directory or Lightweight Directory Access Protocol (LDAP) and is secured through 2-way encrypted credentials
Securing Legacy Platforms
An EpiForce Guardian Security Appliance enables legacy platforms and platforms unable to host EpiForce Agent software to realize the same benefits of logical security zones and policy-based encryption of data in motion. Guardian appliances protect multiple hosts or hosts with multiple IP and MAC addresses and provide an extra degree of flexibility to security administrators.
Convenient Centralized Management
Logical security zones are created by applying a unified set of policies to a “like-minded” group of users, servers, clients or both in order to isolate, protect traffic, and to provide access to privileged resources. Policy-based encryption of data in motion can be employed selectively (e.g. at the port-level) to provide confidentiality while maximizing application performance and reducing bandwidth requirements. EpiForce Admin Server automatically informs all the EpiForce client software on the applicable computers of the implemented or updated security policies.
Both logical security zones and policy-based encryption are “persistent” and do not cease when computers are physically relocated, providing organizations the flexibility to locate computers where business requirements dictate, without concern for continuity of security policy.
EpiForce Admin Console presents a single interface through which authorized security administrators can create and deploy security policies for all servers and clients protected by EpiForce. Hierarchal delegation, workflow, detailed reporting and audit trails ensure EpiForce is easily applied to existing security procedures.
|
