Trusted Identities, Managed Access from Wick Hill

" Real-Time Scanning Continuous scanning of the device throughout a session protects against

remote devices that become non-compliant or violate policy during a session.

" Access Client Security Ensures only pre-approved applications can connect to the VPN tunnel

and protects against external connections through the device into the corporate network by making

access exclusive.

" Session Cleanup - Removes all traces of access from the endpoint on completion of the session

including cookies, URL history, cached pages, registry entries, and downloaded components.

" Heterogeneous - ActiveX and Java support means examination of a broad group of devices.

Mid-point Integrity

New measures must be taken to determine the integrity of wireless access points to ensure no leakage of

corporate or personal data. WatchGuard SSL addresses this by offering the following:

" WPA Authentication - Authenticate corporate wireless access points with Wi-Fi Protected

Access (WPA)

" Differentiation Discriminate between users connecting through a pre-authenticated trusted

access point, and an untrusted access point.

Identity and Access Policy Management

Combining all aspects of an identity and access management system into a single, cohesive, and integrated

policy delivers significant security, scalability and auditing benefits to an organization.

Leveraging the core technologies outlined above, a rich access control policy can be created which

adaptively grants granular application and data resource access based on the security of the user s

workspace. Factors that can be included in the policy can be:

" Endpoint Integrity Grant access based on device type, endpoint integrity, etc.

" Authentication Level Grant access based on authentication level (two-factor or one-factor).

" User Role Grant access based on a user s role or group membership. For example, is the user in

marketing, sales, engineering, or finance? Are they an employee, partner, or customer?

" Network Grant access based on whether or not the network is trusted or unknown.

" Point of Entry Grant access based on which WatchGuard SSL access point is used (e.g.,

London, New York, Tokyo)

" Point of Entry Depending on which WatchGuard SSL access point is used (e.g., London, New

York, Tokyo), determines which local applications may be seen.

" Mid-Point Integrity Grants access based on the security of the mid-point integrity check.

www.watchguard.com

page 4