" Real-Time Scanning Continuous scanning of the device throughout a session protects against
remote devices that become non-compliant or violate policy during a session.
" Access Client Security Ensures only pre-approved applications can connect to the VPN tunnel
and protects against external connections through the device into the corporate network by making
" Session Cleanup - Removes all traces of access from the endpoint on completion of the session
including cookies, URL history, cached pages, registry entries, and downloaded components.
" Heterogeneous - ActiveX and Java support means examination of a broad group of devices.
New measures must be taken to determine the integrity of wireless access points to ensure no leakage of
corporate or personal data. WatchGuard SSL addresses this by offering the following:
" WPA Authentication - Authenticate corporate wireless access points with Wi-Fi Protected
" Differentiation Discriminate between users connecting through a pre-authenticated trusted
access point, and an untrusted access point.
Identity and Access Policy Management
Combining all aspects of an identity and access management system into a single, cohesive, and integrated
policy delivers significant security, scalability and auditing benefits to an organization.
Leveraging the core technologies outlined above, a rich access control policy can be created which
adaptively grants granular application and data resource access based on the security of the user s
workspace. Factors that can be included in the policy can be:
" Endpoint Integrity Grant access based on device type, endpoint integrity, etc.
" Authentication Level Grant access based on authentication level (two-factor or one-factor).
" User Role Grant access based on a user s role or group membership. For example, is the user in
marketing, sales, engineering, or finance? Are they an employee, partner, or customer?
" Network Grant access based on whether or not the network is trusted or unknown.
" Point of Entry Grant access based on which WatchGuard SSL access point is used (e.g.,
London, New York, Tokyo)
" Point of Entry Depending on which WatchGuard SSL access point is used (e.g., London, New
York, Tokyo), determines which local applications may be seen.
" Mid-Point Integrity Grants access based on the security of the mid-point integrity check.