- ソリューション
ネットワーク間のファイルとデバイスの管理されたセキュアな転送と 産業データの単一方向の複製
クラウドアプリケーションや組織ネットワークとリソースへアクセス(ローカル/リモート)を保護
アプリケーションのライフサイクル全体でセキュリティ問題を検出、修正、防止
業界をリードするOPSWATのデバイス/ データセキュリティ技術を活用する数百のセキュリティベンダーに加わる
Trust no file. Trust no device. - アカデミー
サイバーセキュリティの概念、ベストプラクティス、重要インフラの保護(CIP)、 OPSWAT 製品に関して、オンデマンドでトレーニングの受講と認定取得ができます。入門コースと上級コースがあります
OPSWAT アカデミーは、サイバーセキュリティの専門知識を段階的に取得できるように設計されています
OPSWAT のお客様向けには OPSWAT の製品・サービスの運用・保守をより容易に 効率よくするための上級コースがあります
各分野の認定は 対応する OPSWAT アカデミーコースの試験に合格すると1年間授与されます
OPSWAT アカデミーへの登録は無料です。アカウントを作成するだけで コースカタログにアクセスできます。登録して ご自身の都合にあったスケジュールとペースで コースを受講してください
Trust no file. Trust no device. - パートナー
OPSWAT技術の統合で 脅威防止を強化。OPSWATは、データセキュリティとコンプライアンスに注力したエコシステムの構築を目標に、最善のソリューションを提供するテクノロジーリーダーとパートナーになっています
カテゴリー
Trust no file. Trust no device. - サービス
OPSWATのサポートチームは、電話、チャット、または登録したケース経由で24時間365日対応
オンデマンドで、サイバーセキュリティの概念、ベストプラクティス、重要インフラの保護、OPSWAT製品とソリューションに関するトレーニングと認定を受けることができます。入門コースと上級コースがあります。
私たちのコミュニティフォーラムに参加して、様々な情報を習得してください。お客様の製品アイデア、質問・回答は、私たちの成長の源です
Trust no file. Trust no device. - 会社
OPSWATチームは、世界をより安全に保つことに情熱を傾ける、スマートで好奇心が強く革新的な人々で満たされています。一緒に才能を解き放ち、世界中の重要インフラを保護しましょう
Trust no file. Trust no device.
NAC Solution
Secure your network with MetaAccess NAC (formerly Impulse SafeConnect)
Many organizations are faced with the ever-increasing onslaught of unknown devices accessing their critical infrastructure. Employees, customers, contractors, guests, suppliers and their devices are all potential threat vectors representing a challenge to implement network security policies without inhibiting business productivity. There is also the daunting task of providing user and device access/blocked access information to meet regulatory compliance and for security forensics.
The value of our MetaAccess NAC solution is simply this—by ensuring that every network connection and endpoint device is visible, allowed or blocked appropriately in real-time, the threat associated with security incidents can be reduced substantially. Don’t risk your organization’s data and reputation by exposing it – instead ensure that the security of your network, your constituents’ personal information, and your intellectual property remains intact.
NAC Solution Features and Benefits
Know what’s on your network
Agentless device identification and profiling provides visibility into detailed information for devices on your network: Username, IP address, MAC address, Role, Device Type, Location, Time and Ownership. MetaAccess NAC uses advanced heuristics and rich pattern analysis for strong device profiling:
Device discovery and profiling
MetaAccess NAC discovers new IoT and User Devices that attempt network access. This solution can either Profile (determine device type) in a passive manner or quarantine the device until device type is explicitly known. We use the following techniques to determine device types:
- Deep Device Fingerprinting
- DHCP
- Web Browser User Agent Identification
- URL Fingerprinting
- MAC address OID fingerprinting
- Input from external sources such as
- in-line network devices (wireless access points, firewalls)
- database resources
Control IoT or Browser-less device access
Whether it’s printers and VOIP phones, smart devices like thermostats and lights, or OT devices specific to your industry, controlling and monitoring these devices can be a real challenge. These devices can represent much of the risk in your environment, and many organizations are addressing this issue through network segmentation. Our NAC solution provides a consolidated view of traditional systems, mobile and IoT devices, and now, operational technology (OT) systems; giving you the ability to segment IoT devices either using ACLs or assignment to a specific VLAN from a single dashboard.
The NAC solution allows multiple options designed to meet your varying requirements for these types of devices:
- Passive Onboarding – You have an option for SafeConnect to recognize certain device types and passively allow them access.
- Bulk Upload – You have an option to whitelist a group of devices with the MAC address, ensuring only these specific MAC addresses will get on the network.
- Self-Registration – If you are in an environment where you have specific IoT Devices that need identity tied to it, these can be self-registered through the captive portal.
Deep compliance device check
Whether it’s your organization’s Acceptable Use Policies (AUP) or regulatory requirements, SafeConnect ensures devices on your network adhere and comply accordingly. Windows, macOS, and mobile devices are checked with deep Endpoint Assessments prior to granting network access to ensure that the device adheres to your AUPs and are also checked in real-time as they move across your network.
Meeting regulatory compliance requirements such as GDPR, HIPAA, PCI DSS, SOX, or GLBA revolve around knowing “who, what, when and where” for devices and users on your network and controlling access to the data your company needs to keep secure. SafeConnect NAC helps you achieve that visibility, security, and control - and automates policies that validate accountability, mitigate vulnerabilities and block evolving threats – ensuring your compliance with recurring audits.
Authenticate your users
Depending upon your environment, you can authenticate your users with multiple methods/protocols. End User AD/LDAP/SAML Authentication prevents unauthorized users from accessing network resources. SafeConnect NAC supports the following authentication types: EAP-PEAP (credential based), EAP-PEAP (machine based), EAP-TLS (certificate based), as well as domain and 802.1X Single Sign-On (SSO).
Secure access for guests, vendors and 3rd parties
End User Captive Portal for authentication of BYOD devices with extensive branding / customization capabilities.
Guest Self-Registration automates the process of provisioning temporary network access for your guests. Set up different access levels and approval processes for guests, vendors or other 3rd parties needing access to your network. SafeConnect comes standard with a fully configured SMS gateway that provides international SMS support right out of the box. Device Enrollment with Bulk Upload MAC Address capability enables proper authentication for browser-less devices such as printers, VOIP phones, IP Cameras or any other IOT enabled device including optional network access assignment (VLAN, ACL, Role, Profile, etc.).
View real-time or historical management reporting
SafeConnect NAC gathers a wealth of real-time and historical context-aware device information called Contextual Intelligence, such as Username, IP Address, MAC Address, Role, Location, Time, Ownership and even Compliance Status. This information allows for more timely and informed security decisions.
Use the Real-time Reporting Dashboard for visibility into who and what is on your network along with a built-in reporting interface for 30 days of detailed device information and 6 months of historical information. These reports can be run on a schedule, on demand, or exported to other tools.
Additionally, a built-in reporting interface provides 30 days of detailed client information and 6 months of historical session information through an easy to use interface that can either be run on demand or scheduled to e-mail reports on a daily, weekly, or monthly basis. This data can also be exported to an external source like a SIEM for longer periods of data retention.
NAC Solution Integration to enhance current security investments
MetaAccess NAC can shares the contextual intelligence information it gathers with other security solutions such as identity-based firewalls, web content filters, SIEM, and bandwidth management solutions to enhance their capabilities well beyond the scope of traditional domain devices.
This capability is bi-directional and can receive alerts from Advanced Threat Detection systems to enforce a real-time quarantine for severe alerts. There will be no incidents of missing a middle-of-the-night critical alert spreading through your company, as it will be blocked immediately.
NAC Solution Integration Partners
Use your existing network
With MetaAccess NAC, you have flexible network integration options, which means that in most cases, you’ll be able to implement NAC without changing your current network infrastructure.
Included is a RADIUS server with Layer 2 Network Integration that allows you to authenticate users and devices, control network access using 802.1X and/or by MAC address and assign network privileges for authenticated users and devices. Bulk NAS importing and NAS CIDR notification options are available along with custom RADIUS attribute creation. Network Access Control and Assignment provides wired port level and wireless SSID control. This can be done with Dynamic VLAN Assignment, Downloadable ACLs (dACL), and/or Role Based Access such as Roles, Profiles and Filter-Id.
Optionally, Layer 3 integration bypasses the requirement for RADIUS with Policy Based Routing. This can also be used in addition to basic RADIUS server and MAC address whitelisting for the initial network assignment.
A helpful feature is that controls can be implemented to restrict access to a specific network VLAN based on allowed host types and/or MAC addresses, a feature particularly useful for assigning IoT devices such as printers, VOIP phones and IP Cameras to a segmented VLAN.
Scale NAC capacity and availability as you grow
Leverage VM hardware fault tolerance or purchase the High Availability (HA) option for active/passive nodes. Additionally, multi-node supported clusters are an option for environments of over 25,000 devices.
NAC installation and management without complicated, lengthy consulting services
Remotely deploy with a time proven 5-step install process with access to engineering support throughout. Once implemented, ongoing support includes: 24x7 proactive monitoring & support, nightly configuration backups and automated updates of new device fingerprints, OS & Antivirus signature updates, and either scheduled or automated version upgrades.
★★★★★
Account Analyst
Industry: Communications
Role: Sales and Marketing
Firm Size: 500M - 1B USD
Implementation Strategy: Worked with just the vendor
"Our network is very wide and handles a large number of devices, managing them all is quite cumbersome because it required a large investment and a lot of time, in addition to that it paralyzed the operations, because our collaborators had to work in other terminals while the process was being carried out. Now with SafeConnect all the computers in the network are connected and managed from the software"
★★★★★
Account Analyst
Industry: Services
Role: Product Engineer
Firm Size: 250M-500M USD
Implementation Strategy: Completely internal
"We have used this product for our network security at the office. We used this product to block unauthorized access to the network and define some security policies. Key factors that drove our decision were product roadmap and future vision, product functionality and performance and strong services expertise"
★★★★★
Systems Engineer
Industry: Education
Role: Enterprise Architecture and Technology Innovation
Firm Size: 500M - 1B USD
Implementation Strategy: Worked with just the vendor
"The solution is very reliable, flexible and exceeds our needs. The vendor is very responsive to our changing environment and always willing to assist. Support is great, fast responding and knowledgeable"