Endpoint Security overview

The Endpoint Security tool is a set of complementary features and settings that enables you to configure and implement strong system security for the managed devices on your network. You can restrict network connections for managed devices, restrict access to those machines by other types of devices, and use the Host Intrusion Prevention System (HIPS) and Ivanti Firewall tools to prevent unauthorized application operations.

Endpoint Security provides an impenetrable defense for all the protected devices within your Ivanti network and the perimeter of that network, as well as mobile users—providing complete control over access to and from those devices and what is allowed to occur on them. You can define trusted locations (network connections) for managed devices, create settings for each of the Endpoint Security components listed below, and deploy those settings based on whether the device is inside or outside the trusted network location.

Endpoint Security components

The Endpoint Security components are:

  • Location Awareness: Provides network connection control with location awareness and trusted location features. For information, see Endpoint Security help.
  • Application Control: Prevents unauthorized intrusions. For information, see Application control overview.
  • Ivanti Firewall: Prevents unauthorized application operations and connections. For information, see Agent settings: Ivanti Firewall.
  • Device Control: Restricts access for storage volumes, devices, interfaces, and so on. For information, see Device Control overview.
  • Allow and deny lists and the trusted file list: Provides lists of files configured with a specific set of rights (privileges or authorizations) that allow and deny certain actions that can be performed on that file by an application.

Although Endpoint Security is a single agent that is deployed to target devices, it is fully configurable and is meant to consolidate the security component services. You can configure these components independently or in a combined deployment. For example, you can deploy application control only, or application control and device control (via their respective settings), or any other combination of security components.