Introduction to Ivanti Policy Secure

Overview

Ivanti Policy Secure (IPS) is a network access control (NAC) solution which provides network access only to authorized and secured users and devices. It protects your network and guards mission critical applications and sensitive data through comprehensive NAC management, visibility, and monitoring.

It reduces the cost and complexity of delivering and deploying granular, identity, and role enabled access control from the branch to the corporate data center. It also addresses most NAC challenges, which includes insider threats, guest access control, and regulatory compliance.

The IPS solution leverages AAA framework, which contains the user profiles, attributes, group roles and identities. It then binds the user identity information to the endpoint and to the network and uses the resultant policy to map the user to the appropriate role during the access session.


IPS solution uses endpoint validation to place the users into specific access groups. The groups can be provisioned access to different resources based on access control mechanisms such as virtual LANs (VLAN), filters, or access control lists (ACL). You can also define additional QoS parameters for the session for role based policy enforcement so that only authorized users can access the application and data. The solution allows access only from users who are compliant with the security policies that you define. IPS also works well with unmanaged devices, such as printers, VoIP phones, and IP enabled cameras. You can configure typical hosts, such as VoIP phone, that is not 801.1X enabled to be permitted to the network using SNMP enforcement and the Profiler. The integration with Profiler enables IPS to build a database of the unmanaged devices on the network and have the same access security as managed devices. IPS solution is extremely flexible and offers numerous options for integration into your existing network. When an endpoint connects to the network, IPS gathers user authentication data, endpoint security state data, and device location. It combines the information to create dynamic policies or uses the user created policies, which are then propagated to enforcement points. The enforcement can be either at the edge of the network prior to granting an IP address using 802.1X, within the network on the firewall, or both for greater granularity.