Using Role-Based Policies to Monitor User Activity

If you are using IDP Release 5.0 or later or ScreenOS ISG-IDP Release 6.3 or later, you can add enhanced user management capabilities to your Ivanti Policy Secure IDP deployment. This feature is supported for endpoints using Ivanti Secure Access Client and users who connect with agentless access.

When a user session is established on Ivanti Policy Secure, Ivanti Policy Secure pushes session information including IP address, username and the roles to which the user is assigned to the IDP. The session information allows IDP to apply policies based on user roles, or on the username which is added to the IDP log.

Since role selection for a user can be based on the results of Host Checker policies, you can set policies that are based on Host Checker results. For example, if a user is assigned to a restrictive role based on the results of a Host Checker policy requiring a instant messaging software patch, you can restrict instant messenger traffic for that role.

Ivanti Policy Secure keeps the IDP device updated when a user’s role changes or when a session is deleted. IDP’s application policy enforcement reflects the most currently available information about a user.

If role-based policies are less restrictive than IP address based policies, some users could be inadvertently blocked during this period. Once session information is obtained about the endpoint IDP re-evaluates the endpoint and applies the less restrictive policies.

If role-based policies are more restrictive than IP address based policies, IDP cannot apply the more restrictive policies, and an endpoint could engage in potentially damaging behavior prior to session information being sent.

If you are using Ivanti Policy Secure and IDP in a network that employs IF-MAP client and server Federation, and IDP detects an attack that is attributed to a session, IDP informs Ivanti Policy Secure about the attack. Upon notification, Ivanti Policy Secure publishes the information to any attached IF-MAP servers. The IF-MAP server notifies Ivanti Policy Secure that originally published the session and Ivanti Policy Secure takes the appropriate action based on the applicable Sensor Event Policies.