You are on page 1of 4

DATA SHEET

NETWORK MANAGEMENT

3COM INTELLIGENT
MANAGEMENT CENTER (IMC)
ENDPOINT ADMISSION
DEFENSE (EAD)

OVERVIEW KEY BENEFITS


®
Based on the 3Com Intelligent Management Center
INTEGRATED SOLUTION
(IMC) platform, Endpoint Admission Defense (EAD)
Most Network Access Control (NAC) solutions involve
minimizes network vulnerabilities by integrating
multiple separate functions that all need to work
security policy management and endpoint posture
together, but which are deployed, configured, managed
assessment to identify and isolate risks at the
and audited separately. The IMC management platform
network edge.
consolidates these functions in a single environment to
The IMC EAD security policy component enables avoid the complex configuration issues associated with
administrators to control endpoint admission based on a fragmented solution. EAD integrates security
identity and the posture of the endpoint. If the endpoint evaluation, security threat location, security event
is not compliant with required software packages and awareness and execution of protective measures into
updates, network assets can be protected by blocking a centrally managed and monitored platform that
or isolating endpoints’ access. Additionally, non- reduces implementation costs and complexity while
intrusive actions such as endpoint monitoring and increasing overall network security.
notification can be enabled.
EAD reduces the risk of malicious code infecting your REDUCE THE RISK OF INFECTED DEVICES ON
THE NETWORK
network or other security breaches by detecting
endpoint patches, viruses, Address Resolution An important function associated with NAC is
Protocol (ARP) attacks, abnormal traffic, installation minimizing the risk of malware-infected PCs, laptops
and running of sensitive software, as well as the status and other devices connecting to and compromising your
of system services. To ensure continued security, EAD network. The IMC EAD component works in
provides continual monitoring of each endpoint’s conjunction with the User Access Manager (UAM)
traffic, installed software, running processes component to apply the appropriate security posture
and registry changes. policy to each user or device on the network.
2 3COM INTELLIGENT MANAGEMENT CENTER (IMC) ENDPOINT ADMISSION DEFENSE (EAD)

KEY BENEFITS (continued) ENFORCE POSTURE COMPLIANCE


EAD, in cooperation with the iNode desktop client,
AUTOMATICALLY BLOCK DEVICES SENDING
SUSPICIOUS TRAFFIC collects endpoint posture information to determine if an
endpoint is compliant with set policies. Status checks
Ensuring that devices connecting to your network are
include the O/S, O/S Patches, registry settings,
configured to meet predefined security policies is only
applications, processes and services that are installed
one method of keeping infected devices from interfacing
and/or running on a particular device. In addition to
with your network. Even a well configured and protected
basic security requirements, administrators can build
PC or laptop could be infected with a new or
these custom requirements into their EAD policies to
undiscovered vulnerability that locally running security
ensure that only devices that comply with the
applications cannot detect.
organization’s desktop policies can connect or stay
To ensure devices that have been compromised in this connected to the network.
way cause the minimum damage or disruption, IMC has
an integrated Attack Control Center (ACC) component PROTECT SENSITIVE DATA
that can be configured to receive security events from EAD regulates network access based on user identity,
intrusion prevention systems (IPSs) and other posture, location and time of day to prevent
security-aware devices in the network, and act on unauthorized access to network assets and resources.
those events to isolate or block the endpoint to protect With the iNode desktop client, key data theft protection
network assets. features can be enabled, such as controlling USB and
CD drive access.
LEVERAGE EXISTING USER DIRECTORIES
As well as its own internal database for standalone
deployments, UAM also has the ability to integrate with
existing IT directory services. Via a standard
Lightweight Directory Access Protocol (LDAP) v2/3
interface, UAM can either synchronize with an external
directory, or completely offload the user and device
ID/password authentication process. This eliminates
duplicated effort as well as accuracy and delay issues
associated with maintaining multiple instances of the
same information.
3 3COM INTELLIGENT MANAGEMENT CENTER (IMC) ENDPOINT ADMISSION DEFENSE (EAD)

KEY BENEFITS (continued) FLEXIBLE AND HIGHLY SCALABLE DEPLOYMENT


IMC delivers an extensive set of capabilities for
USER-BASED TRAFFIC ANALYSIS
managing, monitoring and controlling large
IMC unlocks the power of data being monitored by
heterogeneous networks. This self-contained solution
network infrastructure devices, including NetStream
provides scalability and high availability through a
and sFlow data, to enable greater visibility and control of
flexible, distributed deployment model. With its modular
network usage. Interaction with the integrated UAM
design, IMC can be deployed across multiple servers to
component enables traffic flows to be linked with users
provide maximum scalability and resilience as the
rather than just IP addresses for comprehensive
number of infrastructure devices and associated
auditing of network usage. For current and historical
networked users and devices grows.
auditing purposes, this facilitates associating a specific
user with particular activity on the network.
4 3COM INTELLIGENT MANAGEMENT CENTER (IMC) ENDPOINT ADMISSION DEFENSE (EAD)

SPECIFICATIONS
Workstation
Pentium 4, 3.0Ghz processor, 4096Mb of RAM , 100Gb hard
disk space,
Operating system
Windows XP Service Pack 3
Windows Server 2003 Service Pack 2
Windows Server 2003 Service Pack 2 (64 bit)
Windows Server 2003 R2 Service Pack 2
Windows Server 20-03 R2 Service Pack 2 (64 bit)
Windows Server 2008
Windows Server 2008 (64 bit)
Databases
Microsoft SQL Server 2005 Service Pack 2
Microsoft SQL Server 2008
Microsoft SQL Server 2008 (64 bit)

Note: EAD as an add-on service module requires that a version


of IMC platform be previously installed.
Hardware requirements of IMC differ according to the compo-
nents installed and the number of devices managed.
Please refer to the IMC Installation Guide for full details.

ORDERING INFORMATION
PRODUCT DESCRIPTION 3COM SKU
3Com IMC EAD Module License (200 users) 3130A0DD
IMC EAD License (additional 200 users) 3130A0DE
IMC EAD License (additional 500 users) 3130A0DF
IMC EAD License (additional 1,000 users) 3130A0DG
IMC EAD License (additional 5,000 users) 3130A0DH

Visit www.3com.com for more information about 3Com solutions.

3Com Corporation, Corporate Headquarters, 350 Campus Drive, Marlborough, MA 01752-3064


3Com is publicly traded on NASDAQ under the symbol COMS.
Copyright © 2009 3Com and the 3Com logo are registered trademarks in various countries worldwide of 3Com Corporation. All other company and product names
may be trademarks of their respective companies. While every effort is made to ensure the information given is accurate, 3Com does not accept liability for any errors or
mistakes which may arise. All specifications are subject to change without notice. 401225-002 12/09