Product Spotlight - Symantec OnDemand Protection
Description
"The Symantec OnDemand Protection (acquired via Sygate) enables enterprises to secure Web applications by ensuring the integrity of endpoints and protecting the data that is transmitted to them. The Symantec On-Demand Protection Agent ("Agent") is downloaded from the Web application or secure access gateway at connection time to the endpoint, eliminating the need to have pre-installed client software to secure data on third-party owned systems. The connection is only allowed if the endpoint is fully compliant with security policy and the appropriate On-Demand data protection components are in place. Sygate On-Demand Protection works seamlessly to protect endpoints connecting to Webmail, SSL VPN, Portals, Financial /Healthcare/HR applications, and ERP systems." (Source: Sygate)
What it does
The current protection offered by Symantec OnDemand Protection includes integrity
checking for firewalls, antivirus software, operating systems, browsers, and
client applications; browser cache cleaning; and a secure workplace. The product
neither performs integrity checks for malicious code prevention software nor
directly scans for these problems. Feature support varies by device as shown
in Figure 1.
| Endpoint Device |
Integrity Checking |
Browser Cache Cleaning |
Malicious Code Scanning |
Secure Workspace |
| Windows XP | FW, AV, OS, B, C |
Yes |
Yes |
|
| Windows NT | FW, AV, OS, B, C |
Yes |
??? |
|
| Windows 98 | FW, AV, OS, B, C |
Yes |
??? |
|
| Linux | ??? |
Yes |
||
| Macintosh | ??? |
Yes |
||
| Unix | ??? |
??? |
Figure 1 - Endpoint Security by Client Operating System
With Sygate OnDemand organizations can perform a detailed compliance check on various software
| Endpoint
Software |
Compliance
Checking |
Supported
Products |
| Firewalls (FW) | Version | |
| Anti-virus (AV) | Version | |
| Malicious Code Protection (MCP) | Version | |
| Operating Systems (OS) | Version, Service Pack, Patches, Registery, Note 2 | |
| Browser (B) | Version, Service Pack, Patches | |
| Client Applications (CA) | ????? | |
| Note 2:Sygate OnDemand does not check for open communications ports | ||
Figure 2 - Compliance Checking Details
How it Works
Admin Perspective
- An administrator installs agent on an secure access gateway.
- The administrator configures the endpoint security policy for users by groups and roles
User Perspective
- The user enters the URL of the secure access gateway
- The Symantec OnDemand screen appears, a java applet is downloaded to the
device, and then compliance checking is performed. (Note: admin-level access
is not required for the browser so most public devices will accept this applet)
- If the device passes the compliance checks, the gateway authentication screen is displayed. If the device fails, a web page linking to a remediation service can be provided.
Compatability/Integration with Secure Access Gateways
Compatability
- Symantec OnDemand Protection works with all secure access gateways without
any modification to this perimeter system.
- Once Symantec OnDemand has completed its operations and "passed" a device, the user is automatically redirected to the authentication screen of the secure access gateway.
- Symantec OnDemand is pre-integrated with gateways fron Aventail and Juniper Networks
Additional Information
Visit Symantec website