One of the most vulnerable network access points in the enterprise is the Virtual Private Network (VPN). External systems that access the network through the VPN gateway are frequently not owned by the enterprise, and the users are often not employees, but guests, contractors or business partners. An all or nothing approach to network access for this myriad of users doesn’t make sense, and the usual security policies that can be enforced on internal network systems either don’t apply or can’t be enforced. Nevis, however, offers a complete solution to both validate external systems compliance to the health policies of the network, with an agentless approach ideal for unmanaged systems, as well as enforcing role-based access privileges to all network resources, such as applications, datacenter resources, or internal subnets. Such VPN users can be assigned to a group policy that allows access only to the email system or specific file servers. Or differentiated access can be enforced in accordance with the network policy, allowing external employees access to most applications, while contractors have access to only one or two services. Nevis seamlessly integrates with existing identity management solutions and directory services to identify users and roles and properly enforce one centrally-managed policy.
In addition to such granular access control enforcement, Nevis’ LANenforcer sits behind the VPN gateway detecting any threats from worms, Trojans, bots or viruses that could be unleashed from the external user’s unmanaged systems. Nevis is the only complete LAN security solution that monitors and controls users’ access as well as providing threat containment, all at full network transmission speeds (10GBps), transparently and without affecting the user experience. The result is a lower cost to administer VPN security issues, and a more secure network with threats contained and complete protection of intellectual property and other sensitive assets.