Protection of enterprise data assets is best controlled through granular identity-based access control policy enforcement – before, during, and after a user is granted access to the network. Critical data resides in multiple places and is accessed by various users in different locations, so having per-user, location-independent policies is essential. Additionally, persistent access control policy enforcement should prevent unauthorized users from even “seeing” network, system and application resources for which they should not be accessing.
Effective access control policy enforcement goes beyond the point at which a user connects to the network and continues to validate access is appropriate and authorized. Additionally, integrating access control policy decisions with policy enforcement eases administration and complexity compared to approaches that rely on managed switches or other third party devices for policy enforcement and threat containment. The Nevis line of LANenforcer LAN security systems delivers integrated access control policy decision and enforcement through per-user stateful firewall rules, essentially creating a “Personal DMZ” for every authorized user and guest on the LAN. This shrinks the security envelope to protect every user from network-borne threats and protect key network assets from unauthorized user activity – without the need for client software. The system logs each user’s identity and monitors their network activities, providing the deep visibility required to comply with many government and industry regulatory requirements for segregation of duties and user accountability.