One user may have multiple computers and some computers may have multiple users. Therefore, the Security Policies for some components are enforced for each user, and some are enforced on computers.
One user may have multiple computers: |
|
Some computers may have multiple users: |
---|---|---|
|
You can import users and computers to the Endpoint Security Management Server, which uses your organization's existing hierarchy to provide a graphical tree of endpoints computers. You then define software deployment and security policies centrally for all nodes and entities, making the assignments as global or as granular as you need.
You can predefine security policies before setting up the organization. The Endpoint Security Management server interface provides a granular view of all the Endpoint Security policies, grouped by the components they configure.
You create and assign policies to the root node of the organizational tree as a property of each Endpoint Security component. Policies can be deployed one by one or all together. Because different groups, networks, OUs, computers, and users have different security needs, you can configure different components accordingly.
You can define policies in SmartEndpoint for these Endpoint Security Windows client components:
Component |
Description |
---|---|
Compliance |
Allows you to enforce endpoint compliance on multiple checks before users log into the network. You can check that the:
|
Anti-Malware |
Protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. |
Media Encryption and Media Encryption & Port Protection |
Protects data stored on the computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on). |
Firewall and Application Control |
Defines the topology of the organizational network, separating it into Trusted and Internet domains. Blocks or allows network traffic based on attributes of network connections. Controls network access on a per-application basis, letting you restrict application access by zone and direction. |
Full Disk Encryption |
Combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Manages:
|
Remote Access VPN |
Provide secure, seamless access to corporate networks remotely, over IPsec VPN. |
Capsule Docs |
Provides security classifications and lets organizations protect and share documents safely with various groups - internal and external. |
URL Filtering |
Lets organizations control access to web sites by category, user or group. |
SandBlast Agent Anti-Bot |
Detects bot-infected machines and blocks bot C&C communication to prevent bot damage. Provides detailed information about the device affected by the bot activity, about the bot process itself, and other relevant information. |
SandBlast Agent Anti-Ransomware, Behavioral Guard and Forensics |
Prevents ransomware attacks. Monitors files and the registry for suspicious processes and network activity. Analyzes incidents reported by other components. |
SandBlast Agent Threat Extraction, Emulation and Anti-Exploit |
Threat Extraction quickly delivers safe files while the original files are inspected for potential threats. Threat Emulation sends files on the endpoint computer to a sandbox for emulation to detect evasive zero-day attacks. |