During a critical back-to-school season in 2004, The Master’s College was hit with a devastating virus that brought network operations to a grinding halt. In the summer of 2005, the College deployed a network access control solution offered by Cisco to prevent such disasters in the future.
While Cisco Clean Access provided much needed protection against virus intrusion, the College began to experience new issues of user dissatisfaction and product support complexities.
“While providing a robust solution, Cisco Clean Access was a time consuming resource for The Master’s College. Clean Access consumed excessive support resources due to user client issues, application quirkiness, as well as continual inconsistencies in detecting Microsoft operating system updates. We ended up running it at a reduced functional level because of the many issues arising from it. We simply did not have the resources to sustain the solution and eventually determined that this product might not be the best fit for our environment,” says Paul Sedy, Network Manager.
“As mentioned earlier, we began to experience student dissatisfaction with the client. Based on Cisco’s inability to perform real-time, pre- and post-admission security assessments, we had to force reauthentication for every user every three days. In this paradigm, students or faculty could conceivably be out of compliance with security policies and we would not even be aware of it until the next re-authentication.”
Faced with an expensive Cisco end-of-life appliance upgrade ($90K for three servers), The Master’s College determined that they would research NAC alternatives. After extensive analysis and discussions with existing customers, the College chose Impulse Point’s SafeConnect. One of the determining factors in the selection of Impulse Point was the Managed Support Service provided as a standard component of SafeConnect NAC.
“The Master’s College has a small IT staff,” says Sedy. “We learned from our previous NAC solution that we did not want to expend excessive IT resources on another solution. Because of this, the Managed Services component of SafeConnect weighed heavily in our decision. We’re very pleased with how it has panned out for us as an institution.”
Impulse Point offers the only NAC solution both deployed and supported as a managed service. Installation can be accomplished remotely in hours instead of days involving onsite consultants. Ease of deployment, maintenance, and reduced risk results in a low total cost of ownership. In addition to turnkey installation and training, organizations benefit from proactive 24/7 monitoring, problem determination and resolution, daily policy configuration backups and restoration recovery services, software and appliance hardware maintenance, and future software enhancement protection.
“Previously, there was a significant lag time with operating system or anti-virus updates to the Cisco NAC solution,” continues Sedy. “SafeConnect updates the system within 48 hours or less. And if there is a problem, Impulse Point owns the problem. We’re not left to figure it out on our own. We’ve had a very positive experience with the Impulse Point support staff. They can see everything we see and that’s very helpful in mitigating any issues.”
Ease of use and student satisfaction were other requirements for a replacement NAC product. As long as there are no security compliance problems, SafeConnect remains invisible to the user and there is no active interaction after installation. However, should a device no longer meet the security policies of the College, the user receives Master’s College-branded individualized notifications regarding the reason for noncompliance (e.g., out of date anti-virus protection). The user is guided through the remediation process with specific instructions and a link to an internal or external source where the appropriate software or virus definition can be downloaded. Once the compliance problem is resolved users regain access to the network.
One area of particularly significant benefit is SafeConnect’s ability to identify active Peer-to-Peer applications and immediately terminate network access if the application is active. This allows the college to prevent illegal downloading of content without assuming the invasive position of forcing the user to uninstall the application. In the experience of the Master’s College, this has significantly reduced the number of ‘take-down’ notices received from security firms hired by the recording industry.
Because SafeConnect is intuitive and user friendly for both end users and management teams, it helps to drive a substantial reduction in Help Desk calls. The remediation process is uncomplicated and simple to follow – users are able to easily self-remediate to regain compliance to the network. This results in fewer instances of non-compliance and fewer Help Desk calls.
SafeConnect™ offers an easy to implement and support endpoint policy management solution that allows organizations to control access to their networks based on an end user’s compliance with security policies, while seamlessly connecting to their existing multi-vendor infrastructure. Although not required, SafeConnect is also compatible with 802.1x, providing the flexibility to quarantine users at the router, switch, or endpoint device.
SafeConnect™ is supported by the NAC industry’s only proactive maintenance support offering. Impulse Point provides continuous proactive monitoring and support that includes hardware server and software problem determination and resolution, as well as upgrade protection to future software functional releases. Impulse Point prides itself on the quick, efficient, and accurate implementation of the SafeConnect NAC Solution and is available to provide personalized advice and support throughout project planning, installation, and deployment. All necessary Policy Appliance hardware, software licenses, and the following support services are included in the initial first year price of the SafeConnect solution:
The ability to maintain up-to-date support for the most current anti-virus, anti-spyware, operating system, and other endpoint security software is a major benefit of Impulse Point’s Managed Services Offering. Impulse Point owns the responsibility of identifying, supporting, and updating customers within 48 hours as a standard component of its managed support service.
The endpoint policy management capabilities shown to the right are included:
The SafeConnect solution performs both pre- and post-admission security checks in real time without any network traffic degradation. SafeConnect functions out-of-line and provides continuous security assessment and enforcement across wired, wireless, and VPN networks with no performance bottlenecks, maintenance-driven network outages, or as a single point of failure.
SafeConnect features a Single Sign-On (SSO) authentication capability that allows existing Active Directory-managed users to maintain their existing login process user experience.
The SafeConnect NAC solution helps drive a substantial reduction in help desk calls because it is intuitive and user friendly for both the end users and IT support management teams. Users not in compliance receive individualized policy notifications regarding the reason for non-compliance (e.g. out of date anti-virus protection) and are guided through the remediation process with instructions and a link to an internal or external source where the appropriate software or virus definition can be downloaded. Because the remediation process is simple and straight-forward, users follow through to regain compliance and access to the network. This results in fewer instances of non-compliance and ultimately fewer Help Desk calls.
School campuses need to quickly notify students and faculty in the event of an emergency situation. SafeConnect has the ability to broadcast an information or emergency message on-demand to everyone whose computer is authorized to access the campus network. SafeConnect can also send messages to specific devices, specific user groups (staff, faculty, students, etc.), or individual users. Notification can be made quickly and administrators can track the acknowledgements of receipt for compliance purposes.
Policy Administrators can define and change endpoint computing policies and enforcement rules by network segment or directory services policy group from a centralized policy management interface despite the number of remote or distributed locations. The solution also delivers real-time and historical policy status reporting that provides valuable insight into group or individual policy compliance to Policy Administrators and Help Desk personnel.
The following SafeConnect Endpoint Policy Management capabilities can be deployed in a phased-in approach (by IP address/range, subnet, VLAN) across wired, wireless, and VPN infrastructures.
For over 80 years, The Master’s College has provided quality, Christian liberal arts education to thousands of students around the world. Ranked 3rd in the West by US News & World Report as one of America’s Best Colleges in the category of Best Comprehensive Baccalaureate Colleges for nine consecutive years, The Master’s College boasts 13 major fields of study with 58 distinctive emphases, all taught by highly qualified faculty. For more information, please visit www.masters.edu.
6810 New Tampa Highway, Suite 400 Lakeland, Florida 33815
Copyright , Impulse Point. All Rights Reserved.