eTIPS® - Introduction

By industry definition, the eTIPS platform is a policy decision point (PDP) that is used to instruct networking devices, via the built-in RADIUS, SNMP, SSH or TACACS+ protocols, how to enforce your user and endpoint access policies. The eTIPS platform resides in the data center and is an out-of-band device eliminating a potential choke point in the network. All policy and management operations are performed on the eTIPS platform via an easy-to-use web-based interface which eliminates the complexity associated with policy creation, verification and enforcement. Unique policy engine features provide the ability to gather and combine three categories of information to formulate a rich policy structure used to create full or conditional access:

Identity & Contextual Attributes Aggregation

  • Provides the ability to access, read and combine attributes (role, department, group, etc.) from multiple identity stores (Active Directory, LDAP, SQL, and Token Server), and other dynamic context-specific attributes such as location, date and time, access type, authentication type, etc.

Endpoint Health

  • To reduce the risk of infection or breach, a user's PC can be assessed to determine if it complies with defined health requirements. Using an agentless or persistent agent approach, the presence and state of security tools such as anti-virus, anti-spyware, peer-to-peer applications and firewall products can be determined.

Physical Attributes

  • As an added layer of protection, eTIPS can gather certain device specific attributes to control and manage non-PC endpoints, such as handhelds and printers. Collected elements can include device type, operating system, the status of services, and other device identifiers.

Early generation NAC solutions have proven to be overly complex, inflexible, and difficult to deploy. The Avenda eTIPS 5000 solution eliminates those implementation barriers with an intuitive, easy-to-use web interface that includes integrated, analysis, troubleshooting, and reporting tools. Key transactional data from each user access session is collected and available for you to present or to report in customizable formats.

To avoid the commonly encountered issue of over-aggressive security policies (locking an authorized user out of your network for the wrong reasons), a unique three-step process verifies policy integrity and provides the maximum level of confidence before going live. By using our Policy Simulation Engine and then, placing our device on the network in Monitor Mode, you can be confident that your policy structure works as designed with a high degree of integrity prior to enabling any enforcement.

The Avenda eTIPS 5000 is available in four models to support various sized network environments and use cases. The devices can be clustered together in any combination or quantity to provide extensive scalability and redundancy for failover protection.

Interoperability