Datasheet

ManualsBrandsJuniper Manualscomputers & electronicsACCESS-EES-1000U-1YR

End-to-End Layered Security

The SA4500 FIPS and SA6500 FIPS appliances provide complete, end-to-end layered security, including endpoint client, device, data,

and server layered security controls. These include:

Table 4: SA4500 FIPS and SA6500 FIPS End-to-End Layered Security

FEATURE FEATURE DESCRIPTION BENEFIT

UAC-SA Federation Seamlessly provision SA Series user sessions into Juniper

Networks Uniﬁed Access Control (UAC) upon login—or

the alternative (provisioning of UAC sessions into the SA

Series). Users need to authenticate only one time to get

access in these types of environments.

Provides users—whether remote or local—seamless

access with a single login to corporate resources which are

protected by access control policies from UAC or the SA

Series. Simpliﬁes end-user experience.

Antispyware support

with Enhanced Endpoint

Security

Dynamically download Webroot’s market-leading anti-

malware soware to enforce endpoint security on devices

which may not be corporate-assigned computers being

used for network access

Protects endpoints from infection in real-time from spyware

and thereby protects corporate resources from harm during

network access

SMS Auto-remediation Automatically remediate non-compliant endpoints by

updating soware applications that do not comply to

corporate security policies. Dynamically initiates an update

of these soware applications on the endpoint using the

Microso SMS protocol.

Improves productivity of remote users who will gain

immediate access to the corporate network without having

to wait for periodic updates of soware applications, and

ensures compliance with corporate security policies.

Host Checker Client computers can be checked both prior to and during

a session to verify an acceptable security posture requiring

installed/running endpoint security applications (antivirus,

ﬁrewall, other). Also supports custom-built checks including

verifying ports opened/closed, checking ﬁles/process and

validating their authenticity with Message Digest 5 (MD5)

hash checksums, verifying registry settings, machine

certiﬁcations, and more.

Veriﬁes/ensures that each endpoint device meets

corporate security policy requirements before granting

access, remediating devices and quarantining users when

necessary.

Host Checker Application

Programming Interface

(API)

Created in partnership with best-of-breed endpoint security

vendors. Enables enterprises to enforce an endpoint

trust policy for managed PCs that have personal ﬁrewall,

antivirus clients, or other installed security clients, and

quarantine non-compliant endpoints.

Uses current security policies with remote users and

devices; easier management.

Trusted Network Connect

(TNC) support on Host

Checker

Allows interoperability with diverse endpoint security

solutions from antivirus to patch management to

compliance management solutions.

Enables customers to leverage existing investments in

endpoint security solutions from third-party vendors.

Policy-based

enforcement

Allows the enterprise to establish trustworthiness of

non-API-compliant hosts without writing custom API

implementations or locking out external users such as

customers or partners that run other security clients.

Enables access to extranet endpoint devices like PCs from

partners that may run security clients dierent from that of

the enterprise.

Hardened security

appliance

Designed on a purpose-built operating system. Not designed to run any additional services and is thus less

susceptible to attacks; no back doors to exploit or hack.

Security services employ

kernel-level packet

ﬁltering and safe routing

Undesirable trac is dropped before it is processed by the

TCP stack.

Ensures that unauthenticated connection attempts such as

malformed packets or denial of service (DoS) attacks are

ﬁltered out.

Secure virtual workspace A secure and separate environment for remote sessions

that encrypts all data and controls I/O access (printers,

drives).

Ensures that all corporate data is securely deleted from a

kiosk or other unmanaged endpoint aer a session.

Cache cleaner All proxy downloads and temp ﬁles installed during the

session are erased at logout.

Ensures that no potentially sensitive session data is le

behind on the endpoint machine.

Data trap and cache

controls

Rendering of content in non-cacheable format. Prevents sensitive metadata like cookies, headers, and form

entries from leaving the network.

Coordinated threat

control

Enables SA Series and IDP Series appliances to tie the

session identity of the SSL VPN with the threat detection

capabilities of IDP Series, taking automatic action on users

launching attacks.

Eectively identiﬁes, stops, and remediates both network

and application-level threats within remote access trac.