PatchLink Quarantine
Quarantine is an important strategy for network security. Today, the quarantine concept goes by many other names—clean room, scan-and-block, network admission control and end-point computer quarantine. Whatever the name, the core quarantine practice is to scan a system as it attempts to connect to the network, and then to block or prevent the network connection if the scan discovers missing patches that are required by the network administrator.
Lumension Security Case Study
Patchlink have provided us with a flexible working system which we are successfully using to manage the deployment of updates and patches, and hence provide a high degree of protection to our network.
Mike Walder
Support Consultant
East Sussex County Council
Quarantine is an important strategy for network security. Visiting, mobile, and VPN users can connect unchecked devices to your network, creating holes for the latest viruses, worms, and malware to enter your corporate infrastructure. The quarantine process evaluates a system as it attempts to connect to the network, and then prevents the network connection if it discovers missing patches, incomplete virus protection, or other security configuration issues. Security evaluation after a connection is established is too late, because attacks from a corrupted system can begin at connection.
PatchLink Quarantine ensures automated enforcement of network security policies on an ongoing basis. PatchLink Quarantine identifies computers that are attempting to access the network, quarantines them, evaluates them for threats, and remediates as necessary. Once remediation is complete and the end-point meets security policy standards, it is granted access to the network.
Scanning after a connection is established is too late, because attacks from a corrupted system can begin immediately at connection. Essentially, the quarantine process identifies new machines that are attempting to access the core network, isolates them to a “safe zone” or quarantine area, evaluates the end-point for threats and remediates as necessary. Once remediation is complete and the end-point meets security policy standards, the end-point is granted access to the core network. An effective quarantine solution will also ensure the automated enforcement of network security policies.
A comprehensive quarantine system is comprised of several hardware and software components, each responsible for a specific aspect of the 4-phased process (see diagram). The four phases are: blocking access to the network, assessing the potential threat, remediating the potential threat and authorizing access to the network.
PatchLink Quarantine supports all aspects of the 4-phase quarantine process through a combination of advanced security solutions. PatchLink delivers complete end-point assessment and remediation capabilities through PatchLink Update™, our award-winning security patch and vulnerability management solution. To effectively manage the initial blocking and final access phases of the quarantine system, PatchLink seamlessly integrates with leading Access Control Systems via a powerful, yet easy-to-implement communication vehicle, the PatchLink Quarantine application program interface (API). PatchLink Update provides state-of-the-art, agent-based assessment capabilities that will detect all end-point vulnerabilities and automate the deployment of appropriate remedies and configuration settings.
PatchLink simplifies the distribution of the end-point agents through the Agent Management Center (AMC), a powerful tool that ships with PatchLink Update. The AMC enables the administrator to identify rogue machines that do not have an agent and automatically propagate and install an agent on those machines. Once installed, the local agent provides an array of functions, including the unique PatchLink Fingerprinting™ process that determines which vulnerabilities reside on the end-point. Unlike assessment tools that simply analyze the end-point’s registry, Patchlink Fingerprinting combines registry information with detailed file checks to provide the most accurate assessment possible. In addition to the patent-pending PatchLink Fingerprint process, the agent is responsible for useful software inventory management, service monitoring, hardware profiling, customizable polling, and management functions.
The initial end-point blocking and final access approval aspects of a comprehensive end-point quarantine solution are delivered through a PatchLink Professional Services engagement. Using the PatchLink Quarantine API, our Professional Services group is able to set up communications between PatchLink Update and a number of Access Control Systems. The PatchLink Quarantine API is based upon the Web Service Definition Language (WSDL), an open industry standard method that enables the PatchLink Update solution to be accessed from any programming language on any platform. The API has been implemented with a number of popular ACS solutions, including NetReg, Vernier, CISCO and CHECKPOINT.
PatchLink is working closely on emerging standards in the area of end-point quarantine technology. PatchLink, as a Microsoft Gold Certified Partner, is actively participating in Microsoft’s Network Access Protection (NAP) program and also with Cisco Systems on the development of their Network Admission Control (NAC) solution.
