IntelliGO Network Access Control

Video: IntelliGO Network Access Control Overview

  Brochure

 White Paper

  Request Demo

  Explainer Video

IntelliGO is an appliance-based Network Access Control Platform. Our philosophy is to provide layers of security and multiple protection techniques including Agentless, 802.1X and Device-Based Security for every Device and Network Connection. We offer the simplest design with an unmatched feature set at scale. We're also the only NAC to support all of the following with a single license:

  • Agentless Visibility & Control: Find any device and segment your network without requiring 802.1X or changes to devices
  • On-Board Certificate Authority: Certificate Authentication, On-Boarding, Mass-Enrollment and PKI for sharing with tools like Firewalls/IPS/APT tools
  • MDM for Mobile Device Control: Multi-Platform Agents for Windows, OSX, iOS, Android, Chromebook and Agentless support IoT. Change configuration of mobile devices or provide application management, security restrictions, remote lock, wipe and location services. Integrate with existing EMMs such as AirWatch, MobileIron, Blackberry, JAMF, Microsoft Intune and others.
  • Compliance Auditing: Multi-OS/Software Endpoint security checks for compliance include Anti-Malware, Anti-Phishing, Encryption, Patchment Management and detection of unwanted programs such as Peer-to-Peer File Sharing
  • NGFW, SIEM, ATD Integrations: Advanced security automation such as bi-directional integration with Anti-Malware, Next Generation Firewalls and Security Information and Event Management Systems
  • Guest Networking: Guest authentication including wired and wireless networking, sponsored, self-sponsored and adminsitratively approved scenarios
  • Threat Coordination: Malware and Vulnerability Discovery including detection of Indicators of Compromise for detecting advanced malware infections and preventing access prior to spreading internally

Popular Integrations


Certificate Based Authentication

IntelliGO provides the most complete and affordable certificate authentication solution for networks on the market. We support a broad range of use cases wtih certificates including:

  • Certificate Management: Create, revoke, renew, report on all certificates and the devices they are installed on.
  • Certificate Onboarding: Support self-enrollment for all major operating systems including Windows, OSX, iOS, Android and Chromebook.
  • Automatic Deployment: Use Microsoft Active Diretory, EMM software or other 3rd party tools to enroll certificates from IntelliGO automatically.
  • 802.1X Authentication: Support EAP standards for strong WPA2 authentication from any supported operating system.
  • SSL Decryption: Deploy certificates to third party tools such as Web Filters, Firewalls, IPS and APT monitors to defend against malicious traffic over SSL
  • Email Encryption: Import keys into email clients and allow users to encrypt messages using S/MIME encryption for strong privacy of emails on all the most popular email clients

Agentless Features

IntelliGO automatically discovers any operating system connected to the network without needing an appliance in every location. Our approach allows you to visualize and control the network and endpoints without deploying agents.

  • Device Fingerprinting: Listen to network SPAN/Mirror ports to automatically discover and classify devices
  • Advanced Probing: Enhance fingerprinting by capturing operating system, service and patch information for inventory and classification for network access on Windows, Linux and OSX.
  • Centralized Scanning: Actively scan equipment such as switches, access points and virtual machines for active hosts on the largest networks
  • Map Network and Connected Devices: Visualize connections to the network and browse active hosts across all infrastructure, pivot to view security information and compliance by network segment.
  • Authenticate Devices: Authenticate devices based on classification using 802.1X without deploying software to the endpoint
  • Dynamically Assign VLAN/Ports: Use our mutli-OS API to interact with switch, access point and virtual software to change VLANs and Port Status without 802.1X.

Endpoint Compliance

IntelliGO provides agents for control of endpoints connecting to the network. Above on-boarding these operating systems IntelliGO provides continious audits and control of the devices to change settings to bring devices into compliance. This is true of all major operating systems such as Windows, OSX, Android, iOS and Chromebook.

  • Mobile Device Configuration: Enforce compliance for PIN/Passcode, Restrict Settings and Control Data with selective wipe and attachment restrictions
  • Security Posture Assessment: Encryption, Password protection, Operating System patch level, Anti-malware protection Patch management clients, Potentially unwanted applications (File sharing, toolbars, etc.), Endpoint detection & response (EDR) clients and more
  • Security Commands: Lock, Wipe, Locate, Install/Remove Applications, Get Patches, Run Anti-Virus Scans to automate the process of maintaining security
  • Endpoint Status Agent: Allow users to understand their security state with helpful information and self-directed action for the most common compliance issues.

Advanced Security Automation

IntelliGO provides the glue to connect devices securely to networks and ensure a safe experience for your users. To this end our integration with 3rd party security products allows for an optimized security posture without heavy configuration

  • Endpoint Security Software: Interfacing directly with all major Anti-Virus, Anti-Phishing, Encryption, Patch Managment and Data Loss Prevention software as well as others allows control of every devices endpoint security state as part of allowing network communication
  • Next Generation Firewalls: Providing accurate user information for every device, indicator of compromise detection from APT modules, SSL-Decryption and 2 Factor Authentication for VPN clients, NGFWs provide the greatest value in integration with IntelliGO from a security perspective
  • Network Infrastructure: Enable 802.1X and MAC Bypass for automated, encrypted access and allow dynamic configuration of VLAN, ACL and QoS settings by user or device to optimize network experience by class of device.
  • Security Information and Event Management: IntelliGO provides Threat Intelligence tools like SIEM with the needed endpoint changes to determine threats, risks, perform inventory and get detailed information required for forensice investigations and correlations to endpoint events for security

Bring Your Own Device Security

IntelliGO enables users on your network to have a choice in operating system and safely enable use on the corporate network without jeopradizing security. This is achieved by including the right features to secure, segemented networks without relying on third part software. These features include

  • In-Built Mobile Device Management: Providing On-boarding, secure certificate-based access and restrictions to the most popular operating systems.
  • Network Segmentation: Automatically classify devices using the same credentials and segment access as you chose based on security, device state, user group or other factors
  • Security Commands: IntelliGO can secure devices even if they are not on the corporate network allowing selective or complete Wipe, lock or passcode change, location and other services to retrieve devices if lost or stolen. Ensuring a lost device does not mean loss of data.
  • Self-Enrollment and Application Enablement: Allow users to bring a device, purchase applications on their behalf and offer a simple on-boarding experience with containerization to email and attachments.

Guest Networking

Visitors, Contractors expect connectivity when visiting corporate offices. As such a high-quality guest experience speaks to the maturity of your organization. With IntelliGO Network Access Control every aspect of the guest experience can be a high quality and highly branded experience. Our features include:

  • Guest Authentication and Restriction: Provide In-Built credential management to simply create credentials for guests in a variety of ways. Control access by limiting time, duration and many more network properties as part of the guest sesssions.
  • Sponsored Guest Access: Allow Sponsor staff to simply create or approve guests without requiring access to the IntelliGO console completeley.
  • Self-Sponsored Access: Allow guests to enroll themselves and either approve or simply be informed of their newly granted access. All access is pre-restricted so no IT involvement is required.
  • 2 Factor Approval: Allow users to leverage SMS or Email to receive credentials directly from IntelliGO without the need for a third party.

Vulnerability & Indicator of Compromise Discovery

Finding vulnerabilities and discovering any indicators of compromise should be applied to every network connected device. This is why IntelliGO Networks incorporates a market leading vulnerability scanner and agent-based discovery of indicators of compromise to find these issues and limit access before a spread. This is provided by the following features

  • Vulnerability Scanning: In-built vulnerability scanning engine including automatic updates to stay ahead of known vulnerabilities on the network
  • Indicator of Compromise Feed: Capture indicator of compromise information from Sandboxes or import your own from popular feeds such as Palo Alto Networks, FireEye and AleinVault
  • Indicator of Compromise Detection: Using our Windows-based indicator of compromise detection agent, find any artifacts which are potentially compromising an endpoint on the network and automatically contain it.
  • Policy-Based Enforcement: Ensure gaps in security are automatically contained by dynamically quarantining devices which are actively being compromised

Education

K-12 School Boards, Colleges and Universities require Network Access Control and Device Management at tremendous scale and ease of use to match their diverse device population. To this end IntelliGO provides better value for Educational institutions by providing:

  • Segmentation: Separate Students, Teachers and Guests on any operating system. Yes, including Chromebook
  • Provide Decryption and User-ID: Automatically provide user based rules to Firewall and URL filters for safe browsing to any site.
  • Contain Viruses: Stop an out-break of machines infected without impacting the other users on the network
  • Manage Devices: On-board through wizards, provide automatic configuration for email, passcode and other requirements and track devices if lost or stolen

Energy & Utilities

Utilities, Transportation and Manufacturing organizations are particularly sensitive to the SCADA networks that operate critical infrasture for municipalities all over the world. This little known technology is at high risk of exploit from code-bases that are dated and little in the way of security implemented directly in the protocol. To combat this, IntelliGO Networks can provide the following ehancements to the SCADA network security

  • Authorize Devices Ensure that only authorized computers can connect where sensitive machines do
  • Wireless Authentication & MDM For field work performed over mobile devices restrict access using strong encryption and manage devices for full lifecycle protection of data and credentials on mobile devices
  • Remote Access/MDM For field work performed over mobile devices restrict access using strong encryption and manage devices for full lifecycle protection of data and credentials on mobile devices

IntelliGO protects financial from the growing threat of internal risks. Misuse of corporate data on mobile devices and the growing need to produce authentication across any device at scale and keep up to date with access requirements is a challenge most NACs are not prepared for. IntelliGO can:

  • Port Control and Strong Authentication:We ensure devices are connected securly at scale, multi-vendor to ensure port control on even the largest most distributed networks
  • Network Discovery:Show auditors and forensic staff information about every asset fast by discovering every endpoint connected, wired, wireless and over VPN.
  • Compliance Validation:Ensure that all endponits are running optimal security software to maintain compliance with PCI DSS, FINRA, GLBA, SOX and other mandates

f

Government

Municipal, Pronvincial and Federal government agencies house very sensitive information such as PII and Confidential documents. There are many mandated policies and regulations such as FISMA, NERC, ISO/IEC 27001 and the GDPR that aim to protect this information. IntelliGO can play a big part in these security frameworks by:

  • Discovery Every Endpoint and Security Issues: Check the compliance and security state of every network connected endpoint quickly and assure segmentation for unauthorized or insecure assets.
  • Protect against stolen devices:With IntelliGO, advanced tracking of devices such as physical location and commands such as lock, wipe and removal of applications can secure devices even if they aren't connected to the network
  • Secure Content Authomation Protocol (SCAP):IntelliGO provides a SCAP/OVAL vulnerability scanner to find these vulnerabilities before they become exploits. Examine a range of protection tools such as Patches, Virus Definitions and scan hosts for the ability to compromise software centrally with IntelliGO.
  • Indicators of Compromise:Use information shared by other government defense agencies with the support of Open IOC 1.1 scanning on endpoints for security.


Health Care

Health care providers and agencices need to do more with less. With IntelliGO a unified approach to discovering any device including Internet of Things (IoT) and medical devices as well as authenticating them provides a hardened network for staff. IntelliGO helps health care providers and agencies by:

  • Authenticate any Device:Provide strong authentication using 802.1X or Agentless control of any IP connected device.
  • Automate Compliance Checks:Provide a series of host checks without impacting the users connectivity or performance on any device including Windows and OSX
  • ComplianceSupport compliance mandates such as HIPAA, HITECH, OSHA and other regulatory bodies

The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms and Business Professionals provides practical cyber threat information, guidance, and strategies to lawyers and law firms of all sizes. The guide considers the interrelationship between lawyer and client, establishing what legal responsibilities and professional obligations are owed to the client in the event of a cyber attack. The book provides strategies to help law firms defend against the cyber threat, and also offers information on how to best to respond if breached. Many aspects of the ABA's advice on CyberSecurity fall directly into auditing the security and access to information and IntelliGO provides necessary tools by:

  • Auditing Endpoints:Check for file access, modifications, compliance and user authentication on all IT assets.
  • Network Access and Non-Repudiation:Providing assurance that only authorized users can access information is difficult without a tool that audits every network connection and relates it to the endpoint. Tie access to information all the way back to the device and user without the a gray area as to the true origin
  • Protect Data on Mobile:Ensuring every device that is connected is managed by IntelliGO provides a mechanism to track and alter access based on location or remove data if devices are lost or stolen
  • Centrally Log Device/Activity Details:By providing information directly from endpoints in a central repository about access bot on-device and network IntelliGO provides a streamlined look at user behavior on assets without alteration of the user experience

Retail

Retailers are concerned about Data Breaches and core to this problem is providing access across different domains. IntelliGO is a better way to secure POS systems, ATMs, kiosks and other endpoints while keeping pace with regulations and network standards. IntelliGO helps retailers address PCI DSS 3.2 compliance and provide and increase confidence for customers and shareholders by:

  • Device and Network Monitoring: Scan and discover hosts in seconds which are connected to the network and ensure that any unauthorized devices or changes of state are tracked and response is automated
  • Strong Access Control: Ensure POS, Scan Guns, Mobile Devices, Computers, Servers and all systems can authenticate for high grade security that cannot be compromised.
  • Scanning for PCI-DSS 3.2: Discover issues with the PCI-DSS 3.2 standard address Authentication, Auditing and Compliance related tasks with a single appliance.