About End Point Control
The SMA appliance includes support for End Point Control, which you can use to protect sensitive data and
ensure that your network is not compromised when accessed from devices in untrusted environments. End
Point Control works by:
Verifying that the user’s environment is secure
Removing user data from a personal computer after a session
Controlling access to sensitive resources
Traditional VPN solutions typically provide access only from the relative safety of a corporate laptop. In that
environment, one of the biggest security concerns is unauthorized network access. An SSL VPN, on the other
hand, enables access from any Web-enabled system, including devices in untrusted environments. A kiosk at an
airport or hotel, or an employee-owned computer, increases the risk to your network resources.
End Point Control reduces your exposure from untrusted environments in three ways:
Verifying that the user’s environment is secure – Corporate IT departments configure computers under
their control with antimalware software, firewalls, and other safeguards designed to protect them from
malicious software (malware). In contrast, unmanaged computers can easily contain keystroke recorders,
viruses, Trojan horses, and other hazards that can compromise your network.
Secure Mobile Access lets you define zones of trust that provide different levels of access depending on
the level of trust at the user’s end point. Connection requests are compared against device profiles you
set up in AMC and then assigned to the appropriate zone.
- Removing user data from a PC after a session – It’s easy to inadvertently leave sensitive data on an
untrusted PC. For example, a user logged in to a public kiosk leaves a variety of data in the PC’s cache
after logging out, including passwords, browser cookies, and bookmarked URLs. Users may also
accidentally leave files or email attachments on the hard disk. Secure Mobile Access’s data protection
agents automatically remove session data from the PC.
- Controlling access to sensitive resources – You can reference End Point Control zones in access control
rules. For example, a connection originating from a less trusted EPC zone can be denied access to
Was This Article Helpful?
Help us to improve our support portal