| 摘要 |
An endpoint defense system uses endpoint health indicators and user identity information to provide fine-grain access control over network resources. For example, the endpoint defense system may include a controller, a set of protection devices, and a set of agents. The agents are software applications installed on a set of endpoints to gather the health information that represents security states of the endpoint devices. The agents send updated health information to the controller. In response to a login attempt, the controller processes the health indicators and identity information through a set of administrator-defined policies to generate a set of access rights. The controller transfers the set of access rights to the protection devices. The protection devices then control user access to network resources according to the set of access rights. The controller sends updated sets of access rights to the protection devices whenever the access rights change.
|
