CyberGatekeeper Remote FAQ

CyberGatekeeper Remote FAQ

General

Q: What is CyberGatekeeper Remote?
A: CyberGatekeeper Remote is a network access control appliance for remote access. It remote access endpoints before allowing access to the network. CyberGatekeeper's extensive tests ensure existing endpoint security solutions such as anti-virus software, personal firewalls, operating system patches, and other software are properly configured and up to date. Guests can be validated, and rogues are isolated from the network. Unsafe systems are quarantined until remediated.

Q: What are the benefits of CyberGatekeeper Remote?
A: CyberGatekeeper Remote helps an organization in a number of ways:

  • Prevents worms, Trojans and viruses from infecting the network.
  • Secures remote access points, and all types of users including employees and guests.
  • Works with existing network infrastructure to eliminate costly upgrades, and allows the organization to implement needed security today.
  • Scales easily with central management, reporting, and policy distribution.
  • Extensive and flexible remediation options let administrators control how much user involvement is required and bring systems quickly into compliance.

Q. What are the key functions of CyberGatekeeper?
A: Allow access only for endopints meeting key requirements, before and after admission to the network. These requirements are any combination of the following: Authenticate, Assess (scan and monitoring), Quarantine (isolate), and Remediate (resolve and update).

Q. What is the CyberGatekeeper relationship in regard to other endpoint solutions?
A: CyberGatekeeper collaborates and integrates with all existing endpoint security such as anti-virus, personal firewalls, patch management, spyware, and intrusion detection/prevention systems, by knowing when one of these solutions needs updating. As soon as an endpoint is deemed non-compliant, that system is immediately quarantined and blocked from further network access, and network administrators are alerted. No updates to existing software or network access control solutions are required for this integration to occur.

Technical: Network Architecture

Q: What are the main functional components of the CyberGatekeeper system?
A: There are three main components:

  • CyberGatekeeper Remote: Hardware appliance used to conduct audits of endpoint systems and control access.
  • Client: Agent or dissolvable agent that runs on the endpoints.
  • Policy Manager: Creates and deploys policies.

Q: How does the user desktop audit process work?
A: The agent is configured with specific conditions that tell it when to audit. For example, the agent can be configured to audit when it is on the corporate LAN.

When the agent detects that it should initiate an audit session, it contacts the CyberGatekeeper address. CyberGatekeeper then sends the agent a "grocery list" of items to check on the endpoint system, based on required policies. This list can contain things such as running processes/modules, registry settings; files attributes and configuration file settings.

The agent collects the information on the list, and sends the results back to CyberGatekeeper to compare with the policy. CyberGatekeeper determines whether the endpoint system is in or out of compliance and manages access accordingly. CyberGatekeeper may display an optional message or send a remediation action to bring them into compliance.

Q. Does CyberGatekeeper Remote require other hardware/software products?
A: No, the CyberGatekeeper solution works with the existing network environment and all third-party software products. Moreover, a CyberGatekeeper Agent has the ability to audit and inspect core features of the endpoint PC. No specific 3rd party application integration is required.

Q: How does the CyberGatekeeper Remote appliance fit into my network?
A: The appliance sits inline between the VPN concentrator and the internal network. All traffic from VPN sessions is routed through the appliance, which is a layer 2 bridge.

Q: What network resources are required to provide end-user remediation?
A: A web server to host the remediation files is recommended. For example, if you provide a patch as part of an auto-remediation solution, that patch must be hosted on a web server that is accessible when the user has failed an audit.

Q: What are our options for redundancy or fault tolerance?
A: The CyberGatekeeper Server allows multiple appliances to be used in a failover scenario. If the "active" appliance becomes unavailable, the standby automatically becomes active and takes over tasks from the unavailable unit. This occurs in less than a minute and is generally seamless to the end user.

Q: What central management facilities are provided in CyberGatekeeper?
A: Policy Manager can develop, deploy and manage policies for any number of CyberGatekeeper Servers. Policies can be grouped together into export sets, which allow rapid deployment to multiple appliances in a single action. The appliances themselves are managed directly via telnet or SSH, but configuration changes at this level are rarely needed.

Q: Is CyberGatekeeper Remote secure?
A: All communication and traffic between the CyberGatekeeper Agent and Server is signed and encrypted to provide privacy and integrity. CyberGatekeeper Server is normally placed within the corporate network behind the firewall or VPN gateway. CyberGatekeeper Remote is hardened and resistant to attack.

Technical: User Desktop

Q: What endpoint platforms does the solution support?
A: There are three types of auditing methods for the client: 1) dissolvable client audit, 2) an agent on the network device, and 3) white list of the device ID for network devices that cannot run the agent. The installed agents run on Windows,  Mac OSX and Linux, iOS and Android.

Q: How much CPU does the audit process take?
A: When idle or during a session, the CyberGatekeeper agent takes up less than 2% of CPU time. When a new session is initiated, it uses more CPU, for a short period (about 1 second). It then drops to the nominal idle usage.

Q: Can the CyberGatekeeper log to a central location?
The CyberGatekeeper Server can be configured to use a standard syslog server in addition to its own internal logging mechanism.

Technical: Policy Management

Q. What is Policy Manager?
A: Policy Manager is a Windows based tool used to develop, deploy and manage policies that determine what to check for in endpoint devices and how to determine compliance. Policy Manager also builds custom agents that can be tailored to meet site specific requirements.

Q: How does the agent check if the PC is compliant with the policy?
A: There are a variety of tests available that may be defined in the policy definition with Policy Manager. The available tests include:

  • Check process or file – Used to check that a process is running or a file is present on the remote PC. Specific characteristics of the process or file such as date/time stamp, size, version and checksum may be analyzed.
  • Check registry key – Used to check for the absence, existence or value of a specific registry key.
  • Check operating system – Used to check for major and minor version of the operating system running on the remote PC. Includes checking for Service packs and updates.
  • Check computer name – Used to check the computer name setting in Windows.
  • Check ini File – Used to check the contents of a standard .ini file.
  • Check network – Used to check the TCP/IP settings of the computer.

Q: Does the agent check for the version of virus scanner .dat files and scan engines? What happens when you are in the process of updating your .dat files?
A: Yes, using the policy definition options described above, the virus scanner .dat files can be checked. Updating the .dat file will have no effect on the agent periodic checking process; however, if the update of the .dat file violates the policy definition, then network connectivity will be affected. For that reason it’s recommended to define a minimum required version in the policy instead of a specific version. Another option to enforce .dat files is to define the maximum number of days old that it is deemed safe.

Q: Can the solution distinguish between systems as to which should be checked and other systems which should not be checked? How?
A: Each policy consists of two criteria: conditions and requirements. The conditions indicate under what configurations the policy should be applicable. The requirements indicate what should be enforced for the applicable policy. It is possible for administrators to create different policies for different systems depending on the conditions present on that system. For example, a specific policy can be defined for Windows XP systems, and another one for a pilot pool of users.

Q: Is it possible to have more than one policy?
A: Yes. Policy definitions are managed by Policy Manager and downloaded to the CyberGatekeeper Server. An unlimited number of policies can be created with Policy Manager.

Q. How does CyberGatekeeper Remote remediate infected or non-compliant machines?
A: Each component of a policy can have a remediation action associated with it. If a user fails the audit because of this component, the remediation will automatically be performed. This typically consists of downloading an executable file (such as an installer or patch) on the endpoint system.

Consider this example: A user logs out and goes home at the end of the business day. During the night, a new policy is pushed out, which requires a patch that the user's system does not have. As a result, the endpoint will fail the audit and be placed on the quarantine network.

The configured remediation action will automatically start. In this case, the remediation action could be to download and install the patch that was required, but missing on the endpoint system. Once the patch has been installed, the system is re-audited. If it passes, it is then placed back on the corporate network. The next morning, when the user logs in, they have no idea that their system has been patched automatically during the night.