Ivanti Policy Secure (IPS)
Available on backorder
Ivanti Policy Secure is a next-gen NAC solution that delivers Zero Trust access control, complete endpoint visibility, and automated policy enforcement for wired, wireless, and VPN networks, integrating with multi-vendor infrastructure and security ecosystems.
Compare
Ivanti Policy Secure (IPS), formerly Pulse Policy Secure, is a next-generation Network Access Control (NAC) solution that provides complete visibility and Zero Trust access control for all local and remote endpoints, including managed devices, BYOD, IoT, and OT devices. Built on a foundation of Juniper Networks’ network infrastructure expertise, it enforces role-based access and endpoint security policies across wired, wireless, and VPN networks. Ivanti Policy Secure leverages an AAA (authentication, authorization, accounting) framework to bind user identities to devices and networks, ensuring only authorized and compliant users/devices access resources. Key features include automated device profiling, endpoint posture assessment (pre- and post-connection), automated guest access, and integration with third-party security solutions (e.g., Palo Alto Networks, Splunk) for threat response. It supports up to 50,000 concurrent users and is designed for small to large enterprises, offering seamless roaming from VPN to on-premises and compliance with standards like GDPR, HIPAA, and PCI-DSS.
- Architecture:
- Components:
- Policy Secure Server: Core platform for authentication, profiling, policy enforcement, and monitoring; deployed as hardware (ISA series) or virtual appliances.
- Secure Access Client: Unified client for endpoint authentication, compliance checks, and VPN access (supports Windows, macOS, iOS, Android).
- Profiler: Standalone module for automated device discovery, classification, and monitoring.
- Enterprise Manager: Optional for centralized management of multiple appliances in large deployments.
- Deployment Options: Hardware appliances (ISA-6000, ISA-8000), virtual appliances (VMware, Hyper-V, AWS, Azure), or cloud-hosted (AWS Marketplace, BYOL 2/3 NIC).
- Scalability: Supports up to 50,000 concurrent users; appliances can be clustered for high availability and load balancing.
- Operation Mode: Out-of-band, integrating with existing network infrastructure; supports inline enforcement for specific use cases.
- Components:
- Authentication:
- Protocols: 802.1X, MAB, Captive Portal, SAML 2.0 for SSO, RADIUS, TACACS+.
- Methods: Certificate-based, username/password, multi-factor authentication (MFA).
- Integrations: Active Directory, LDAP, Azure AD, Okta, Pulse MDM, third-party EMM (e.g., MobileIron, Intune).
- Agentless/Agent-Based: Agentless via web browser (Layer 3 controls); Secure Access Client or ESAP for agent-based authentication and posture checks.
- Profiling:
- Methods: DHCP fingerprinting, MAC OUI, HTTP/HTTPS analysis, SNMP, and network telemetry; Profiler module for rogue device detection.
- Capabilities: Identifies device type, OS, vendor, and security state; supports managed, unmanaged, and IoT devices.
- User Behavior Analytics (UEBA): Detects IoT rogue devices, DGA attacks, and MAC spoofing.
- Policy Enforcement:
- Mechanisms: VLAN assignment, ACLs, role-based access control (RBAC), network segmentation, QoS parameters.
- Policies: Granular, based on user identity, group roles, device compliance, and session context.
- Wizard Editor: Simplifies policy creation with adaptive authentication and RBAC.
- Posture Assessment:
- Checks: Antivirus status, OS patches, firewall settings, and compliance with corporate policies.
- Methods: Endpoint Security Assessment Plug-in (ESAP) for agent-based checks; agentless via web browser.
- Actions: Quarantine, remediate, or restrict non-compliant devices.
- Guest Access:
- Features: Automated, sponsored, and time-based guest access with self-registration portals.
- Automation: Simplifies guest onboarding with sponsor-based authorization.
- Threat Containment:
- Actions: Quarantine, VLAN reassignment, session termination, or integration with NGFWs for blocking.
- Automation: Responds to malware, rogue devices, or unauthorized access based on UEBA or third-party alerts.
- Integrations: Bidirectional with NGFWs (Palo Alto, Fortinet, Juniper), SIEMs (Splunk, IBM QRadar), and XDR.
- Integrations:
- Ecosystem: Microsoft Intune, MobileIron, Palo Alto Networks, Fortinet, Juniper, Splunk, IBM QRadar, and others.
- Network Devices: Vendor-agnostic, supports Cisco, Aruba, Juniper, and other switches, APs, and routers.
- APIs: REST APIs and syslog for custom integrations.
- Visibility:
- Dashboards: Real-time monitoring of endpoints, compliance status, and network activity.
- Reports: Customizable for authentication, profiling, guest access, and compliance audits.
- Profiler: Builds database of unmanaged devices (e.g., printers, VoIP phones) for consistent security.
Related products
-
Software
Ivanti Neurons for Patch Management
Ivanti Neurons for Patch Management is a cloud-native platform that delivers actionable threat intelligence and device risk visibility, enabling prioritized vulnerability remediation for Windows, macOS, Linux, and third-party applications.
SKU: Ivanti Neurons for Patch Management -
NAC, Software
Forescout’s Network Access Control (NAC)
The Forescout Platform is an agentless NAC solution that provides real-time visibility, Zero Trust access control, and automated threat response for all network-connected devices, seamlessly integrating with multi-vendor environments to enhance security and compliance.
SKU: forescout-platform -
Endpoint Management, Software
Ivanti Endpoint Manager
Ivanti Endpoint Manager is a unified client management solution for discovering, managing, and securing Windows, macOS, and Linux endpoints, offering real-time visibility, automated software deployment, patch management, and compliance enforcement.
SKU: ivanti-endpoint-manager -
-
Hardware, Network Switch
Juniper EX Series Switches
- EX2300 Ethernet Switch: Compact switch with 24/48 Gigabit ports, 10GbE uplinks, and PoE+ (370W). Virtual Chassis and Mist AI make it ideal for small branch or retail networks.
- EX3400 Ethernet Switch: High-performance switch with 24/48 Gigabit ports, 10/40GbE uplinks, and PoE+ (740W). Virtual Chassis and Mist AI suit branch/campus access.
- EX4100 Ethernet Switch: Cloud-native switch with 24/48 Gigabit ports, PoE++ (1,620W), and 10/25/100GbE uplinks. Mist AI and WiFi 6-ready for enterprise networks.
- EX4100-F Ethernet Switch: Fanless switch with 12/24/48 Gigabit ports, PoE++ (1,440W), and 10/100GbE uplinks. Mist AI-powered for quiet, small-scale WiFi 6 networks.
- EX4300 Ethernet Switch: Fixed switch with 24/48 Gigabit ports and 10/40GbE uplinks. Virtual Chassis and Layer 2/3 features for medium-scale campus/data center access.
- EX4400 Ethernet Switch: AI-driven switch with 24/48 Gigabit ports, PoE++ (1,800W), and 10/25/100GbE uplinks. WiFi 6-ready with Mist AI for campus/branch networks.
- EX4650 Ethernet Switch: High-density switch with 48x 10/25GbE and 8x 40/100GbE ports, 4 Tbps capacity. EVPN-VXLAN for data center core/aggregation.
SKU: EX series
