Safe Access gives you unprecedented flexibility in assigning classes of users/devices to network access control options.
Mouse over each of the boxes to learn more on how to organize your access approach.
Business Continuity Devices
These devices don't need to be tested or managed by Safe Access. Whitelisting them ensures that when they come on the network Safe Access will not attempt to test or control their access.
Execs, VIPS
If you enjoy staying employed, there are certain users you don't ever want to deny network access: senior executives, VIPs, high-ranking officers in military deployments, and your help desk and IT staff. In many instances you may want to apply the Whitelist with Testing option to these users. This option guarantees them access, but the testing component lets you keep tabs on the health of their machines and intervene should harmful conditions be discovered.
Domain members
Odds are most users on your corporate domain are using trusted machines that you manage closely, so you can give them the benefit of the doubt by granting them network access and then testing them after the fact. With Safe Access' Innocent Until Proven Guilty option, access is initially granted but can be automatically terminated should a device fail testing.
Road warriors, tele-commuters
It's anyone's guess what the sales guys do with their laptops on the road. While these machines might be managed in a technical sense, there's a greater chance of compromise simply as a result of their transient nature. The Guilty Until Proven Innocent option is ideal for these machines, whereby access is denied until testing determines they will not harm or introduce malware to the network.
Contractors, visitors, guests
You have no idea where these devices have been, so a strict approach to granting access is the smart play. Even if they test compliant through the Guilty Until Proven Innocent option, you may want to allow access to network segments on a need-to-know basis.
Suspect device
Other security systems such as vulnerability scanners or IDS/IPS could alert you that a device is either in a vulnerable state or behaving dangerously. Safe Access gives you options to terminate access immediately (through Blacklisting or Administrator Quarantine) or provide a grace period during which repairs must be completed.
Whitelist
Used for devices that you'll never need to test—such as infrastructure devices, peripherals, game consoles. This option ensures that if these devices come on and off the network, Safe Access will not attempt to test or control their access.
Administrator allow access
Safe Access administrators may at anytime manually override a device's current access control status and immediately grant access.
Whitelist with testing
Used for devices for which you want to guarantee access to the network yet need to monitor and remediate should they fall out of compliance with your endpoint security policy.
Innocent until proven guilty
By default this option permits devices access and then tests them after they have connected to the network. Should they fail testing, a variety of enforcement options are available, from full quarantine, to grace-period access, to triggering alerts and notifications.
Guilty until proven innocent
With this option, devices must test compliant with the assigned access policy before network access is granted. Typically used for untrusted, unmanaged, or high-risk transient machines.
Blacklist with testing
These devices are prohibited from the network but are still tested to determine device health and compliance posture.
Administrator quarantine
Safe Access administrators may at anytime manually override a device's current access control status and immediately place it in quarantine.
Blacklist
Devices that are in no way allowed anywhere near the network, such as those belonging to disgruntled former employees.