• Overview
  • Features
  • How It Works
  • Features
  • How It Works
  • quickSCAN
  • Road To NAC

System Requirements

Server

Operating System: Windows® Server 2003

Database: Microsoft® SQL 2000

Monitor

  • Windows® XP
  • Windows® Server 2003

ENDFORCE Informant™

How It Works

ENDFORCE Informant is designed as an enterprise-scale, software-based system using client/server architecture with the following key system components:

  • Monitor: Distributed client components, called Monitors, look for ARP traffic in each enterprise broadcast domain
  • Server: The Windows-based ENDFORCE Informant server, called Correlator, provides correlation, administration, alerting, and reporting functionality

View Image

Innovative, Secure Architecture

The distributed software Monitors provide broad overlapping surveillance. The server-based correlation engine accepts information only from authorized Monitors. Since the Monitors passively sit within broadcast domains and review ARP traffic, rogue endpoints cannot block detection. The intelligent Correlator processes data from all authorized Monitors using time-based throttling to provide concise alerting without flooding.

Real-Time Alerting

Continuous stealth monitoring provides real-time alerting (MAC and IP address) via SMTP e-mail for administrators to take immediate action when an unauthorized rogue endpoint connects to the enterprise network. Integration with ENDFORCE Enterprise guarantees that known endpoints will not be falsely alerted.

Redundant and Scalable

ENDFORCE Informant provides multiple Monitors per broadcast domain with the ability to deploy multiple Correlators for large-scale deployment. Additionally, the solution has built-in redundancy for reliability and extra security.

Comprehensive Reporting

Predefined summary and detailed reporting are included for easy on-going administration. Also, multiple reports for rogue endpoints, exempt endpoints, and alert information are provided.

Central Administration

Using a central Web interface, administrators can exempt endpoints from alerting by MAC address or prefix; or by IP address, subnet, or range. Endpoints managed by ENDFORCE Enterprise are automatically exempted by ENDFORCE Informant. This feature simplifies overall administration.