Ignition Posture: Endpoint security for the real world

Ignition Posture provides endpoint posture checking that works in the real world. Most posture checking products today are inflexible, add-on layers that are expensive to support and frustrating for network users. In contrast, Ignition Posture's policy flexibility and integration with the Ignition Server ensure that it is easier to support and less frustrating for users.

Ignition Posture works in the real world because posture checking policies are written using the flexible policy framework of the Ignition Server. This means:

Your network team can roll out Ignition Posture in a phased fashion, thanks to per-user or per-group policies.
Guest policies enable your network to handle guest access gracefully. Options range from granting guests automatic access to a guest network to requiring guests to download a posture checking agent before connecting.
Non-compliant users and users who lack the posture checking client are also handled in a graceful fashion, minimizing calls to your helpdesk. Automatic remediation allows most non-compliant users to fix their issues and connect, and quarantining features allow you to give non-compliant users the degree of access they need in order to address their issues or continue working.
Supporting and expanding your posture checking coverage is less burdensome than with competing systems, thanks to Ignition's famous, standards-based ease of integration with your user stores and network equipment.

Features

Enforcement

Frequently Asked Questions

Flexible

Administrators can set policy to check a wide set of information and apply precise policy controls per user. Posture-checking rules are set as part of your broader access policies in the Ignition Server.

Cost-effective

The Ignition Posture client is a low-cost plug-in to the open source XSupplicant networking client.

Easy to deploy

On the client side, XSupplicant with Ignition Posture is easy to deploy thanks to its installer executable. To facilitate large deployments, Identity Engines offers the optional AutoConnect tool that automatically installs and configures XSupplicant with Ignition Posture.

Interoperable

Identity Engines has licensed posture profiles from the leading endpoint security assessment vendor, which allows Ignition Posture to check the state of nearly every widely available firewall, anti-virus, anti-spyware, and anti-phishing package.

Up to date

On a schedule you configure, Ignition Server downloads the latest posture profiles, allowing it to check that the most recent editions of anti-malware software and anti-malware profiles are being used on clients.

Self-service

A remediation window allows the user to see why his computer failed and can be set to allow the supplicant to fix some security issues automatically.

Standards-based

Based on the IEEE 802.1X standard, Ignition Posture works with all current networking equipment. Ignition Posture implements aspects of the Trusted Network Connect (TNC) architecture from the Trusted Computing Group (TCG).

What components do I need?
Ignition Posture consists of the Ignition Server and a proprietary, Ignition Posture-enabled version of the Open1X XSupplicant (the "supplicant"). The supplicant is installed on each device that will be posture checked before it connects to the network. 802.1X-capable switch gear is required.

What is the per-seat cost?
With its client based on the open source XSupplicant, Ignition Posture costs less than competing products. Contact your Identity Engines representative for pricing.

How does Ignition Posture fit in with the other capabilities of Ignition?
Posture checking adds a third layer to Ignition’s access policies. The traditional two layers—authentication and authorization—evaluate the user, with the authentication policy specifying how the user must prove his or her identity and the authorization policy specifying what network the user can connect to. Posture checking policy adds the ability to inspect the user’s computer itself. It lets you set a requirement that checks if the client computer has up-to-date anti-virus and other security software installed before you allow it to connect.

How is Ignition Posture better than other posture checking tools?
First, most posture checking tools are specialized client applications that are difficult to configure and manage. Ignition Posture is easy to deploy, and automatic remediation and quarantining capabilities reduce the number of calls to your helpdesk.

Second, most posture checking tools are an add-on layer that cannot interact with your authentication and authorization rules. Ignition Posture, in contrast, runs according to your Ignition policy, meaning that you specify authentication requirements, authorization requirements, and posture checking requirements in a comprehensive, consistent policy framework.

Third, most posture checking tools offer little flexibility to accommodate guests and other users who lack the posture checking client. In contrast, Ignition Posture presents a range of options when a client fails a posture check or is unable to perform a posture check. The administrator can grant limited, Internet-only access, access to a particular remediation VLAN only, or deny access altogether.