Sentry: Tivoli Compliance and Remediation Solution - overview
Project Overview
Broadband access to the Internet has encouraged increasing use of mobile endpoint devices that form Internet connections with no intervening enterprise-level firewalls and security policies to mediate access. Such access endangers endpoints that are non-compliant with enterprise IT security policies and that have poor protection against malware. Given these and other security vulnerabilities, at-risk computing devices can pose a potential threat to critical enterprise assets when the devices reconnect to enterprise networks. The IBM Integrated Security Solution for Cisco Networks (IISSCN) (internally known as ``Sentry'') is an innovative end-to-end integrated solution for IT security-policy compliance and automated remediation. This product offering is the first infrastructure solution delivered for IBM's On Demand Enhancing Business Resilience and Security initiative. The solution comprises Cisco and Tivoli products, together with key technologies and code developed by Research for the client and server side remediation subsystem. Sentry is a key part of the IBM-Cisco strategic alliance for business security.
In the Sentry solution, a computing device connecting to a enterprise network is challenged for its compliance posture (e.g. patch level, firewalls, and password and antivirus settings). If the endpoint is found to be non-compliant, it is placed on a limited access quarantine network, where it has access to a remediation server. This server updates the endpoint with new software and configurations. The device is rescanned and admitted to the enterprise network.
A second-generation Sentry solution (from Yamato Software Laboratory), leveraging the Tivoli Configuration Manager for remediation, is targeted at the large installed base of legacy customers. Research led the design of this solution's architecture and client-driven remediation for enhanced scalability.