The managed state of an organization's individual endpoints may play a critical role in the overall security and availability of its IT infrastructure and related business operations. A new wave of sophisticated crimeware not only targets specific companies, but it also targets desktops and laptops as backdoor entryways into those enterprises' business operations and valuable resources. To safeguard themselves against these targeted threats, organizations may attempt to ensure that each endpoint continually complies with corporate security and configuration management policies. Failure to guarantee endpoint policy compliance may leave organizations vulnerable to a wide array of threats, including the proliferation of malicious code throughout the enterprise, disruption of business-critical servers, increased IT recovery and management costs, exposure of confidential information, damage to corporate brand, and regulatory fines due to non-compliance.
Network access control may enable organizations to ensure the proper configuration and security state of user endpoints—including those of onsite employees, remote employees, guests, contractors, and temporary workers—before they are allowed to access resources on the corporate network. Some network access control solutions may discover and evaluate endpoint compliance status, provision the appropriate network access, and provide remediation capabilities to ensure that endpoint security policies and standards are met.
Common remediation tasks may include installing security software, installing updates, and changing security settings on an endpoint computer. When the computer belongs to the organization that owns the data network, performing remediation on the computer typically does not give rise to ownership and/or legal issues. However, when the computer is the property of someone else (e.g., a business partner or customer), installing, updating, or modifying software may conflict with the foreign computer owner's own security policies and may expose the organization making the changes to legal liability. Thus, traditional remediation technologies may not be ideal for remediation of foreign devices (and other devices) attempting to connect to a network.