DATA SHEET
NETWORK MANAGEMENT
3COM INTELLIGENT
MANAGEMENT CENTER (IMC)
ENDPOINT ADMISSION
DEFENSE (EAD)
OVERVIEW
®
Based on the 3Com Intelligent Management Center
(IMC) platform, Endpoint Admission Defense (EAD)
minimizes network vulnerabilities by integrating
security policy management and endpoint posture
assessment to identify and isolate risks at the
network edge.
The IMC EAD security policy component enables
administrators to control endpoint admission based on
identity and the posture of the endpoint. If the endpoint
is not compliant with required software packages and
updates, network assets can be protected by blocking
or isolating endpoints’ access. Additionally, non-
intrusive actions such as endpoint monitoring and
notification can be enabled.
EAD reduces the risk of malicious code infecting your
network or other security breaches by detecting
endpoint patches, viruses, Address Resolution
Protocol (ARP) attacks, abnormal traffic, installation
and running of sensitive software, as well as the status
of system services. To ensure continued security, EAD
provides continual monitoring of each endpoint’s
traffic, installed software, running processes
and registry changes.
KEY BENEFITS
INTEGRATED SOLUTION
Most Network Access Control (NAC) solutions involve
multiple separate functions that all need to work
together, but which are deployed, configured, managed
and audited separately. The IMC management platform
consolidates these functions in a single environment to
avoid the complex configuration issues associated with
a fragmented solution. EAD integrates security
evaluation, security threat location, security event
awareness and execution of protective measures into
a centrally managed and monitored platform that
reduces implementation costs and complexity while
increasing overall network security.
REDUCE THE RISK OF INFECTED DEVICES ON
THE NETWORK
An important function associated with NAC is
minimizing the risk of malware-infected PCs, laptops
and other devices connecting to and compromising your
network. The IMC EAD component works in
conjunction with the User Access Manager (UAM)
component to apply the appropriate security posture
policy to each user or device on the network.
2 3COM INTELLIGENT MANAGEMENT CENTER (IMC) ENDPOINT ADMISSION DEFENSE (EAD)

KEY BENEFITS (continued) ENFORCE POSTURE COMPLIANCE

EAD, in cooperation with the iNode desktop client,
AUTOMATICALLY BLOCK DEVICES SENDING
SUSPICIOUS TRAFFIC collects endpoint posture information to determine if an
endpoint is compliant with set policies. Status checks
Ensuring that devices connecting to your network are
include the O/S, O/S Patches, registry settings,
configured to meet predefined security policies is only
applications, processes and services that are installed
one method of keeping infected devices from interfacing
and/or running on a particular device. In addition to
with your network. Even a well configured and protected
basic security requirements, administrators can build
PC or laptop could be infected with a new or
these custom requirements into their EAD policies to
undiscovered vulnerability that locally running security
ensure that only devices that comply with the
applications cannot detect.
organization’s desktop policies can connect or stay
To ensure devices that have been compromised in this connected to the network.
way cause the minimum damage or disruption, IMC has
an integrated Attack Control Center (ACC) component PROTECT SENSITIVE DATA
that can be configured to receive security events from EAD regulates network access based on user identity,
intrusion prevention systems (IPSs) and other posture, location and time of day to prevent
security-aware devices in the network, and act on unauthorized access to network assets and resources.
those events to isolate or block the endpoint to protect With the iNode desktop client, key data theft protection
network assets. features can be enabled, such as controlling USB and
CD drive access.
LEVERAGE EXISTING USER DIRECTORIES
As well as its own internal database for standalone
deployments, UAM also has the ability to integrate with
existing IT directory services. Via a standard
Lightweight Directory Access Protocol (LDAP) v2/3
interface, UAM can either synchronize with an external
directory, or completely offload the user and device
ID/password authentication process. This eliminates
duplicated effort as well as accuracy and delay issues
associated with maintaining multiple instances of the
same information.
3 3COM INTELLIGENT MANAGEMENT CENTER (IMC) ENDPOINT ADMISSION DEFENSE (EAD)

KEY BENEFITS (continued) FLEXIBLE AND HIGHLY SCALABLE DEPLOYMENT

IMC delivers an extensive set of capabilities for
USER-BASED TRAFFIC ANALYSIS
managing, monitoring and controlling large
IMC unlocks the power of data being monitored by
heterogeneous networks. This self-contained solution
network infrastructure devices, including NetStream
provides scalability and high availability through a
and sFlow data, to enable greater visibility and control of
flexible, distributed deployment model. With its modular
network usage. Interaction with the integrated UAM
design, IMC can be deployed across multiple servers to
component enables traffic flows to be linked with users
provide maximum scalability and resilience as the
rather than just IP addresses for comprehensive
number of infrastructure devices and associated
auditing of network usage. For current and historical
networked users and devices grows.
auditing purposes, this facilitates associating a specific
user with particular activity on the network.
4 3COM INTELLIGENT MANAGEMENT CENTER (IMC) ENDPOINT ADMISSION DEFENSE (EAD)

SPECIFICATIONS
Workstation
Pentium 4, 3.0Ghz processor, 4096Mb of RAM , 100Gb hard
disk space,
Operating system
Windows XP Service Pack 3
Windows Server 2003 Service Pack 2
Windows Server 2003 Service Pack 2 (64 bit)
Windows Server 2003 R2 Service Pack 2
Windows Server 20-03 R2 Service Pack 2 (64 bit)
Windows Server 2008
Windows Server 2008 (64 bit)
Databases
Microsoft SQL Server 2005 Service Pack 2
Microsoft SQL Server 2008
Microsoft SQL Server 2008 (64 bit)

Note: EAD as an add-on service module requires that a version

of IMC platform be previously installed.
Hardware requirements of IMC differ according to the compo-
nents installed and the number of devices managed.
Please refer to the IMC Installation Guide for full details.

ORDERING INFORMATION
PRODUCT DESCRIPTION 3COM SKU
3Com IMC EAD Module License (200 users) 3130A0DD
IMC EAD License (additional 200 users) 3130A0DE
IMC EAD License (additional 500 users) 3130A0DF
IMC EAD License (additional 1,000 users) 3130A0DG
IMC EAD License (additional 5,000 users) 3130A0DH

Visit www.3com.com for more information about 3Com solutions.

3Com Corporation, Corporate Headquarters, 350 Campus Drive, Marlborough, MA 01752-3064

3Com is publicly traded on NASDAQ under the symbol COMS.
Copyright © 2009 3Com and the 3Com logo are registered trademarks in various countries worldwide of 3Com Corporation. All other company and product names
may be trademarks of their respective companies. While every effort is made to ensure the information given is accurate, 3Com does not accept liability for any errors or
mistakes which may arise. All specifications are subject to change without notice. 401225-002 12/09