iPass and Sygate Work to Ensure Mobile Workers Comply With Corporate Security Policies

Business Wire, Sept 20, 2004

REDWOOD SHORES, Calif. & FREMONT, Calif. -- iPass Policy Orchestration of Sygate Secure Enterprise Reduces Costs and Simplifies the Management of Secure Remote and Mobile Connections

As part of their commitment to change the way enterprises secure corporate endpoints, networks and data, iPass Inc. (Nasdaq:IPAS) and Sygate Technologies today announced an agreement to further integrate Sygate Secure Enterprise (SSE) with the iPass connectivity service platform. With this deep technical integration, iPass and Sygate will significantly extend their ability to ensure customers are in Continuous Compliance with corporate security policies, and protect the integrity of remote and mobile endpoint devices at the time they are most vulnerable -- during the establishment of an Internet connection.

For the last year and half, integration of SSE included the ability to auto-launch and enforce the use of SSE during an Internet connection. Moving forward, both companies will engineer a far greater integration into the recently announced iPass Policy Orchestration capabilities that will significantly improve the ability to secure corporate networks and the endpoint devices that access them.

Policy Orchestration of Sygate Secure Enterprise will enable customers to:

--Determine the compliance state of the endpoint prior to iPassConnect launching the VPN.

--Enable endpoints to self-quarantine during the policy enforcement process.

--Self-update during the connection process.

--Un-quarantine the device once SSE determines the endpoint is in compliance with connection policies.

"Increasingly, end point security is becoming the most critical piece of securing a network, further complicating the already difficult to manage network security process," said Matthew Kovar, Vice President of Security Solutions & Services with the Yankee Group. "Companies should settle for nothing less than deeply integrated security solutions, like iPass and Sygate are offering, where the technologies are in constant communication before, during, and after the connection, simplifying the management process of securing remote and mobile connections."

"Enterprise customers are telling us that one of their biggest headaches is ensuring that the notebook computers logging into the corporate network are in a trusted state," said Bill Scull, senior vice president of marketing, Sygate. "With integration of Sygate's Continuous Compliance solution, iPass customers are better assured that endpoints establishing an Internet connection to the corporate network through iPass Corporate Access service are in a trusted, compliant state."

iPass Policy Orchestration

iPass Policy Orchestration is a layer of software intelligence built into the iPass connectivity platform that will permit iPass services to control and enforce the use of enterprise policy-based security systems, such as virtual private networks (VPNs), personal firewalls, anti-virus software, assessment and remediation, patch management and network compliance capabilities. iPass has designed its policy orchestration capabilities to enable easy-to-manage, comprehensive and coordinated protection of critical business assets over remote and mobile Internet and corporate connections.

Sygate and iPass have designed three main points of integration between iPass Policy Orchestration and Sygate Secure Enterprise:

A[micro]   Endpoint Self Quarantine

A[micro]   Because an endpoint device is most vulnerable at the moment of
    Internet connection, self-quarantine is a key component of
    endpoint security. When a user connects from outside of the
    network, the IT department must rely on a personal firewall to
    protect the user's device while still granting enough access for
    the device to be checked and then brought into compliance. This
    delicate balance, achieved with Policy Orchestration integration
    between iPassConnect and the Sygate Security Agent, significantly
    minimizes the risk of endpoint infection.

A[micro]   Pre-Connection Assessment

A[micro]   Prior to establishing an Internet connection, iPassConnect asks
    the Sygate Security Agent to check the endpoint device to see if
    it is in compliance with policies set by the corporate IT
    department. Devices that are out of compliance will not be
    permitted to connect to the network, or may only get restricted
    network access. Assessment of the endpoint can include checks of
    the firewall settings, anti-virus settings, installed patches and
    software versions, among other systems.

A[micro]   Connection Policy Update

A[micro]   When iPassConnect has established a VPN connection, the Sygate
    Security Agent obtains the latest security policies from the
    Sygate Management Server. iPassConnect can limit access to only
    the Sygate Management Server or the remediation servers inside the
    corporate network for additional protection. Once the endpoint is
    brought into compliance with connection policies, iPassConnect
    will lift the self-quarantine imposed by the firewall.