Since first announcing its Trusted Network Connect (TNC) architecture, the Trusted Computing Group has worked steadily to improve the ability of network security and IT professionals to ensure that only healthy, known, and compliant devices can connect to a user’s enterprise network.  These standards allow users to select from a number of interoperable solutions and be assured that they will work together.  Participants across industry, through TCG and the IETF, have contributed to TCG specifications for network security.

However, initial TNC efforts focused on compliance testing only at the time of connection, and for the duration of a connected session, by the policy server that authorized the connection. Comply-to-connect solutions necessarily limit the amount of data that can be reasonably collected from an endpoint to make a compliance decision, and may only provide a one-time check on the health of devices. To date, there has been no standardized way to handle preventative compliance testing for existing devices on a network. As software flaws are discovered that enable attacks against endpoints that are already on your network, how can you know the current health of your network, and locate vulnerabilities before they are exploited?

In its latest work, TCG has published a standard for an Endpoint Compliance Profile (ECP) to address this problem.  This new specification will enable administrators to confirm that endpoints– including PCs, mobile devices, servers, and infrastructure devices– are uniquely identified, authorized to run on the network, and running software that is compliant with their organization’s policies. ECP enables continuous endpoint monitoring of endpoints already on the network, immediately reporting posture changes that cause the endpoint to fall out of compliance with policy.

How will this work? The ECP enables compliance information to be gathered by the TNC client, forwarded to a TNC server, and stored in a configuration management database, all while the endpoint is connected to the network. Because there is no latency while users wait for compliance reporting to complete before they can begin using their device, the ECP solution enables collection of robust endpoint health reports that provide detailed information about the software installed on the endpoint. Endpoints that need remediation are identified, so action can be taken to improve the endpoint’s security posture before an attacker can exploit the endpoint’s vulnerabilities.

The ECP collects endpoint health reports using a standardized, well-known schema. This allows the reports to be shared across the network by authorized asset management, threat defense, and attack detection tools, and prevents the silo-ing of information that often plagues endpoint compliance solutions. The Endpoint Compliance Profile also supports vetted, mature protocols, ensuring that communications between the endpoint and the compliance service are secure.

Knowing what is on your network, what applications those devices are running, and whether any of those devices are vulnerable are critical first steps to any network security solution. Using standards like the Endpoint Compliance Profile, these first steps provide a solid foundation to build comprehensive network security solutions.