Symantec On Demand enables enterprises to secure Web applications by ensuring the integrity of endpoints and protecting the data that is transmitted to them. The Symantec On-Demand Agent is downloaded from the Web application or SSL VPN box at connection time to the endpoint, eliminating the need to have pre-installed client software to secure data on third-party owned systems. The connection is only allowed if the endpoint is fully compliant with security policy and the appropriate On-Demand data protection components are in place. Symantec On-Demand works seamlessly to protect endpoints connecting to Webmail, SSL VPN, Portals, Financial /Healthcare/HR applications, and ERP systems.

Benefits

Protects Patient, Customer and Employee Privacy

• Customer information - Protects the confidentiality of customer records and financial information. (California SB 1386)
• Medical diagnosis or claim processing - Ensures compliance with HIPAA and other regulations that protect patients’ medical records privacy rights.

Protects Sensitive Business Information

• Financial Systems - Protects the confidentiality of remotely accessed financial information (GLBA, Sarbanes-Oxley).
• Web E-mail - Prevents theft of email passwords and information leakage through attachments being left on kiosks or Internet café computers.

Prevents Business Disruption

• SSL VPN - Protects the enterprise network from compromised endpoints.
• Business portals - Ensures that business partner computers are secure prior to accessing corporate networks, and thus do not compromise the security of the company’s network.

How It Works

Symantec On-Demand Manager creates a Web page containing the Symantec On-Demand Agent download. The Symantec On-Demand Agent download Web page is then placed on the Web server and configured to be the default page of the Web application, such as mail.company.com. When a user connects to this Web page located on an SSL VPN, Web mail server, or PortalWeb server, the Symantec On-Demand Agent (SOA) is downloaded and launched on the endpoint. Once launched, SOA verifies the integrity of the endpoint including antivirus software, personal firewall, service pack, and patch/hotfix policies. After completing the Host Integrity verification process, SOA creates a Virtual Desktop environment.

From within that virtual environment, SOA launches the login process to the Web application through a Web browser in the Virtual Desktop. The SOA user can then access corporate resources such as e-mail or corporate servers. When the session to the Web application is complete or times out after a configurable interval, SOA can either automatically erase all data from the session or create an encrypted and password-protected virtual desktop environment that remains on the computer.

Features

Host Integrity

Host Integrity ensures that devices accessing confidential data are secured by antivirus software with updated virus definitions, a personal firewall, critical service packs, and patches.

Virtual Desktop

The Virtual Desktop creates secure encrypted environment on the endpoint that enables users to download confidential data into a virtual environment where it can be opened by local applications, modified, and uploaded back to the Web application, or copied to a floppy disk, USB hard drive, or other removable media. When the session is terminated or times out, the virtual desktop will sanitize the system, removing all data generated during the session.

Cache Cleaner

Symantec Cache Cleaner ensures that Web browser information, such as cookies, history, auto-complete, stored passwords, and temporary and downloaded files, are erased or removed upon termination of the session, inactivity timeout, or closing of the browser. Cache Cleaner can either work in conjunction with Symantec On-Demand Agent to clean the browser cache on additional operating systems such as Mac OSX, Linux, and Windows (98,ME), or as a standalone module.

Adaptive Policies

Symantec On-Demand Agent has the ability to adapt security policies based on identification of the specific network locations and the type of network device (corporate-owned vs. third-party-owned) to ensure that all confidential data is protected without affecting the productivity of the user. Adaptive Policies ensure that users accessing the corporate site have the appropriate level of security according to the type of device they are using to connect, and the network location.