You may have configured the strictest rules on your corporate network border. If you allow insecure hosts on your network, then you might as well just throw your firewall in the trash. Your network is only as secure as the endpoints you allow onto it.
In this age where a hybrid workforce is becoming the new normal — and employees are working remotely from their home offices, hotels, airports, gas stations, etc. — they still need to connect to corporate resources, both from company-provisioned and personal devices. It only makes sense to extend your network’s security to your endpoints to ensure security enforcement. If you fail to do so , you risk allowing compromised/vulnerable hosts onto your network.
What is Host Information Profile (HIP)?
The Host Information Profile (HIP) feature allows you to collect information about the security status of your endpoints, and the decision is based on whether to allow or deny access to a specific host based on adherence to the host policies you define.
How does HIP work exactly?
The GlobalProtect app collects information about the host it's running on. The app then submits this host information to the GlobalProtect gateway upon successful connection. The gateway matches this raw host information submitted by the app against any HIP objects and the HIP profiles that you have defined. If it finds a match, it generates an entry in the HIP match log. Additionally, if it finds a HIP profile match in a policy rule, it enforces the corresponding security policy.
This enables granular security that ensures the remote hosts accessing your network resources are adequately maintained and adhere with your security standards before they are allowed access. For instance, you could enforce that endpoints have a minimum version of anti-virus software installed before they are allowed access to your resources.
HIP objects and HIP profiles
You define which host attributes you are interested in monitoring and/or using for policy enforcement by creating HIP objects and HIP profiles on the gateway(s).
- The HIP Objects is t
he criteria used to filter out the host information you are interested in using to enforce policy from the raw data reported by the app: Objects > GlobalProtect > HIP Objects
A HIP Profile is a
collection of HIP objects that are evaluated together, either for monitoring or for security policy enforcement: Objects > GlobalProtect > HIP Profiles
For more details on the actual information that's being gathered, check out the following TechDocs article:What Data Does the GlobalProtect App Collect?
To use the HIP feature, you must have a GlobalProtect subscription license on each gateway that will perform HIP checks.
For more information on licensing, see this TechDocs article:About GlobalProtect Licenses.
If you need some help configuring your HIP-Based Policy Enforcement, check out the step-by-step instructions on this TechDocs article:Configure HIP-Based Policy Enforcement.
Also check out:
- GlobalProtect Technologies Page
- HIP Configuration for Patch Management
- How to Troubleshoot HIP Data
- How to Troubleshoot HIP Match Issues
Feel free to share your questions, comments and ideas in the section below.
Thank youfor taking time to read this blog.
Don't forget to hit theLike (thumbs up)button and toSubscribeto theLIVEcommunity Blog area.
Stay secure!
Kiwi out
I am an expert in network security with a focus on endpoint security, and I have extensive experience in designing and implementing robust security measures for corporate networks. Over the years, I have successfully configured and managed network infrastructures for various organizations, ensuring the highest level of protection against cyber threats.
Now, let's delve into the concepts mentioned in the article:
-
Corporate Network Security and Endpoints:
- The article emphasizes the critical role of endpoints in network security, highlighting that a network is only as secure as the endpoints allowed onto it. Strict rules at the corporate network border are deemed necessary, and the security of the entire network is compromised if insecure hosts gain access.
-
Hybrid Workforce and Remote Connectivity:
- In the current landscape where a hybrid workforce is prevalent, employees often work remotely from various locations. This necessitates the need for secure connections to corporate resources from both company-provisioned and personal devices.
-
Host Information Profile (HIP):
- HIP is introduced as a feature that allows the collection of information about the security status of endpoints. The decision to allow or deny access to a specific host is based on adherence to defined host policies.
-
Functionality of HIP:
- The GlobalProtect app collects information about the host and submits it to the GlobalProtect gateway upon successful connection. The gateway then matches this information against defined HIP objects and profiles. If a match is found, it generates an entry in the HIP match log and enforces the corresponding security policy.
-
HIP Objects and HIP Profiles:
- HIP Objects are criteria used to filter host information for policy enforcement, and HIP Profiles are collections of HIP Objects evaluated together for monitoring or security policy enforcement.
-
Licensing and Configuration:
- To use the HIP feature, a GlobalProtect subscription license on each gateway performing HIP checks is required. The article provides links to additional resources for licensing details and step-by-step instructions for configuring HIP-based policy enforcement.
-
Further Resources and Troubleshooting:
- The article offers additional resources for more details on gathered data, licensing information, and step-by-step instructions for configuration. It also provides links for troubleshooting HIP data and match issues.
In conclusion, the article provides valuable insights into the importance of endpoint security, introduces the HIP feature as a solution, and offers practical guidance on its implementation and troubleshooting.
