national cooperative purchasing alliance impulse point and...

Impulse Point • 6810 New Tampa Highway, Lakeland FL 33815 • www.impulse.com

October 1, 2013 National Cooperative Purchasing Alliance Region 14 Education Service Center 1850 Highway 351 Abilene, Texas 79601 Impulse Point appreciates the opportunity to provide you with a response and catalog for our Safe•Connect solution to address network security concerns within the Alliance’s membership. Impulse Point offers a flexible yet robust network access control security solution that will allow your members to automate the network access privileges of end users. Impulse Point and Safe•Connect offer the following advantages:

Lower Total Cost of Ownership – Fewer Components to Install, Integrate and Manage Real-time Security Assessment – Pre- and Post-Admission Endpoint Policy Management Open Architecture – Functions consistently across Wired, Wireless, and VPN Networks Switch Vendor Independent – No Upgrades or Infrastructure Changes Required Scalable – Designed for Large, Distributed Environments with minimal burden on IT resources Non-Intrusive Ease of Deployment – Installs in Hours and simplicity of support Proactive Managed Service – Reduces Support Requirements

Impulse Point’s Safe•Connect NAC solution offered here includes functional and design aspects that are unique to the industry. We offer the first and only fully proactive maintenance and support service available for a NAC solution. NCPA members will benefit from proactive 24/7 monitoring, problem determination and resolution, daily policy configuration backups and restoration recovery services, software and appliance hardware maintenance, and future software enhancement protection. We pride ourselves on providing exceptional customer service while keeping the total cost of ownership low. Our approach to installation and deployment is to keep it simple, non-intrusive and cost effective. To this end, it is customary for our team to complete a customer’s installation and deployment remotely. The design of the system and our approach means there is no need for us to come on site – it is truly that simple. The benefit of this approach is that Safe•Connect can be fully installed in an extremely short period of time – the typical installation takes just a few hours to complete.

– 2 –

Impulse Point • 6810 New Tampa Highway, Lakeland FL 33815 • www.impulse.com

It is our philosophy to provide a network access control solution that includes comprehensive features and function while also keeping the solution simple and easy. Full functionality and ease are not mutually exclusive with Safe•Connect. Solutions that require on-site personnel increase the overall cost, time to completion and disruption for customers. The ability for us to install our system remotely is a proof point that Safe•Connect is truly unique. With Safe•Connect, NCPA members receive not only the best NAC security solution for their environment but the expertise and management behind the solution as well. We look forward to a mutually beneficial partnership and welcome the opportunity to discuss our solution in greater detail. Please do not hesitate to contact me, if you have any questions. Sincerely, Tim Evans Vice President of Sales Impulse Point 508-330-8212 or [email protected] www.impulse.com

Sincerely,

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

♦

Impulse Point

6810 New Tampa Highway, Suite 600

Lakeland, Florida 33815

863-802-3738 or 508-366-0685

813-435-2166

[email protected]

Tim Evans

Vice President of SalesVice President of Salesss

♦

October 16, 2013Impulse Point

October 16, 2013NCPA01-26

♦

♦

Impulse Point

Tim Evans

Vice President of Sales

6810 New Tampa Highway

Lakeland, FL 33815

October 1, 2013

Lakeland, FL 333338118181818188 5555

October 1 2013

Matthew Mackel

Director, Business Development

PO Box 701273

Houston, TX 77270

October 16, 2013

♦

XX

♦

•

•

♦

♦

♦

♦

XX

Lakeland

FL

XX

Tim EvansVice President of SalesImpulse Point6810 New Tampa Highway, Suite 600

Lakeland F.lorida 33815

863-802-3738 [email protected]

XX

♦

Jackie Brown

AccountingImpulse Point

6810 New Tampa Highway, Suite 600Lakeland Florida 33815863-802-3738 [email protected]

Anne Torgler

Director of MarketingImpulse Point

6810 New Tampa Highway, Suite 600Lakeland Florida 33815863-802-3738 [email protected]

XX

XX

Tab 4 – Vendor Profile

Please provide the Following information about your company:

Company’s Official registered name. Impulse Point, LLC.

Brief history of your company, including the year it was established.

About Impulse Point Impulse Point is a rapidly growing, privately-held company focused on delivering Network Access and BYOD Control to address policies relating to intellectual property, endpoint security, and regulatory compliance within large, diverse enterprise environments such as higher education. Founded to address the unique endpoint policy management needs of the higher education industry, Impulse Point understands the distributed, multi-vendor infrastructure requirements that support diverse endpoint computing environments. Continuous feedback from customers directly impact the evolving capabilities of Safe•Connect™.

As a result of Impulse Point’s heritage of serving the needs of large, diverse clients in various vertical industry segments, the Safe•Connect Network Access Control solution has been designed to easily integrate into a myriad of customer environments. Our primary focus is on the Education marketplace, and we understand the challenges facing IT executives in education. The network hardware and vendor independence design approach, as well as the ability to support multiple endpoint device platforms makes our solution particularly well-suited for diverse and geographically distributed environments. Impulse Point was founded in 2004 and is headquartered in Lakeland, Florida and maintains offices in multiple U.S. locations including California, Maryland, Massachusetts, North Carolina, and Texas. Impulse Point understands the distributed, multi-vendor infrastructure requirements that will support the diverse endpoint computing enforcement and remediation philosophies. Continuous feedback from customers directly impact the evolving capabilities of Safe•Connect™. The guiding principles of Impulse Point’s Safe•Connect endpoint policy management system focus on the following attributes:

Designed to be scalable and cost effective. Based on an “out-of-line” network implementation approach to alleviate a single point-

of-failure or performance bottleneck. Network switch hardware and software vendor independent. Works with existing network architecture – no changes or continuous manipulation of

Layer2 network switch devices, wireless access points, or VPN concentrators are required.

Easy to install, manage, upgrade, and support.

Company’s Dun & Bradstreet (D&B) number. Impulse Point’s Dun & Bradstreet number is: 15-129-7624


Safe•Connect Support Line [email protected]

Define your standard terms of payment.

Impulse Point’s standard terms of payment or either Net 30 or Due on Receipt; however, the company is open to a variety of financing options as needed by our customers.

Who is your competition in the marketplace?

Cisco, Aruba, Bradford Networks, and ForeScount

Provide Annual Sales for last 3 years broken out into the following categories:

Cities / Counties K-12 Higher Education Other government agencies or nonprofit organizations

As a privately-held company, Impulse Point does not release annual reports or financial statements.

What differentiates your company from competitors?

1) Our solution is deployed at Layer3 which provides the following benefits: a. No changes to the network are required. b. Management of the system is very low touch. c. Future changes/upgrades to the network do not impact system. d. Very scalable with very little hardware .

2) The solution comes with an annual support contract which includes a managed service. This means the following:

a. The health and operation of the appliance is monitored 7 x 24 x 365. b. Impulse owns problem determination and resolution so little staff support required. c. New device fingerprints, new operating systems support and new anti-virus updates are

pushed to the District’s appliance daily. d. Impulse Point backs up the policy build of the system every night so the configuration

can be replicated is ever needed. This makes high availability optional.


3) Impulse Point’s solutions come with system updates, hardware refreshes and guest users at no charge. As we add new features to our software we will not only send you these features for free, but we will refresh your appliance if needed at no charge.

Impulse Point’s Network Access Control Solutions are Unique to the Industry

Proactive Maintenance and Support Services. The Safe•Connect system is supported by the industry’s most comprehensive implementation and support services agreement. Impulse Point will provides continuous (24/7) proactive monitoring and support that includes hardware and software problem determination and resolution support, as well as upgrade protection to future software functional releases. Daily policy configuration remote backups are included which enables restoration and delivery of a replacement system within 24 hours.

Lifetime Hardware Upgrades Included. Impulse Point does not assign an “end of life” to the

product or appliance. When additional functionality is integrated into the software, or if the appliance needs an upgrade the company will simply forward the updated software or appliance at no charge as long as you remain under maintenance. You will never be asked to purchase the appliance again.

Ease of Management. The Safe•Connect solution offers a real-time Web-based dashboard

interface that will enable an authorized policy administrator or help desk personnel the ability to view quarantine devices for the entire enterprise or by user group. The organization’s policy administrator (or help desk personnel) can also locate a quarantined device based on IP address, MAC address, or user name. Safe•Connect’s ability to provide this continuous/real-time pre- and post-admission security posture assessment and enforcement is a major differentiator from our competitors. This real-time assessment and enforcement is completed without the overhead burden of network-based scanning techniques through the use of its distributed Safe•Connect Policy Key every 2-5 seconds.

Describe how your company will market this contract if awarded. Impulse Point will promote the award of the contract to our partners and prospective customers through direct mail, email campaigns and press releases. In addition we will communicate the contract through sales promotions that includes sales presentations, pricing quotes and product literature. Impulse Point will be very active in using a variety of marketing vehicles to promote the NCPA contract.

Describe how you intend to introduce NCPA to your company. Impulse Point will conduct a company-wide education campaign to make sure the entire staff is aware of NCPA contract. This will be launched at a company-wide meeting which will take place the first Monday of the month following the award of the contract. We will provide detailed information about our agreement with NCPA and provide all company employees with fact sheets and communication notes to prospective customers. In a separate session, the sales team will be trained on how to incorporate the NCPA contract into their sales messaging.

Describe your firm’s capabilities and functionality of your on-line catalog / Ordering website. Not Applicable. Impulse Point’s consultative service is not suited for an online market.


Describe your company’s Customer Service Department (hours of operation, number of service centers, etc.)

Customer Service and Sales Support: 24/7 Proactive Maintenance and Support Services The Safe•Connect system is supported by the industry’s most comprehensive implementation and support services agreement. Impulse Point will provide continuous proactive monitoring and support that includes software problem determination and resolution ownership, hardware appliance and software maintenance, and future feature enhancements. The health of the Safe•Connect system is monitored from the Impulse Support Center on a continuous basis. The organization maintains full control of managing their desired endpoint computing policies and enforcement rules via the Safe•Connect Policy Management Console. Impulse Point’s Standard Proactive Maintenance and Support Service includes the following:

COST OF ON-GOING

MAINTENANCE AND SUPPORT SERVICES

IMPULSE POINT

OTHER PROVIDERS

Proactive 24/7 System Monitoring Included Customer Cost Problem Determination Ownership Included Customer Cost Problem Resolution Ownership Included Customer Cost Appliance Hardware Maintenance Included Customer Cost Application of Software Maintenance Updates Included Customer Cost Installation of New Feature Release Upgrades Included Customer Cost Daily Remote Policy Data Backups Included Customer Cost

Service Availability Impulse Point will monitor the appliances installed at Customer’s site 24 x 7 x 365 from its Support Center. If a hardware failure is detected, a new Policy Enforcer appliance will be delivered next-day air with policies restored from the previous night’s backup. If the on-site spare option was chosen, the restore procedure will take place as soon as the hardware failure is detected. Customer must permit continuous 24 hour monitoring access for the Impulse Point Support Center to the Policy Enforcer devices. If this access is not granted, Impulse Point cannot extend the Service SLA to these devices. Scheduled Downtime The Impulse Point Support Center may schedule downtime for regular maintenance and systems upgrades. The time window allowed for these activities is every Sunday from 12:00AM to 2:00AM. This downtime will not have any material effect on the normal operation of the remote Policy Enforcer appliances or network resources. Any definition of service windows in the service contract will take precedence over the Standard Service Level Agreement. Impulse Point will notify the customer of planned changes no less than 3 days prior to implementation. Response Times and Priority Levels Cases may be opened in the Impulse Point Case Management System by emailing or calling customer support. Contact information for support is provided below. Once the appropriate Priority Level is assigned, cases will be routed through the support queues accordingly. The chart below provides case Priority Level descriptions and response times.


Priority

Level

Priority Level - Definition

Case

Assigned

Issue/Problem Determination

Issue/Problem

Resolution P1 Safe•Connect unable to perform

policy management functions network-wide

Severe degradation of network availability

< 30 Minutes

All Available Resources Engaged

ASAP

P2

Considerable number of users affected

Degraded network availability < 1 Hour < 4 Hours Same

Business Day

P3 Small number of users affected New end point Security Software

Recognition Updates Consultative: How-to / FAQ

Same Business Day

Next Business Day

< 48 Hours or As Scheduled

P4 New Product Feature Requests Same Business Day N/A TBD

Impulse Point Support Contact and Escalation For support requests, submit an email to [email protected]. For Priority 1 or Priority 2 cases*, regardless of time of day, please call 863-904-5330 to contact the 24 Hour Support Center. *Priority 1 cases are defined as a total system or severe outage. This is reserved for situations where your Safe•Connect system is completely offline, not functioning, or a severe network disruption is being experienced. *Priority 2 cases are defined as a widespread (multiple users) outage. This is used for situations where the Safe•Connect system is still online but not functioning properly and the result is that multiple users are being affected. The Impulse Point Support Center will ensure an engineer is contacted to handle your case. Once opened, if a case exceeds the SLA time assigned based on priority, escalations are sent to the appropriate Technical and Management personnel. Please see the chart above for details.

Green Initiatives As our business grows, we want to make sure we minimize our impact on the Earth’s climate.

We are taking every step we can to implement innovative and responsible environmental practices throughout NCPA to reduce our carbon footprint, reduce waste, energy conservation, ensure efficient computing and much more. To that effort we ask respondents to provide their companies environmental policy and/or green initiative.

Impulse Point values the Earth’s climate and strives to be a responsible corporate partner. To the end, our solutions are implemented in a virtual environment whenever possible as opposed top requiring additional hardware. Additionally, Impulse Point is conscientious concerning the disposal of aging hardware and recycles it appropriately.


Vendor Certifications (if applicable) Provide a copy of all current licenses, registrations and certifications issued by federal, state

and local agencies, and any other licenses, registrations or certifications from any other governmental entity with jurisdiction, allowing respondent to perform the covered services including, but not limited to, licenses, registrations, or certifications. Certifications can include M/WBE, HUB, and manufacturer certifications for sales and service.

Not applicable.

Tab 5 – Products and Services

Respondent shall perform and provide these products and/or services under the terms of this agreement. The supplier shall assist the end user with making a determination of their individual needs.

Impulse Point will assist in developing a personalized deployment plan and will provide support throughout the production deployment process. Impulse Point’s managed service offering also includes on-going “how-to” consultative support that will enable each organization to maximize their investment.

The following is a list of suggested (but not limited to) categories. List all categories along with manufacturer that you are responding with:

Products Network Access Control

Impulse Point is a security software company that makes solutions exclusively for the education market. Our offering consists of three solutions;

Identity•Connect Safe•Connect Auto•Connect

Identity•Connect is our solution for automatically identifying devices connecting to the network as well as identifying the users on those devices. Identity•Connect also includes Guest User management which allows guests to get network access through temporary credentials. An agentless solution that works across browser device platforms, Identity•Connect works in real time and provides reporting of the user and all their devices in a dashboard. Safe•Connect is a true network access control solution that comes with Identity•Connect. Safe•Connect leverages the identity of the devices and the user information to make sure all devices have proper security settings. Safe•Connect can ensure that all devices (organization-liable or personal devices) meet a common set of requirement such running anti-virus and opening system updates as well as prohibited specific applications on devices Safe•Connect does use a policy key which is a lightweight agent that performs these functions on MS Windows and Apple Macintosh devices. For the purpose of this response we will focus on presenting Safe•Connect. Any member of the NCPA has the option of starting with Identity•Connect and upgrading to Safe•Connect at a later date. The system components include; an appliance, a device license and annual maintenance. The appliance has two functions; one is the Policy Manager where policies are created and where the real time dash board and reporting is provided. The other is the Policy Enforcer which enforces the policies by users and provides access to remediation services. For environments with 10,000 concurrent users or less these two functions reside in the same appliance. The appliance can be a physical appliance or a VMware image. Auto•Connect is the third element of our solution—a device configuration utility that works to configure devices allowing them to connect to a secure 802.1x/WPA2E network. This eliminates the need to have to manually configure these devices so that they can connect to the secure network. The Impulse Point solutions are unique from all other solutions on the market in three very fundamental ways:

1) Our solution is deployed at Layer3 which provides the following benefits:


a. No changes to the network are required b. Management of the system is very low touch c. Future changes/upgrades to the network do not impact system d. Very scalable with very little hardware

2) The solution comes with an annual support contract which includes a managed service. This

means the following: a. The health and operation of the appliance is monitored 7/24/365 b. Impulse owns problem determination and resolution so little staff support required c. New device fingerprints, new operating systems support and new anti-virus updates are

pushed daily to the organization’s appliance. d. Impulse Point backs up the policy build of the system every night so the configuration

can be replicated if ever needed. This makes high availability optional.

3) Impulse Point’s solutions come with system updates, hardware refreshes and guest users at no charge. As we add new features to our software we will not only send you these features for free, but we will refresh your appliance if needed at no charge.

Security and Network Registration Identity•Connect and Safe•Connect are best-of-breed security solutions that easily integrate into existing networks to automate and enforce endpoint security policies that enable organizations to safely adopt a computing model that provides access to the network. In short, we help you better manage your devices by providing better visibility, policy creation and automated enforcement. The systems include policy enforcer and policy manager components that are deployed centrally but are able to manage users’ devices at the very edge of the network or at remote locations. The smarter choice for managing your network and an essential security solution for protecting your network assets, Identity•Connect and Safe•Connect were created expressly to address the variety of users and devices now common on most networks. Both solutions have the ability to recognize devices as they come onto the network and provide the following essential compliance data for non-managed systems:

Device ownership provides visibility into user identities and device types, determining whether they are a managed (company-owned) or personally-owned (i.e., employee, guest)

Guest user self-enrollment automates the process of managing network access for guests. Automated-802.1X secure on-ramping provides easy access to WPA2 secure wireless and

wired networks (please note: 802.1x or WPA2 is not required for either Identity•Connect or Safe•Connect to operate but is fully supported if or when this standard is implemented).

Real-time policy assessment checks a user’s system prior to granting network access as well as on a continuous basis after access is granted.

Dynamic role-based enforcement applies policies and enforcement rules based on how a user is defined within the directory system (employee, guest, contractor, etc.).

Self-guided remediation allows users to conform to security policies without help desk support

Device type profiling for updates of new operating systems and devices delivered to you within 48 hours.

Identity correlation provides real-time identity-to-device associations and standards-based integration with third-party policy management systems.


The solutions’ key benefits include the ability to safely support the use of all devices (enterprise-owned, personal or guest) regardless of how these connect to the network (via wired, wireless or VPN).

Authentication/Accountability: o Automated Authentication and Enforcement o Single Sign-On (SSO) and Guest Management Capability o Identity-Driven Policy Assignment and Reporting o Automated Security Configuration for WPA2 Enterprise and 802.1x

Endpoint Security Assessment and Enforcement o Pre- and Post-Admission (Real-time) Endpoint Policy Management o Real-time and Historical Policy Status Reporting

End User Experience: o Enhanced User Experience o Guided Self-Remediation Process o Simplified Configuration for WPA2 Enterprise and 802.1x

System Architecture and Performance: o Flexibility in Enforcing Policy (Quarantine, Warn/Quarantine, Audit Only) o Non-Intrusive Ease of Deployment allowing for Phased Roll-out o Scalable with Distributed Security Assessment and Layer2 Quarantine Design o Centrally Deployed and Managed Out-of-Line Design Fails Open

Technical Support: o 24/7 Proactive Maintenance and Support Services o Problem identification and Resolution

Product reviews and assessments: o Strong/Loyal Customer Base o Numerous Competitive Replacements

Cost: o Lower Total Cost of Ownership o Supports all device types and connection transports o Fewer Components to Install, Integrate, and Manage (Installs in Hours, not Days or

Weeks) o Reduced Help Desk Calls

Impulse Point Understand the Needs of Network Security Safe•Connect was originally designed to meet the need of environments where large numbers of unknown and unmanaged devices persisted. For many years this was predominately college and university campuses. Public institutions, as well as general enterprise, are looking to Impulse Point in a greater degree as their device and user environment has changed. We can help provide the balance of access and security that’s right for the members of the NCPA. Safe•Connect’s key benefits include the following:

Real Time Solution. Safe•Connect checks a user’s system prior to granting network access as well as on a continuous basis in real time. This provides two significant benefits; users who become non-compliant are isolated immediately. This is inherently more secure because users are not allowed to remain on the network for extended periods. In addition, the user experience is superior because only those users out-of-compliance with security policies are impacted.

100% Out of Line Solution. Safe•Connect is implemented as a true “out-of-line” network device. The Safe•Connect Policy Enforcer Appliance sits out-of-line with the core network and


fails open—presenting no single point of failure, performance bottle-necks or maintenance-related or scheduled network outages. In the event of a failure all existing and new users to the network are unaffected and have uninterrupted access to network resources.

Ability to Manage Rogue Devices (including Rogue APs). The Safe•Connect system will provide the ability to manage unknown, rogue wired or wireless access point devices that may connect to the network. The Safe•Connect system can detect whether an endpoint is located behind a Network Access Translation (NAT) device and can perform the applicable enforcement quarantine and remediation action to properly register the device.

Compatible Operation

No Changes to LAN/WAN Required. Safe•Connect is network switch hardware and software vendor independent and integrates into the existing network architecture. No switch manipulation. No rip-and-replace. No changes or continuous manipulation of Layer2 network switch devices, wireless access points, or VPN concentrators are required.

Directory Services Integration. Safe•Connect utilizes directory services infrastructure (i.e. LDAP, MS Active Directory, RADIUS) to authenticate end user devices. The system can also apply identity- or role-based policies and enforcement rules based on how a user is defined within the directory system (student, employee, guest, vendor, etc.) Users who cannot be authenticated can be quarantined or blocked from accessing the network. Safe•Connect also features a Single Sign-On (SSO) authentication capability that could allow existing AD managed users to maintain their existing login process user experience.

Centrally Managed Solution. Safe•Connect’s Enterprise Policy Manager offers a centralized

policy management interface that will allow an authorized policy administrator to build and edit policies that can be deployed immediately. Safe•Connect’s Enterprise Policy Manager has been designed to be intuitive and easy to use. The Policy Manager can be accessed from multiple locations and allows you to assign application and read/write level administrative privileges to policy administrators and help desk personnel.

Compatibility with Wireless Access Points. Safe•Connect is Layer2 network device

independent and agnostic, which allows the system to manage public or privately addressed sub-networks and VLANs whether their topology is wired, wireless, or VPN. The solution will work with your existing wireless network infrastructure, but also gives you the comfort of knowing that if you make any changes to your wireless network, the solution will continue to operate as it does today.

Ease of Implementation. The Safe•Connect system is designed for remote customer setup and

implementation. By leveraging our proactive maintenance support services capability, we can routinely install a system in less than an hour. The solution can be deployed in a phased-in approach (by IP address/range, subnet, VLAN) across wired, wireless, and VPN infrastructures as required for a non-disruptive transition.

Unique to the Industry

Proactive Maintenance and Support Services. The Safe•Connect system is supported by the industry’s most comprehensive implementation and support services agreement. Impulse Point provides continuous (24/7) proactive monitoring and support that includes hardware and software


problem determination and resolution support, as well as upgrade protection to future software functional releases. Daily policy configuration remote backups are included which enables restoration and delivery of a replacement system within 24 hours.


product or appliance. When additional functionality is integrated into the software, or if the appliance needs an upgrade, the company will simply forward the updated software or appliance at no charge as long as you remain under maintenance. You will never be asked to purchase the appliance again.

Ease of Management. The Safe•Connect offers a real-time Web-based dashboard interface that

will enable an authorized policy administrator or help desk personnel the ability to view quarantine devices for the entire enterprise or by user group. The organization’s policy administrator (or help desk personnel) can also locate a quarantined device based on IP address, MAC address, or user name. Safe•Connect has been designed to be intuitive and easy to use. The Policy Manager can be accessed from multiple locations and allows you to assign application and read/write level administrative privileges to policy administrators and help desk personnel based on their authentication credentials.

Policy Modules and Key Features

Policy Modules

Key Features

User Authentication / Device Management

Prevents unauthorized users from accessing network resources and participates in Single Sign-On (SSO) and device recognition.

Guest User Management Automates guest user registration processes that can restrict endpoint devices to Internet-only access for a period of time.

Acceptable Use Security Policy Auditing

Displays acceptable use policies and gives users the option to accept organization policies prior to accessing network resources.

Anti-Virus / Anti-Spyware Manages compliance with anti-malware software policies.

Microsoft Patch Ensures that users are up-to-date with Microsoft OS patches and integrated with existing patch management systems.

Rogue Access Point Manages adherence to rouge access point device policies that utilize Network Access Translation (NAT).

Custom Policy Building Enables organizations to build (or integrate) automated custom policies to address endpoint security acceptable use standards.

Compliance Reporting Real-time and historical reporting dashboard and data archiving.

WPA2 Enterprise / 802.1x Auto-Provisioning

Automates the user experience of “on-ramping” devices onto WPA2 Enterprise/802.1x secure wireless and wired networks. This is an optional module.

Identity Correlation Manager (ICM)

Delivers real-time, identity-to-device association information to authoritatively track a device as it moves across the network. This information can then be exported using the ICM’s Identity Output Connectors. This is an optional module.


Optional Enhancements: Secure WPA2-E On-Ramping: As an standard option, Impulse Point offers Auto•Connect which automates the process of configuring embedded device 802.1x supplicants for wired 802.1x and wireless WPA2 Enterprise network enablement. Auto•Connect simplifies the end user experience of transitioning to a secure 802.1x or WPA2 Enterprise network through the use of a customizable wizard to ensure that users are connected quickly to the network without additional technical or help desk assistance. The Policy Key agent can also be installed (silently, if desired) as part of the same user/device registration experience. Identity Correlation Manager (ICM): An innovative appliance-based offering designed to deliver real-time, identity-to-device association information required to support the mobile device explosion. The ICM fills a much needed gap in the information security space. The industry has continued to move further and further from a single vendor network, customers are adding devices based on performance and need rather than brand loyalty. With this comes the need for information exchange. The value of different devices is often based on what the single device can do, but when combined with other solutions in an environment, the value is often greatly enhanced. Safe•Connect serves as the foremost authority for identity in a network. From Single-Sign-On capabilities to captive portal, Safe•Connect has the technology to know who is on the network at all times. The Identity Correlation Manager (ICM) solution serves to remember this information, in the extremely dense dynamic networks of today. Using feeds from various networking equipment, the ICM appliance can authoritatively track a device as it moves across the network. This information can then be exported using the ICM’s Identity Output Connectors. The ICM will export ‘identity based sessions’ to devices that can consume this data. ICM supports several vendors (i.e., Palo Alto, Procera) today with more planned in the future.


Safe•Connect’s Strengths and Capabilities Policy Assignment by Active Directory User Membership Group

The Safe•Connect system provides the ability to assign unique policies based on IP address range, VLAN segment, or subnet. The organization can also assign policies by individual user role as defined by existing Active Directory Services infrastructure. Therefore, you can apply policies based on the authentication credentials of the end user (i.e., staff, contractors, guests, vendors, etc.)

Guest User Management The Safe•Connect system can automate the process of managing restricted network access for guests, which will limit the guest user from accessing any internal resources within the network other than the Internet and other acceptable destinations.

Access Point Management

The Safe•Connect system provides the ability to manage unknown, rogue wired or wireless access point devices that may connect to the network. The Safe•Connect system can detect whether an endpoint is located behind a Network Access Translation (NAT) device and can perform the applicable enforcement quarantine and remediation action to properly register the device.

Copyrighted Material Sharing Management

The Safe•Connect system can help manage the use of illegal file sharing services and other non-compliant applications within the network. The Safe•Connect system can detect whether the endpoint device is operating (downloading) material from P2P file sharing services and deliver enforcement and/or warning messages as dictated. We recognize that some NCPA organizations handle and use intelligential property that may require management of its use.

WSUS Integration The Safe•Connect system can automate the process of integrating endpoint devices to patch management systems (such as Microsoft WSUS) even if the end user device is not managed by an existing Active Directory policy group domain.

Custom Policy Builder

The Safe•Connect system will provide the ability to create custom enforcement, remediation policies, and individualized messaging for unique security or regulatory requirements. The organization will have the ability to build policies based on the existence or non-existence of file types, registry settings, services, and processes on individual endpoint devices.

Proactive Maintenance and Support Services

The Safe•Connect system is supported by the industry’s most comprehensive implementation and support services agreement. Impulse Point will provide continuous proactive monitoring and support that includes hardware appliance and software problem determination and resolution support consistent with operational management processes, as well as upgrade protection to future software functional releases. Daily policy configuration remote backups are included which enables Impulse Point to restore and deliver a replacement system within 24 hours.


Centralized Policy Management Each organization can define and change endpoint computing policies and enforcement rules by network segment or directory services policy group from a centralized policy management interface (shown to the right). The Safe•Connect Policy Management Console also delivers real-time and historical policy status reporting that provides valuable insight into group or individual policy compliance. Safe•Connect provides the capability to automatically quarantine non-compliant users and provides the end user with policy notification and remediation guidance for specific policies. This includes the ability to direct the end user to a specific internal or external website to correct any policy deficiencies. Safe•Connect’s Reporting Dashboard The easy to read GUI interface (shown to the right) allows administrative personnel to view the security status of an individual end user, as well as the ability to view the exact policy notification web page that the end user is viewing when in a quarantine or warning condition.

Historical policy event data for individuals or groups can be automatically exported and stored at predefined internals to external relational database stores (mySQL, MS SQL Server, etc.) for query and compliance related archival storage requirements, as desired. Information that can be exported includes the following: Individual user name IP address MAC address Last contact/log in (date/time) Type of device


Group or role Specific compliant policies Specific non-

compliant or failed policies

What Your Users Will See All devices (including wired, wireless, or VPN) connecting to the network are automatically intercepted, and challenged by a customer-branded authentication portal such as the samples shown here. After providing the appropriate credentials, the user will be presented with the acceptable use policies (during the initial registration process) and their device will be certified that it adheres to endpoint security policies. After the user inputs their credentials, the Safe•Connect system will authenticate the user against an AD directory server and apply any appropriate policy enforcement as defined. Assuming the user is consistent with stated policies, they will be allowed network access. Users not in compliance with stated policies will receive individualized policy notification pages to communicate the reason for non-compliance (e.g. out of date anti-virus protection) and guide them through the remediation process by providing instructions and a link to an internal or external source where the appropriate software can be downloaded. The end user will automatically regain their network access privileges as soon as they comply with the stated policies. Safe•Connect continues to maintain the security posture of the device as long as it remains connected to the network. The organization may also choose to direct users to any internal resources within the network other than the Internet and other acceptable destinations.


Services

Installation Network Requirements Identity•Connect and Safe•Connect are specifically designed as vendor-independent solutions that easily integrate into existing (or future) network architecture with no manipulation of Layer2 switches, no forklift upgrades, and fewer moving parts. The system simply requires access to one or more Layer3 switch/router points of network aggregation that supports Policy Based Routing (PBR), and either NetFlow or sFlow. System Design and Integration To address a standard network environment, Impulse Point recommends the following: Impulse Point will pre-load and configure the appropriate number of Policy Manager Appliances in a centrally-deployed, clustered configuration to support the environment. The Appliance will connect non-intrusively to the existing router core network infrastructure in an out-of-line network fashion that will not introduce performance bottlenecks, maintenance-driven network outages, or additional points of failure. The solution will take less than an hour to initially be connected and tested, and will not require a scheduled maintenance network outage. The system can be installed at your convenience and can remain in a passive mode until the network manager assigns policies by IP, IP range, subnet, VLAN or directory services group. Impulse Point will conduct standard remote policy administrator and help desk personnel training. The organization will have the ability to configure policies using the Policy Manager, test their desired enforcement policies, and refine the content and branding of the remediation policy notification pages provided by Impulse Point to maximize the end user experience. After acceptance testing is concluded, the system is ready to begin its production deployment. Impulse Point typically recommends a phased-in deployment. The system can be deployed very quickly with minimal technical resources, and provide a ready-to-go solution. Endpoint devices connecting to the network (wired, wireless, and VPN) will be intercepted, authenticated, presented with the acceptable use policies, and issued a Policy Key. The Policy Key can also be pre-distributed to all managed end user devices via active directory group policies or other preferred method of software distribution. The Policy Key certifies that the endpoint device adheres to endpoint security policies on a continuous/real-time basis. It reports non-compliance to the Policy Manager and delivers individualized remediation guidance. The endpoint devices can remain completely isolated at Layer2 using I-LAN quarantine technology until the policy breach is resolved. In addition, Layer3 quarantine will be enforced via Policy Based Routing at network points of aggregation.


The system has been designed for remote setup. By leveraging our managed services capability, we can install a system in less than an hour. Impulse Point can accomplish this by pre-loading the system with the organization’s specific configuration information, and guiding the network team through the connection process. Using a secure remote access connection, Impulse Point can further customize and troubleshoot issues, if required. Impulse Point does not anticipate the need for on-site installation support services due to the sophistication of our remote operationally managed support services. However, on-site installation support can be scheduled at an additional cost. Turn-key implementation planning, remote policy administrator and help desk personnel training and deployment assistance support are bundled into the initial cost, in addition to the first year managed services support and maintenance. Impulse Point will assist in developing a deployment plan and will provide support throughout the production deployment process. Impulse Point’s managed service offering also includes on-going “how-to” consultative support that will enable the organization to maximize their investment.

Product Support

The Identity•Connect and Safe•Connect solutions are supported by the industry’s most comprehensive implementation and support services agreement. Impulse Point will provide continuous proactive monitoring and support that includes software problem determination and resolution ownership, hardware appliance and software maintenance, and future feature enhancements. The health of the Safe•Connect system is monitored from the Impulse Support Center on a continuous basis. Service Availability Impulse Point will monitor the appliances installed at Customer’s site 24 x 7 x 365 from its Support Center. If a hardware failure is detected, a new Policy Enforcer appliance will be delivered next-day air with policies restored from the previous night’s backup. If the on-site spare option was chosen, the restore procedure will take place as soon as the hardware failure is detected. Customer must permit continuous 24 hour monitoring access for the Impulse Point Support Center to the Policy Enforcer devices. If this access is not granted, Impulse Point cannot extend the Service SLA to these devices. Scheduled Downtime The Impulse Point Support Center may schedule downtime for regular maintenance and systems upgrades. The time window allowed for these activities is every Sunday from 12:00AM to 2:00AM. This downtime will not have any material effect on the normal operation of the remote Policy Enforcer appliances or network resources. Any definition of service windows in the service contract will take precedence over the Standard Service Level Agreement. Impulse Point will notify the customer of planned changes no less than 3 days prior to implementation. Response Times and Priority Levels Cases may be opened in the Impulse Point Case Management System by emailing or calling customer support. Contact information for support is provided below. Once the appropriate Priority Level is assigned, cases will be routed through the support queues accordingly. The chart below provides case Priority Level descriptions and response times.


Priority

Level


Case

Assigned


Issue/Problem




< 30 Minutes


ASAP

P2


Degraded network availability < 1 Hour < 4 Hours Same Business Day

P3 Small number of users affected New end point Security Software

Recognition Updates Consultative: How-to / FAQ

Same Business Day

Next Business Day

< 48 Hours or As Scheduled


Impulse Point Support Contact and Escalation For support requests, submit an email to [email protected]. For Priority 1 or Priority 2 cases*, regardless of time of day, please call 863-904-5330 to contact the 24 Hour Support Center.

*Priority 1 cases are defined as a total system or severe outage. This is reserved for situations where your Safe•Connect system is completely offline, not functioning, or a severe network disruption is being experienced. *Priority 2 cases are defined as a widespread (multiple users) outage. This is used for situations where the Safe•Connect system is still online but not functioning properly and the result is that multiple users are being affected.

The Impulse Point Support Center will ensure an engineer is contacted to handle your case. Once opened, if a case exceeds the SLA time assigned based on priority, escalations are sent to the appropriate Technical and Management personnel. Please see the chart above for details.

Product Configurations

System Design and Integration Impulse Point will assist each organization in developing a specialized deployment and configuration plan and will provide support throughout the production deployment process. Impulse Point’s managed service offering also includes on-going “how-to” consultative support that will enable each organization to maximize their investment. To address a standard network environment, Impulse Point recommends the following:


Impulse Point will pre-load and configure the appropriate number of Policy Manager Appliances in a centrally-deployed, clustered configuration to support the environment. The Appliance will connect non-intrusively to the existing router core network infrastructure in an out-of-line network fashion that will not introduce performance bottlenecks, maintenance-driven network outages, or additional points of failure. The solution will take less than an hour to initially be connected and tested, and will not require a scheduled maintenance network outage. The system can be installed at your convenience and can remain in a passive mode until the network manager assigns policies by IP, IP range, subnet, VLAN or directory services group. Impulse Point will conduct standard remote policy administrator and help desk personnel training. The organization will have the ability to configure policies using the Policy Manager, test their desired enforcement policies, and refine the content and branding of the remediation policy notification pages provided by Impulse Point to maximize the end user experience. After acceptance testing is concluded, the system is ready to begin its production deployment. Impulse Point typically recommends a phased-in deployment. The system can be deployed very quickly with minimal technical resources, and provide a ready-to-go solution. Endpoint devices connecting to the network (wired, wireless, and VPN) will be intercepted, authenticated, presented with the acceptable use policies, and issued a Policy Key. The Policy Key can also be pre-distributed to all managed end user devices via active directory group policies or other preferred method of software distribution. The Policy Key certifies that the endpoint device adheres to endpoint security policies on a continuous/real-time basis. It reports non-compliance to the Policy Manager and delivers individualized remediation guidance. The endpoint devices can remain completely isolated at Layer2 using I-LAN quarantine technology until the policy breach is resolved. In addition, Layer3 quarantine will be enforced via Policy Based Routing at network points of aggregation. Proposed Work Plan and Timeline Impulse Point prides itself on the rapid, efficient, and low-risk implementation of the Safe•Connect solution. This is accomplished by utilizing a proven Service Delivery Methodology and Impulse Point’s Proactive Maintenance and Support Services to ensure minimal impact to the client’s existing network infrastructure and effective use of Customer and Impulse Point resources during the implementation process.

Organization

Estimated Involvement by

Org

Level of Staff Required

Ownership Responsibility

Complete Installation Worksheet & Validate Policy Enforcer Design

1-2 hours Network and Policy Administrator

Customer

Pre-Configure/Test Appliance/Ship N/A Not Applicable Impulse Point Schedule Remote Safe•Connect Installation and Connectivity Testing

Less than 1 hour per Policy Enforcer

Appliance

Policy Network Engineer

Impulse Point and Customer

Schedule Safe•Connect Administrator/ 90 minutes Administration/ Impulse Point


Desktop Support Training PART 1 Help Desk Teams and Customer Schedule Safe•Connect Administrator/ Desktop Support Training PART 2

90 minutes Administration/ Help Desk Teams


Validation Testing of Policies and Notification Pages

As Coordinated Administration Team Customer

Initial Pilot Roll-out to Introduce Help Desk and Refine

TBD Administrator/ Help Desk Team


Commence Phased-in Deployment TBD Administrator Customer Participate in Weekly Status Meeting Calls

On-Going ½ Hour (As

Needed)

Administrator Impulse Point and Customer

Project Completion Wrap-up TBD Committee Impulse Point and Customer

Managed Services

Sales Support: 24/7 Proactive Maintenance and Support Services The Safe•Connect system is supported by the industry’s most comprehensive implementation and support services agreement. Impulse Point will provide continuous proactive monitoring and support that includes software problem determination and resolution ownership, hardware appliance and software maintenance, and future feature enhancements. The health of the Safe•Connect system is monitored from the Impulse Support Center on a continuous basis. The organization maintains full control of managing their desired endpoint computing policies and enforcement rules via the Safe•Connect Policy Management Console. Impulse Point’s Standard Proactive Maintenance and Support Service includes the following:

COST OF ON-GOING MAINTENANCE AND SUPPORT

SERVICES

IMPULSE POINT

OTHER PROVIDERS


Warranty

Impulse Point warrants that all equipment furnished under this contract will be new, of good material and workmanship. The warranty will be for a minimum period of twelve (12) months from the date equipment is put into operation. Such replacement shall include all parts, labor, and transportation cost to the location where equipment is down, free of any charge to the owner or his representative.

Proactive Maintenance and Support Services. The Safe•Connect system is supported by the industry’s most comprehensive implementation and support services agreement. Impulse Point


will provides continuous (24/7) proactive monitoring and support that includes hardware and software problem determination and resolution support, as well as upgrade protection to future software functional releases. Daily policy configuration remote backups are included which enables restoration and delivery of a replacement system within 24 hours.


product or appliance. When additional functionality is integrated into the software, or if the appliance needs an upgrade the company will simply forward the updated software or appliance at no charge as long as you remain under maintenance. You will never be asked to purchase the appliance again.

Tab 7 – Pricing

Executive Summary - Safe•Connect’s Advantages and Value Impulse Point appreciates the opportunity to demonstrate how the Safe•Connect solution can be deployed quickly with minimal technical resources as a turn-key solution to address network security concerns of K-20 members of the National Cooperative Purchasing Alliance (NCPA). As a result of our heritage of serving the needs of large, academic institutions, Safe•Connect has been designed to easily integrate into a myriad of customer environments. Our network hardware and vendor independence design approach, as well as the ability to support multiple endpoint device platforms, makes our solution particularly well-suited for diverse and geographically distributed organizations. Network Access Control Safe•Connect is a best-of-breed security solution that easily integrates into existing networks to automate and enforce endpoint security policies that enable organizations to safely adopt a BYOD computing model. In short, we help you manage your “unmanaged“ devices. The system includes a policy enforcer and policy manager components that are deployed centrally but are able to manage users’ devices at the very edge of the network or at remote locations. The dramatic increase of personally-owned devices (aka BYOD) attempting to access your network has created a chaotic situation that is difficult to manage. The sheer number and diversity of mobile devices in constant movement across your campus makes it difficult to know who or what might be attempting to connect – or what their security posture might be. Better control is possible through identity, visibility, and automated actions. Safe•Connect is the smarter choice for managing your network and an essential security solution for protecting your students and the network systems you’re bringing together. Created expressly for education, Safe•Connect is a complete BYOD solution for the way that students, staff, and faculty connect to your system. Safe•Connect has the ability to recognize devices as they come on the network and provides the following essential compliance data for non-managed systems:

Device ownership provides visibility into user identities and device types, determining whether they are a managed (campus-owned) or personally-owned (i.e., BYOD, guest)

Guest user self-enrollment automates the process of managing network access for guests Automated-802.1X secure on-ramping provides easy access to WPA2 secure wireless and wired

networks Real-time policy assessment checks a user’s system prior to granting network access as well as

on a continuous basis after access is granted Dynamic role-based enforcement applies policies and enforcement rules based on how a user is

defined within the directory system (guest, employee, vendor, etc.) Self-guided remediation allows users to conform to security policies without help desk support Device type profiling for updates of new operating systems and devices delivered to you within

48 hours of their official release date. Identity correlation provides real-time identity-to-device associations and standards-based

integration with third-party policy management systems.

Tab 7 – Pricing

We believe Safe•Connect’s key benefits include the ability to safely support the use of personally-owned student, faculty, and staff wireless devices on the network. Safe•Connect provides this in the following ways:

Authentication/Accountability: o Automated Authentication and Enforcement o Single Sign-On (SSO) and Guest Management Capability o Identity-Driven Policy Assignment and Reporting o Automated Security Configuration for WPA2 Enterprise and 802.1x

Endpoint Security Assessment and Enforcement o Pre- and Post-Admission (Real-time) Endpoint Policy Management o Real-time and Historical Policy Status Reporting

End User Experience: o Enhanced User Experience o Guided Self-Remediation Process o Simplified Configuration for WPA2 Enterprise and 802.1x

System Architecture and Performance: o Flexibility in Enforcing Policy (Quarantine, Warn/Quarantine, Audit Only) o Non-Intrusive Ease of Deployment allowing for Phased Roll-out o Scalable with Distributed Security Assessment and Layer2 Quarantine Design o Centrally Deployed and Managed Out-of-Line Design Fails Open

Technical Support: o 24/7 Proactive Maintenance and Support Services o Problem identification and Resolution

Product reviews and assessments: o Strong/Loyal Customer Base o Surge in Competitive Replacements

Cost: o Lower Total Cost of Ownership o Supports Personally-owned Wireless Devices o Fewer Components to Install, Integrate, and Manage (Installs in Hours, not Days or

Weeks) o Reduced Help Desk Calls

Tab 7 – Pricing

1 | Company Information About Impulse Point Impulse Point is a rapidly growing, privately-held company focused on delivering Network Access and BYOD Control to address policies relating to intellectual property, endpoint security, and regulatory compliance within large, diverse enterprise environments such as higher education. Founded to address the unique endpoint policy management needs of the higher education industry, Impulse Point understands the distributed, multi-vendor infrastructure requirements that support diverse endpoint computing environments. Continuous feedback from customers directly impact the evolving capabilities of Safe•Connect™. As a result of Impulse Point’s heritage of serving the needs of large, diverse clients in various vertical industry segments, the Safe•Connect Network Access Control solution has been designed to easily integrate into a myriad of customer environments. Our primary focus is on the Education marketplace, and we understand the challenges facing IT executives in education. The network hardware and vendor independence design approach, as well as the ability to support multiple endpoint device platforms makes our solution particularly well-suited for diverse and geographically distributed environments. Impulse Point was founded in 2004 and is headquartered in Lakeland, Florida and maintains offices in multiple U.S. locations including California, Maryland, Massachusetts, North Carolina, and Texas. Impulse Point understands the distributed, multi-vendor infrastructure requirements that will support the diverse endpoint computing enforcement and remediation philosophies. Continuous feedback from customers directly impact the evolving capabilities of Safe•Connect™. The guiding principles of Impulse Point’s Safe•Connect endpoint policy management system focus on the following attributes:

Designed to be scalable and cost effective. Based on an “out-of-line” network implementation approach to alleviate a single point-of-failure

or performance bottleneck. Network switch hardware and software vendor independent. Works with existing network architecture – no changes or continuous manipulation of Layer2

network switch devices, wireless access points, or VPN concentrators are required. Easy to install, manage, upgrade, and support.

Tab 7 – Pricing

2 | Fulfillment and Sales Support Impulse Point Understands the Needs of Network Security in Education Safe•Connect was originally designed for use on college campuses – and since the beginning, the product has been upgraded and enhanced with direct feedback from its users. We can help provide the balance of access and security that’s right for NCPA members whether they are school districts or institutions of higher education. Safe•Connect’s key benefits include the following:

Real Time Solution. Safe•Connect checks a user’s system prior to granting network access as well as on a continuous basis in real time. This provides two significant benefits; users who become non-compliant are isolated immediately. This is inherently more secure because users are not allowed to remain on the network for extended periods. In addition, the user experience is superior because only those users out-of-compliance with security policies are impacted.

100% Out of Line Solution. Safe•Connect is implemented as a true “out-of-line” network device. The Safe•Connect Policy Enforcer Appliance sits out-of-line with the core network and fails open—presenting no single point of failure, performance bottle-necks or maintenance-related or scheduled network outages. In the event of a failure all existing and new users to the network are unaffected and have uninterrupted access to network resources.

Ability to Manage Rogue Devices (including Rogue APs). The Safe•Connect system will provide the ability to manage unknown, rogue wired or wireless access point devices that may connect to the network. The Safe•Connect system can detect whether an endpoint is located behind a Network Access Translation (NAT) device and can perform the applicable enforcement quarantine and remediation action to properly register the device.

Emergency Messaging Capability. School campuses need to quickly notify students and faculty in the event of an emergency situation. Safe•Connect can broadcast an emergency message on-demand to everyone whose computer is authorized to access the campus network.

BYOD Operation

No Changes to LAN/WAN Required. Safe•Connect is network switch hardware and software vendor independent and integrates into the existing network architecture. No switch manipulation. No rip-and-replace. No changes or continuous manipulation of Layer2 network switch devices, wireless access points, or VPN concentrators are required.

Directory Services Integration. Safe•Connect utilizes directory services infrastructure (i.e. LDAP, MS Active Directory, RADIUS) to authenticate end user devices. The system can also apply identity- or role-based policies and enforcement rules based on how a user is defined within the directory system (student, employee, guest, vendor, etc.) Users who cannot be authenticated can be quarantined or blocked from accessing the network. Safe•Connect also features a Single Sign-On (SSO) authentication capability that could allow existing AD managed users to maintain their existing login process user experience.

Tab 7 – Pricing

Centrally Managed Solution. Safe•Connect’s Enterprise Policy Manager offers a centralized policy management interface that will allow an authorized policy administrator to build and edit policies that can be deployed immediately. Safe•Connect’s Enterprise Policy Manager has been designed to be intuitive and easy to use. The Policy Manager can be accessed from multiple locations and allows you to assign application and read/write level administrative privileges to policy administrators and help desk personnel.

Compatibility with Wireless Access Points. Safe•Connect is Layer2 network device

independent and agnostic, which allows the system to manage public or privately addressed sub-networks and VLANs whether their topology is wired, wireless, or VPN. The solution will work with your existing wireless network infrastructure, but also gives you the comfort of knowing that if you make any changes to your wireless network, the solution will continue to operate as it does today.

Ease of Implementation. The Safe•Connect system is designed for remote customer setup and

implementation. By leveraging our proactive maintenance support services capability, we can routinely install a system in less than an hour. The solution can be deployed in a phased-in approach (by IP address/range, subnet, VLAN) across wired, wireless, and VPN infrastructures as required for a non-disruptive transition.

Unique to the Industry

Proactive Maintenance and Support Services. The Safe•Connect system is supported by the industry’s most comprehensive implementation and support services agreement. Impulse Point will provides continuous (24/7) proactive monitoring and support that includes hardware and software problem determination and resolution support, as well as upgrade protection to future software functional releases. Daily policy configuration remote backups are included which enables Impulse Point to restore and deliver a replacement system within 24 hours.

Lifetime Hardware Upgrades Included. Impulse Point does not assign an “end of life” to our

product or appliance. When additional functionality is integrated into the software, or if the appliance needs an upgrade we will simply forward the updated software or appliance at no charge as long as you remain under maintenance. We will never ask you to purchase the appliance again.

Ease of Management. The Safe•Connect offers a real-time Web-based dashboard interface

that will enable an authorized policy administrator or help desk personnel the ability to view quarantine devices for the entire enterprise or by user group. The organization’s policy administrator (or help desk personnel) can also locate a quarantined device based on IP address, MAC address, or user name. Safe•Connect has been designed to be intuitive and easy to use. The Policy Manager can be accessed from multiple locations and allows you to assign application and read/write level administrative privileges to policy administrators and help desk personnel based on their authentication credentials.

Tab 7 – Pricing

Fulfillment: Safe•Connect Policy Modules and Key Features

Safe•Connect Policy Modules

Key Features

User Authentication / Device Management

Prevents unauthorized users from accessing network resources and participates in Single Sign-On (SSO) and device recognition.

Guest User Management Automates guest user registration processes that can restrict endpoint devices to Internet-only access for a period of time.

Acceptable Use Security Policy Auditing

Displays acceptable use policies and gives users the option to accept organization policies prior to accessing network resources.

Anti-Virus / Anti-Spyware Manages compliance with anti-malware software policies. Microsoft Patch Ensures that users are up-to-date with Microsoft OS patches and

integrated with existing patch management systems. P2P File Sharing Prohibits use of P2P file sharing and non-approved applications.

Rogue Access Point Manages adherence to rouge access point device policies that utilize Network Access Translation (NAT).

Broadcast Messaging Delivers real-time, on-demand desktop messages and notifications.

Power Management Manages compliance with energy saving power settings.

Custom Policy Building Enables organizations to build (or integrate) automated custom policies to address endpoint security acceptable use standards.

Compliance Reporting Real-time and historical reporting dashboard and data archiving.

WPA2 Enterprise / 802.1x Auto-Provisioning

Automates the user experience of “on-ramping” devices onto WPA2 Enterprise/802.1x secure wireless and wired networks. This is an optional module.

Identity Correlation Manager (ICM)

Delivers real-time, identity-to-device association information to authoritatively track a device as it moves across the network. This information can then be exported using the ICM’s Identity Output Connectors. This is an optional module.

Quarantine Technology Impulse Point’s I-LAN quarantine technology isolates non-compliant endpoint devices from accessing Layer2 and Layer3 network resources. I-LAN also limits end user access to designated internal or Internet remediation domains, where it communicates the actions required to become compliant with the organization’s endpoint security policies and regain network access privileges. Optional Enhancements: Secure WPA2-E On-Ramping: As an standard option, Impulse Point offers Xpress•Connect (from Cloudpath Networks), which automates the process of configuring embedded device 802.1x supplicants for wired 802.1x and wireless WPA2 Enterprise network enablement. Xpress•Connect simplifies the end user experience of transitioning to a secure 802.1x or WPA2 Enterprise network through the use of a customizable wizard to ensure that users are connected quickly to the network without additional

Tab 7 – Pricing

technical or help desk assistance. The Safe•Connect Policy Key agent can also be installed (silently, if desired) as part of the same user/device registration experience. Identity Correlation Manager (ICM): An innovative appliance-based offering designed to deliver real-time, identity-to-device association information required to support the “Bring Your Own Device” mobile device explosion. The Safe•Connect ICM fills a much needed gap in the information security space. The industry has continued to move further and further from a single vendor network, customers are adding devices based on performance and need rather than brand loyalty. With this comes the need for information exchange. The value of different devices is often based on what the single device can do, but when combined with other solutions in an environment, the value is often greatly enhanced. Safe•Connect serves as the foremost authority for identity in a network. From our Single-Sign-On capabilities to our captive portal, Safe•Connect has the technology to know who is on the network at all times. Impulse Point’s Identity Correlation Manager (ICM) solution serves to remember this information, in the extremely dense dynamic networks of today. Using feeds from various networking equipment, Impulse Point’s ICM appliance can authoritatively track a device as it moves across the network. This information can then be exported using the ICM’s Identity Output Connectors. The ICM will export ‘identity based sessions’ to devices that can consume this data. ICM supports several vendors (i.e., Palo Alto, Procera) today with more planned in the future.

Tab 7 – Pricing

Safe•Connect’s Strengths and Capabilities Policy Assignment by Active Directory User Membership Group

The Safe•Connect system provides the ability to assign unique policies based on IP address range, VLAN segment, or subnet. The organization can also assign policies by individual user role as defined by existing Active Directory Services infrastructure. Therefore, you can apply policies based on the authentication credentials of the end user (i.e., employee, faculty, staff, research, guest, vendor, etc.)

Guest User Management The Safe•Connect system can automate the process of managing restricted network access for guests, which will limit the guest user from accessing any internal resources within the network other than the Internet and other acceptable destinations.

Broadcast Messaging The Safe•Connect system provides the ability to send broadcast messages with up-to-the-minute information for either scheduled or immediate communications with students, staff, vendors, or guests.

Access Point Management

The Safe•Connect system provides the ability to manage unknown, rogue wired or wireless access point devices that may connect to the network. The Safe•Connect system can detect whether an endpoint is located behind a Network Access Translation (NAT) device and can perform the applicable enforcement quarantine and remediation action to properly register the device.

P2P File Sharing Management

The Safe•Connect system can help manage the use of illegal file sharing services and other non-compliant applications within the network. The Safe•Connect system can detect whether the endpoint device is operating (downloading) material from P2P file sharing services and deliver enforcement and/or warning messages as dictated. The Safe•Connect system can also prevent the endpoint device from outbound P2P file sharing, thus negating the risk of high-bandwidth consuming server farms or Record Industry Association of America (RIAA) take down notices.

WSUS Integration The Safe•Connect system can automate the process of integrating endpoint devices to patch management systems (such as Microsoft WSUS) even if the end user device is not managed by an existing Active Directory policy group domain.

Gaming Device Management

The Safe•Connect system provides the ability to recognize and auto-connect or block gaming devices, such as Microsoft’s Xbox 360 on the network.

Custom Policy Builder

The Safe•Connect system will provide the ability to create custom enforcement, remediation policies, and individualized messaging for unique security or regulatory requirements. The organization will have the ability to build policies based on the existence or non-existence of file types, registry settings, services, and processes on individual endpoint devices.

Proactive Maintenance and Support Services

The Safe•Connect system is supported by the industry’s most comprehensive implementation and support services agreement. Impulse Point will provide continuous proactive monitoring and support that includes hardware appliance and software problem determination and resolution support consistent with operational management processes, as well as upgrade protection to future software functional releases. Daily policy configuration remote backups are included which enables Impulse Point to restore and deliver a replacement system within 24 hours.

Tab 7 – Pricing

Deploying a Network Access Control Solution on Your Network Network Requirements Safe•Connect is specifically designed as a vendor-independent solution that easily integrates into existing (or future) network architecture with no manipulation of Layer2 switches, no forklift upgrades, and fewer moving parts. The Safe•Connect system simply requires access to one or more Layer3 switch/router points of network aggregation that supports Policy Based Routing (PBR), and either NetFlow or sFlow. System Design and Integration To address a standard network environment, Impulse Point recommends the following: Impulse Point will pre-load and configure the appropriate number of Safe•Connect Policy Manager Appliances in a centrally-deployed, clustered configuration to support the environment. The Safe•Connect Appliance will connect non-intrusively to the existing router core network infrastructure in an out-of-line network fashion that will not introduce performance bottlenecks, maintenance-driven network outages, or additional points of failure. The Safe•Connect Solution will take less than an hour to initially be connected and tested, and will not require a scheduled maintenance network outage. The Safe•Connect system can be installed at your convenience and can remain in a passive mode until the network manager assigns policies by IP, IP range, subnet, VLAN or directory services group. Impulse Point will conduct standard remote policy administrator and help desk personnel training. The organization will have the ability to configure policies using the Safe•Connect Policy Manager, test their desired enforcement policies, and refine the content and branding of the remediation policy notification pages provided by Impulse Point to maximize the end user experience. After acceptance testing is concluded, the system is ready to begin its production deployment. Impulse Point typically recommends a phased-in deployment. The Safe•Connect system can be deployed very quickly with minimal technical resources, and provide a ready-to-go solution. Endpoint devices connecting to the network (wired, wireless, and VPN) will be intercepted, authenticated, presented with the acceptable use policies, and issued a Safe•Connect Policy Key. The Policy Key can also be pre-distributed to all managed end user devices via active directory group policies or other preferred method of software distribution. The Safe•Connect Policy Key certifies that the endpoint device adheres to endpoint security policies on a continuous/real-time basis. It reports non-

Tab 7 – Pricing

compliance to the Safe•Connect Policy Manager and delivers individualized remediation guidance. The endpoint devices can remain completely isolated at Layer2 using I-LAN quarantine technology until the policy breach is resolved. In addition, Layer3 quarantine will be enforced via Policy Based Routing at network points of aggregation. The Safe•Connect system has been designed for remote setup. By leveraging our managed services capability, we can install a system in less than an hour. Impulse Point can accomplish this by pre-loading the Safe•Connect system with the organization’s specific configuration information, and guiding the network team through the connection process. Using a secure remote access connection, Impulse Point can further customize and troubleshoot issues, if required. Impulse Point does not anticipate the need for on-site installation support services due to the sophistication of our remote operationally managed support services. However, on-site installation support can be scheduled at an additional cost. Turn-key implementation planning, remote policy administrator and help desk personnel training and deployment assistance support are bundled into the initial cost, in addition to the first year managed services support and maintenance. Impulse Point will assist in developing a deployment plan and will provide support throughout the production deployment process. Impulse Point’s managed service offering also includes on-going “how-to” consultative support that will enable the organization to maximize their investment.

Proposed Work Plan and Timeline Impulse Point prides itself on the rapid, efficient, and low-risk implementation of the Safe•Connect solution. This is accomplished by utilizing a proven Service Delivery Methodology and Impulse Point’s Proactive Maintenance and Support Services to ensure minimal impact to the client’s existing network infrastructure and effective use of Customer and Impulse Point resources during the implementation process. A sample, high-level conservative project plan for implementing Safe•Connect is shown below:

Organization

Estimated Involvement by

Org

Level of Staff Required

Ownership Responsibility

Complete Installation Worksheet & Validate Policy Enforcer Design

1-2 hours Network and Policy Administrator

Customer

Pre-Configure/Test Appliance/Ship N/A Not Applicable Impulse Point Schedule Remote Safe•Connect Installation and Connectivity Testing

Less than 1 hour per Policy Enforcer

Appliance

Policy Network Engineer


Tab 7 – Pricing

Schedule Safe•Connect Administrator/ Desktop Support Training PART 1



Schedule Safe•Connect Administrator/ Desktop Support Training PART 2



Validation Testing of Policies and Notification Pages

As Coordinated Administration Team

Customer

Initial Pilot Roll-out to Introduce Help Desk and Refine

TBD Administrator/ Help Desk Team


Commence Phased-in Deployment TBD Administrator Customer Participate in Weekly Status Meeting Calls

On-Going ½ Hour (As

Needed)

Administrator Impulse Point and Customer

Project Completion Wrap-up TBD Committee Impulse Point and Customer

What Your Users Will See All devices (including wired, wireless, or VPN) connecting to the network are automatically intercepted, and challenged by a customer-branded authentication portal such as the samples shown here. After providing the appropriate credentials, the user will be presented with the acceptable use policies (during the initial registration process) and their device will be certified that it adheres to endpoint security policies. After the user inputs their credentials, the Safe•Connect system will authenticate the user against an AD directory server and apply any appropriate policy enforcement as defined. Assuming the user is consistent with stated policies, they will be allowed network access. Users not in compliance with stated policies will receive individualized policy notification pages to communicate the reason for non-compliance (e.g. out of date anti-virus protection) and guide them through the remediation process by providing instructions and a link to an internal or external source where the appropriate software can be downloaded.

Tab 7 – Pricing

The end user will automatically regain their network access privileges as soon as they comply with the stated policies. Safe•Connect continues to maintain the security posture of the device as long as it remains connected to the network. The organization may also choose to direct users to any internal resources within the network other than the Internet and other acceptable destinations. Your Users and Their Privacy Maintaining the privacy of end users is a primary design consideration and long-term objective of the Impulse Point Safe•Connect™ Solution. Safe•Connect enables organizations to take more proactive measures in ensuring a secure IT infrastructure. The goal is to provide for an environment free of security threats and vulnerabilities—which promotes the exchange of ideas, information, and content to create a positive and productive network environment for all parties. The organization maintains full and complete control over their own policies and how, or even if, these policies are enforced. Each campus determines their strategy for allowing full access, warnings, quarantines, and remediation. Impulse Point is committed to protecting the privacy of your organization and the end user community you support. We have established security, technology, and business processes to ensure that personal information is never collected or stored by our applications or services. An independent examination of our privacy practices certifies that Impulse Point and the Safe•Connect product both conform to the American Institute of CPAs (AICPA) standards. The completion of a Service Organization Controls - Type 2 (SOC 2) Privacy Report resulted in an independent CPA firm finding that Impulse Point’s Privacy Statement is accurate. Personal Information The software installed as part of the Safe•Connect Solution (i.e., the Policy Key) does not report or log any activity other than what is required to ensure end user compliance with the endpoint security policies set forth by the organization. No direct personal information is collected or stored. In situations where the end user device is found to be out of compliance with stated security policies, the Safe•Connect System will warn or quarantine the endpoint device based on the policies defined by the organization within the Safe•Connect Policy Manager. Safe•Connect collects no information until it is configured by the user’s policy administrator. All queries of a user's machine must be explicitly formulated by the organization's policy administrator before they can be evaluated by Safe•Connect. Safe•Connect does not gather any personal information, or perform any checks, that is not configured by a policy administrator. Additionally, Safe•Connect has been designed with personal privacy in mind and can respond to a limited range of true/false questions. These questions center around the health and configuration of the endpoint and the impact it may be having on network performance. The system cannot respond to open-ended questions, or general requests for information. The system can only return a true/false answer and the transaction occurs over an encrypted communications channel. For example, “Is XYZ anti-virus software up to date and running on this device?” The answer is either true or false.

Tab 7 – Pricing

Programs, Files, and Content Real-time policy status metrics of endpoint devices under policy management are kept in a secure database within the Safe•Connect Policy Enforcer Appliance, which remains on the organization’s premises. The Safe•Connect system database contains no information that can link directly back to end user personal content. The data collected is related only to the status of specific policies defined by the organization. Under certain circumstances end users may be denied network access and quarantined based on the organization’s acceptable use policy enforcement rules. In such circumstances the system provides remediation guidance to the end user to become compliant with security policy. As always, the data collected is related only to policy status and it is used solely for statistical trending and compliance auditing by the organization. In short, Impulse Point will never collect or store personal information from its customer's constituents, and will never communicate directly with end users outside of a Safe•Connect Managed Network environment. Centralized Policy Management Each organization can define and change endpoint computing policies and enforcement rules by network segment or directory services policy group from a centralized policy management interface (shown to the right). The Safe•Connect Policy Management Console also delivers real-time and historical policy status reporting that provides valuable insight into group or individual policy compliance. Safe•Connect provides the capability to automatically quarantine non-compliant users and provides the end user with policy notification and remediation guidance for specific policies. This includes the ability to direct the end user to a specific internal or external website to correct any policy deficiencies. Safe•Connect’s Reporting Dashboard The easy to read GUI interface (shown to the right) allows administrative personnel to view the security status of an individual end user, as well as the ability to view the exact policy notification web page that the end user is viewing when in a quarantine or warning condition.

Tab 7 – Pricing

Historical policy event data for individuals or groups can be automatically exported and stored at predefined internals to external relational database stores (mySQL, MS SQL Server, etc.) for query and compliance related archival storage requirements, as desired. Information that can be exported includes the following: Individual user name IP address MAC address Last contact/log in (date/time) Type of device Group or role Specific compliant policies Specific non-compliant or failed policies

Sales Support: 24/7 Proactive Maintenance and Support Services The Safe•Connect system is supported by the industry’s most comprehensive implementation and support services agreement. Impulse Point will provide continuous proactive monitoring and support that includes software problem determination and resolution ownership, hardware appliance and software maintenance, and future feature enhancements. The health of the Safe•Connect system is monitored from the Impulse Support Center on a continuous basis. The organization maintains full control of managing their desired endpoint computing policies and enforcement rules via the Safe•Connect Policy Management Console. Impulse Point’s Standard Proactive Maintenance and Support Service includes the following:

COST OF ON-GOING MAINTENANCE AND SUPPORT SERVICES

IMPULSE POINT

OTHER PROVIDERS


Service Availability

Impulse Point will monitor the appliances installed at Customer’s site 24 x 7 x 365 from its Support Center. If a hardware failure is detected, a new Policy Enforcer appliance will be delivered next-day air with policies restored from the previous night’s backup. If the on-site spare option was chosen, the restore procedure will take place as soon as the hardware failure is detected. Customer must permit continuous 24 hour monitoring access for the Impulse Point Support Center to the Policy Enforcer devices. If this access is not granted, Impulse Point cannot extend the Service SLA to these devices.

Tab 7 – Pricing

Scheduled Downtime The Impulse Point Support Center may schedule downtime for regular maintenance and systems upgrades. The time window allowed for these activities is every Sunday from 12:00AM to 2:00AM. This downtime will not have any material effect on the normal operation of the remote Policy Enforcer appliances or network resources. Any definition of service windows in the service contract will take precedence over the Standard Service Level Agreement. Impulse Point will notify the customer of planned changes no less than 3 days prior to implementation.

Response Times and Priority Levels Cases may be opened in the Impulse Point Case Management System by emailing or calling customer support. Contact information for support is provided below. Once the appropriate Priority Level is assigned, cases will be routed through the support queues accordingly. The chart below provides case Priority Level descriptions and response times.

Priority

Level


Case

Assigned


Issue/Problem




< 30 Minutes


ASAP

P2


Degraded network availability < 1 Hour < 4 Hours Same

Business Day

P3 Small number of users affected New end point Security Software Recognition Updates

Consultative: How-to / FAQ Same

Business Day Next

Business Day < 48 Hours or As

Scheduled


Impulse Point Support Contact and Escalation

For support requests, submit an email to [email protected]. For Priority 1 or Priority 2 cases*, regardless of time of day, please call 863-904-5330 to contact the 24 Hour Support Center.

*Priority 1 cases are defined as a total system or severe outage. This is reserved for situations where your Safe•Connect system is completely offline, not functioning, or a severe network disruption is being experienced. *Priority 2 cases are defined as a widespread (multiple users) outage. This is used for situations where the Safe•Connect system is still online but not functioning properly and the result is that multiple users are being affected.

Tab 7 – Pricing

The Impulse Point Support Center will ensure an engineer is contacted to handle your case. Once opened, if a case exceeds the SLA time assigned based on priority, escalations are sent to the appropriate Technical and Management personnel. Please see the chart above for details.

Training Impulse Point includes remote Web-based training for policy administrators and help desk support personnel as part of the bundled initial cost. Training is typically conducted via a conference call on the same day of implementation, and usually takes 2-4 hours. We suggest that both the policy administration and help desk teams are present. Impulse Point would be glad to conduct a combined training session or separate based on the support team’s size and schedules.

The following topics are covered during the conference call:

Installation of the Management Console Access the Management Console Adding Users to the Management Console Reporting Creating Policies Creating Policy Groups Adding Policy Components Set Up Authentication NAT Policies Anti-virus Policies Operating System Patch Compliance Anti-Spyware Settings Shared Music Settings Custom Policy Settings and Policy Enforcement Change the Order of Policy Enforcement

Administrative and help desk manuals are available online. Online/remote training is also provided. The Impulse Support Center is also available for “how-to” consultation as a managed service feature. The following topics are covered:

Installation of the Management Console Access the Management Console Adding Users to the Management Console Reporting Creating Policies Creating Policy Groups Adding Policy Components Set Up Authentication NAT Policies Anti-virus Policies Operating System Patch Compliance

Tab 7 – Pricing

Anti-Spyware Settings Shared Music Settings Custom Policy Settings and Policy Enforcement Change the Order of Policy Enforcement

Tab 7 – Pricing

5 | Bid Signature Page

The undersigned hereby agrees to the specifications, terms and conditions of this request for proposals from Proposers to provide Networking and Mobile Device Management Solutions products and related services. The undersigned acknowledges his authority to submit this proposal on behalf of the Proposer listed below and bind it to comply with these specifications, terms and conditions if any contract is awarded through this RFP process. Furthermore, the undersigned certifies conformance to applicable Federal laws, Oregon Revised Statutes, and Oregon Administrative Rules concerning public contracts, and that this proposal is made without connection with any person, firm or corporation making a proposal for the same goods or services, and is in all respects fair and without collusion or fraud.

Legal Name of Proposer Impulse Point, LLC

Federal Tax Identifier 65-121-4267

Authorized Representative

Printed Name Tim Evans

Signature

I, the above signee, certify the pricing provided in this

Proposal is the lowest available pricing from my firm to NCPA members.

Title Vice President, Impulse Point

Date Signed December 14, 2012 Legal Address

Street 6810 New Tampa Highway, Suite 400 City, State Zip Lakeland, Florida 33815

Phone Number 863-802-3738 or 508-330-8212

Tab 7 – Pricing

Impulse Point 6810 New Tampa Highway, Lakeland, Florida 33815

863.802.3738 www.impulse.com

Contact Tim Evans at [email protected] or at 508.366.0685

Tab 8 – Value Added Products and Services

Include any additional products and/or services available that vendor currently performs in their normal course of business that is not included in the scope of the solicitation that you think will enhance and add value to this contract for Region 14 ESC and all NCPA participating entities.

Training Impulse Point includes remote Web-based training for policy administrators and help desk support personnel as part of the bundled initial cost. Training is typically conducted via a conference call on the same day of implementation, and usually takes 2-4 hours. We suggest that both the policy administration and help desk teams are present. Impulse Point would be glad to conduct a combined training session or separate based on the support team’s size and schedules.

The following topics are covered during the conference call:


Administrative and help desk manuals are available online. Online/remote training is also provided. The Impulse Support Center is also available for “how-to” consultation as a managed service feature. The following topics are covered:



Your Users and Their Privacy

Maintaining the privacy of end users is a primary design consideration and long-term objective of the Impulse Point Safe•Connect™ Solution. Safe•Connect enables organizations to take more proactive measures in ensuring a secure IT infrastructure. The goal is to provide for an environment free of security threats and vulnerabilities—which promotes the exchange of ideas, information, and content to create a positive and productive network environment for all parties. The organization maintains full and complete control over their own policies and how, or even if, these policies are enforced. Each campus determines their strategy for allowing full access, warnings, quarantines, and remediation. Impulse Point is committed to protecting the privacy of your organization and the end user community you support. We have established security, technology, and business processes to ensure that personal information is never collected or stored by our applications or services. An independent examination of our privacy practices certifies that Impulse Point and the Safe•Connect product both conform to the American Institute of CPAs (AICPA) standards. The completion of a Service Organization Controls - Type 2 (SOC 2) Privacy Report resulted in an independent CPA firm finding that Impulse Point’s Privacy Statement is accurate. Personal Information The software installed as part of the Safe•Connect Solution (i.e., the Policy Key) does not report or log any activity other than what is required to ensure end user compliance with the endpoint security policies set forth by the organization. No direct personal information is collected or stored. In situations where the end user device is found to be out of compliance with stated security policies, the Safe•Connect System will warn or quarantine the endpoint device based on the policies defined by the organization within the Safe•Connect Policy Manager. Safe•Connect collects no information until it is configured by the user’s policy administrator. All queries of a user's machine must be explicitly formulated by the organization's policy administrator before they can be evaluated by Safe•Connect. Safe•Connect does not gather any personal information, or perform any checks, that is not configured by a policy administrator. Additionally, Safe•Connect has been designed with personal privacy in mind and can respond to a limited range of true/false questions. These questions center around the health and configuration of the endpoint and the impact it may be having on network performance. The system cannot respond to open-ended questions, or general requests for information. The system can only return a true/false answer and the transaction occurs over an encrypted communications channel. For example, “Is XYZ anti-virus software up to date and running on this device?” The answer is either true or false. Programs, Files, and Content Real-time policy status metrics of endpoint devices under policy management are kept in a secure database within the Safe•Connect Policy Enforcer Appliance, which remains on the organization’s premises. The Safe•Connect system database contains no information that can link directly back to end user personal content. The data collected is related only to the status of specific policies defined by the organization.


Under certain circumstances end users may be denied network access and quarantined based on the organization’s acceptable use policy enforcement rules. In such circumstances the system provides remediation guidance to the end user to become compliant with security policy. As always, the data collected is related only to policy status and it is used solely for statistical trending and compliance auditing by the organization. In short, Impulse Point will never collect or store personal information from its customer's constituents, and will never communicate directly with end users outside of a Safe•Connect Managed Network environment.

♦

♦

♦

♦

♦

♦

♦

Impulse Point

Tim Evans, Vice President

6810 New Tampa Highway, Lakeland, FL 338156810 New Tampa HiiHiHiiiHiigggggggg

October 1, 2013

Impulse Point

6810 New Tampa Highway

Lakeland, FL

33815

863-802-3738

813-435-2166

Tim Evans

Vice President Sales

Dennis Muley

President

i

national cooperative purchasing alliance impulse point and...

Documents