Skip to Content

EMBASSY® Endpoint Enforcer

Frequently Asked Questions

Click on the question to show the answer. Expand All Answers

  1. What is EMBASSY Endpoint Enforcer (EEE)?

    Wave Systems’ EMBASSY Endpoint Enforcer (EEE) is a component of an endpoint security system that captures, protects and validates measurements of the platform’s health and provides the result for action according to the organization’s security policy.

    The EMBASSY Endpoint Enforcer:

    • Captures and reports verifiable PC health and security metrics.
    • Provides the foundation upon which network connect decisions are based.
    • Takes advantage of trusted hardware – the Trusted Platform Module (TPM).
    • compatible with standard, interoperable TNC API’s.
    • Allows endpoint security systems partners to include TPM support.
  2. What are the EMBASSY Endpoint Enforcer (EEE) key features?

    Key Features of the EMBASSY Endopoint Enforcer:

    System Integrity:

    • Measures endpoint security system components to ensure the integrity of the system.
    • Measures any component on the endpoint per the corporate security policy.
    • Provides secured measurements to EEE Server for validation.
    • Enables 3rd-party applications and services to make informed access decisions.

    Hardware Security

    • Uses Trusted Platform Module (TPM) security chip as the root of trust for reporting (RTR).
    • Securely stores platform health integrity measurements.

    Partner Support

    • Fully compliant with Trusted Network Connect (TNC) APIs specified by the Trusted Computing Group (TCG) which is an interoperable, open standard.
    • Verified to be interoperable with major providers of TNC products.
    • Includes a Software Developer’s Kit (SDK) for adapting a 3rd-party’s NAC system to EEE.
    • Easily adaptable to non-TNC Network Access Control systems.
  3. What does a Network Access Control system do?

    Network Access Control (NAC) systems enforce security policies and restrict prohibited platform configurations on the network; identify and contain platforms that are noncompliant with policy; and stop malware and rootkits before they touch the network. By protecting against these malware and other attacks, NAC systems protect companies from financial losses that result from business disruptions, loss/theft of proprietary information, and loss of brand value and market capitalization. However, security researchers have recently discovered vulnerabilities when NAC systems aren’t protected by hardware, leaving many enterprises vulnerable to attack. This is where EEE adds value.

  4. What specifically does EMBASSY Endpoint Enforcer (EEE) protect against?

    EEE works in conjunction with a Network Access Control system to protect against “lying endpoints” or clients that have been infected or tampered with to lie about their health state to the NAC system. EEE also ensures that the client components of the NAC system have not been tampered with and that the system metrics for the boot-up process are accurate.

    One way that EEE mitigates the problem of endpoints that lie about their health, also called “lying endpoints,” is to add a layer of hardware and software protection. By harnessing the power of industry standard hardware security chips called Trusted Platform Modules (TPMs), now shipping on most business-class laptops and PCs today, network administrators can validate platform integrity and the integrity of the NAC system components.

    The TPM and associated software, in concert with a NAC system verifies the health of the PC and whether the NAC components can be trusted prior to passing control to the NAC system for further investigation.

  5. Which NAC systems EMBASSY Endpoint Enforcer (EEE) protect against?

    EEE has been validated with several NAC systems including Microsoft’s NAP and Juniper Networks’ UAC systems. However, EEE is designed to be compatible with all NAC systems and includes an SDK.

  6. Does EMBASSY Endpoint Enforcer (EEE) conform to any industry standards?

    Yes. EEE fully conforms to the Platform Trust Services (PTS) Specification standard of Trusted Network Connect (TNC) which is a subgroup and standard of the Trusted Computing Group.

  7. What is Trusted Network Connect (TNC)?

    TNC is a specification supported by many vendors for Network Access Control that enables location, identity, endpoint health, and behavior-based access control decisions for users in an enterprise environment. In addition, TNC specifies dynamic detection and provisioning of access for unmanaged devices. Integration with physical security controls offers a new dimension of access control intelligence. For more information, visit the Trusted Computing Group website at

  8. How can I get EMBASSY Endpoint Enforcer (EEE)?

    EEE must be adapted to the specific Network Access Control system that you have. Work with your NAC vendor to describe the hardware-based security that you desire and ensure that it is compatible with EEE.

  9. If I am a NAC vendor, how do I ensure that EMBASSY Endpoint Enforcer (EEE) supports my NAC system?

    Contact Wave Systems about receiving the SDK to ensure compatibility.

Additional Support

If you need additional information, please submit a Support Request Form. Customer Service will contact you within one business day with a response to your inquiry. To ensure quality customer service, please include your email address and a detailed description of the issue/inquiry.

Support Request Form