How Does the Gateway Use the Host Information to Enforce Policy?

• HIP Objects—The matching criteria used to filter out the host information you are interested in using to enforce policy from the raw data reported by the app. For example, while the raw host data may include information about several antivirus packages that are installed on the endpoint, you may only be interested in one particular application that you require within your organization. In this case, you would create a HIP object to match the specific application you are interested in enforcing.
  The best way to determine what HIP objects you need is to determine how you will use the host information you collect to enforce policy. Keep in mind that the HIP objects themselves are merely building blocks that allow you to create the HIP profiles that are used in your security policies. Therefore, you may want to keep your objects simple, matching on one thing, such as the presence of a particular type of required software, membership in a specific domain, or the presence of a specific endpoint OS. By doing this, you have the flexibility to create a very granular (and very powerful) HIP-augmented policy.
• HIP Profiles—A collection of HIP objects that are evaluated together, either for monitoring or for security policy enforcement. When you create your HIP profiles, you can combine the HIP objects you previously created (as well as other HIP profiles) using Boolean logic, such that when a traffic flow is evaluated against the resulting HIP profile, it either matches or does not match. If there is a match, the corresponding policy rule is enforced. If there is no match, the flow is evaluated against the next rule, as with any other policy matching criteria.