Next Generation NAC
This is the second installment in a 4-part blog series on cyber-security, sponsored by our partner Netrality.
Part 1: Cybersecurity Essentials: Vulnerability Management Programs
Part 3: Cybersecurity Essentials: Cloud Security and SASE
Part 4: Cybersecurity Essentials: Next-Generation Anti-Virus Protection
BYOD and the IoT revolution have raised a difficult new security challenge for organizations: What’s the best way to monitor and protect your network when countless distributed devices are connected to it?
Network access control (NAC) is a common security tactic that organizations use to restrict access to networks and limit the availability of network resources to endpoint devices. NAC is designed to ensure that authorized devices connect properly and prevent unauthorized devices from accessing your systems. NAC can also enforce compliance and patch management policies, as well as quarantine devices that may be compromised.
However, in the face of rapidly changing network infrastructure, more sophisticated endpoint attacks, and increasingly rigid compliance requirements, traditional NAC solutions are no longer adequate for endpoint security.
Yesterday’s NAC is no longer viable
Up to now, IT has secured devices inside the perimeter with firewalls and anti-malware software. With IoT, however, there is no perimeter. IoT devices are not always designed with robust security in mind, and even when they are, they can lack regular security updates. IoT devices can be easy targets for cyber-criminals because these devices often don’t verify the credentials of connections. In fact, a recent Hewlett Packard Enterprise study revealed that 84% of 3,100 line of business and IT pros said their companies have experienced an IoT-related breach.
NAC solutions must, therefore, evolve to fully coordinate endpoint visibility, vulnerability assessment, access controls, and automated threat responses.
The next generation of NAC
A next-generation NAC solution should be able to meet the following criteria:
Visibility
A modern NAC solution should be able to see and evaluate all devices when they try to connect to the network. It should also be able to automatically discover and categorize users associated with specific devices before granting network access—for example, what devices they have registered with the network and the time and location of the connection request. In addition, a NAC’s visibility and risk assessment duties should continuously scan for erratic user behavior or signs of endpoint compromise post-connection.
Granular control policies
In addition to regulating where devices and users can go within the network, and which resources they can access, NAC solutions today should also support intent-based network segmentation. This ensures that users and devices can only reach the applications and files that are relevant to their defined business needs.
Integration
NAC should seamlessly integrate with other solutions across the broader security architecture—including third-party products—to actively share relevant information about potential threats and enforce controls across the extended organization. This is a critical capability for protecting multi-vendor networks.
Automated real-time threat responses
A NAC solution must facilitate automated, real-time threat responses to immediately contain suspect devices before major damage or infection can occur. The ability for security solutions to send and receive real-time threat intelligence for coordinated actions across the entire organization is the “holy grail” of a connected security architecture.
Anomalous device or user behavior should instantly trigger a unified containment response across the security architecture. This might include automatic termination of a connection, restrictions placed on network access, quarantine isolation, and/or a range of security operations center (SOC) notification actions. These sorts of automated threat responses can reduce containment time from days to seconds, while at the same time supporting compliance with increasingly strict regulations and data privacy laws
Meriplex NAC has your back
Meriplex helps you align your security strategy with your business goals, reducing your cyber risk in the most effective way for your organization. Meriplex utilizes the FortiNAC technology because of the excellent integration and automation capabilities it has with different vendors, and within the Fortinet Security Fabric. This solution provides the automation that both your IT and INFOSEC teams need to identify rogue devices and protect the corporate network.
Leveraging Netrality’s interconnected colocation data centers and direct cloud on-ramps, Meriplex ensures the highest performing and most cost-effective solutions for their customers. Contact us to learn more.
About The Author
Andres Ruz, Director of Information Security
Andres has over 20 years’ experience in IT and Information Security and leads the Product Security team at Meriplex. He has an MBA in MIS, a Bachelor’s in computer science and six certificates in Information Technology Management and Security. He is also the Sector Chief for the Telecommunications Cross Sector Council (CSC) of the InfraGard with the FBI.