In discussions with organizations about security initiatives that they are planning over the next 12 months, I am surprised that very few say they plan to purchase and implement Network Access Control. This is a solution that comes very low on the totem pole, and in fact, if discussing with some sys admins, it is more a cause of frustration than deemed a valuable asset, or essential tool for security. One of the key features of a NAC is providing a snapshot of all assets – both trusted and untrusted – within a network, providing a visual representation of what an organization must protect, because you cannot protect what you don’t know you have.
A Network Access Control product provides immense benefit, and the return on investment is almost immediate.
Looking at one of the most referenced documents when it comes to security – the Critical Security Controls, a NAC provides the easy wins for a number of controls, including asset inventory, continuous vulnerability assessment, and malware defenses. In addition NACs provide visibility into your network, the ability to enforce policies at a granular level and protection against Advance Persistent Threats and malware.
Item One: Inventory of authorize and unauthorized devices:
Maintain an asset inventory of all systems connected to the network and the network devices themselves, recording at least the network addresses, machine name(s), purpose of each system, an asset owner responsible for each device, and the department associated with each device.
The diagram below provides a snapshot that is provided by the NetBeat NAC, from the diagram you can see the IP address, the time it was first detected, MAC Address, and operating system including service packs and the manufacturer.
Item 4 – Continuous Vulnerability Assessment and Remediation
Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.
Run automated vulnerability scanning tools against all systems on the network on a weekly or more frequent basis and deliver prioritized lists of the most critical vulnerabilities to each responsible system administrator along with risk scores that compare the effectiveness of system administrators and departments in reducing risk.
The NetBeat NAC vulnerability scanner helps you identify the most urgent patches needed to harden your network against attack. After you run scans, detailed reports alert you if an attached device has a problem, or you can simply block an asset if it fails a vulnerability scan. These are very helpful in complying with requirements mandated by HIPAA/HITECH, PCI, GLBA, and other security standards.
Item 5 – Control Malware
Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.
As you can see from the image above, the risk profiler will provide immediate notification of a threat, in addition to blocking traffic to C&C (command and control), and in essence stopping exfiltration of data.
The NetBeat NAC scans for real-time malware traffic back to known malware sites. The database is synchronized multiple times a day to protect networks against zero-day threats. Because it can be integrated with the blocking engine, threats can be blocked within 10 milliseconds of detection versus just receiving an alert
Another benefit includes better BYOD control, without having to install additional software on mobile devices as well as segregating guests to their own VLAN.
For more information on how a NAC can supplement your existing security solutions, contact us.