Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Beyond access control with next-generation NAC

ForeScout Technologies : 02 February, 2015  (Special Report)
Fran Howarth, senior analyst for security at Bloor Research explains how next-generation Network Access Control (NAC) is capable of defending against rogue users, devices and applications
Beyond access control with next-generation NAC

Network access control (NAC) technologies have traditionally been used to control access to network resources and to reduce malware propagation through user and device authentication. In recent years, however, NAC technologies have morphed into platforms that combine traditional capabilities with functionality that caters to more advanced requirements covering mobile device use and security, endpoint compliance and security threat management. These next-generation NAC platforms have matured to such an extent that they provide organisations with actionable insight for discovering, categorising and assessing the security state of users and devices.

As a result, next-generation NAC can readily address rogues: unauthorised users, unknown or unwanted devices, and unsanctioned applications. Not only can they isolate rogues from the network, leveraging pre-connect and post-connect security intelligence, but they can respond faster to a wider variety of threats, vulnerabilities, and non-conforming behaviour than can conventional discovery and manual response approaches.

One organisation that has recently deployed next-generation NAC is Colt Technology Services. A multinational IT services company with its headquarters in London, Colt decided to adopt a Bring Your Own Device (BYOD) policy worldwide to provide its employees with the flexibility to work how they wish, as part of its ongoing strategy regarding virtual desktops. However, it does require that all those who wish to use their own devices, such as smartphones and tablets, be enrolled in its mobile device management (MDM) programme, with properly configured agents installed on their devices.

Colt uses ForeScout CounterACT NAC to ensure that all devices connecting to its network are properly validated. Should a device try to connect to the network without having the correct agent installed, it is temporarily blocked and the user is provided with the option to download or enable the agent on their device. Once they have done so, they are allowed to access the network. In addition, Colt uses CounterACT to centrally enforce its BYOD policy, to provide real time visibility into what devices, applications, and users are currently on its network. This allows the company to quickly and automatically respond to any new threats encountered, and to update devices with critical software updates when they are made available.

From Colt’s perspective, one of the prime advantages of selecting next-generation NAC was that it was able to roll it out to all of its offices worldwide without the need to deploy personnel to each location, whilst managing the implementation worldwide from one central point. On implementing the technology, the first surprise for Colt was that it immediately realised that there were a fair number of devices connecting to its network that it had not been aware of, some of which had been on the network for some time. Because of this, Colt cautions that it is necessary to take into account the fact that people will bring in more devices than originally anticipated, requiring that the technology vendor be flexible in supporting it with licensing arrangements. It also came across more transient equipment than expected, such as occasional services appearing in its data centre, which CounterACT was quick to spot. Colt believes that organisations should plan to be surprised at just how many rogue devices will be encountered.

For Colt, the extensive and powerful reporting capabilities offered by next-generation NAC proved to be a real bonus, allowing it to quickly spot new threats as they occur so that it can immediately take precautions to safeguard its entire network worldwide. An additional benefit was the speed at which it was able to implement the technology, providing the fast return on investment that was a key consideration when selecting it.

Many organisations – across all industries – are concerned about rogue users, devices and applications, and are grappling with the need for better network and endpoint security in light of today’s compliance requisites and growing threat landscape. As demonstrated by Colt, next-generation NAC technologies can help, not only improving an organisation’s risk posture, but also enabling new, more effective ways of working in a secure and efficient manner.

Read the full white paper "Bloor Research: Defending Against the Rogue"

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo