Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
Editor's Blog and Industry Comments

How to enforce policies when endpoints are increasingly not connected to the network

24 February, 2014
A new appliance is being announced at the RSA Conference this week which promises to solve the dilemma of maintaining corporate IT policy compliances on devices that are frequently used beyond the enterprise network

To coincide with the release of a new corporate network policy enforcement appliance at the RSA Conference taking place in San Francisco this week, we spoke to ForeScout Technologies about the problem of increasingly mobile workforces and the necessity to enforce corporate policy compliance even when they're not connected to the enterprise network.

Market research company, IDC, predicted that nearly 33% of the workforce would be working remotely by 2015. If all these remote employees connected into the corporate network, then existing technology for access management and policy compliance would be sufficient but the picture isn't that simple.

Employees use their own equipment and they use cloud appliances and are not necessarily always plugged into the network controlled by the company that they work for. Once one of these devices leaves the network and connects elsewhere, vulnerabilities are introduced and the endpoint could have its policy conformance compromised which will create problems the next time it tries to connect to the corporate network.

ForeScout CounterACT ApplianceHaving such "free range" endpoints on the inventory is also a headache for IT administrators since they don't have a constant awareness of the state or condition of the devices under their control. This increase in telecommuting and the fact that such workers represent the same or even more security exposures drove ForeScout Technologies to develop the RemoteControl appliance, about which we spoke to ForeScout's Chief Marketing Officer, Scott Gordon.

The concept of policy compliance on devices that are not connected to the network takes a leap of imagination to grasp so we asked Scott for a simple explanation of how the concept operates.

ForeScout's CounterACT provides Network Access Control and policy compliance for devices that connect to the corporate network, for example through a Virtual Private Network (VPN). RemoteControl is part of the CounterACT system but the appliance is outside the corporate firewall in what is known as the De-Militarized Zone or DMZ. Connecting to the appliance doesn't require connection to the corporate network so it is accessible to all devices which have been equipped with a software agent called SecureConnector.

The SecureConnector agent automatically and securely communicates with RemoteControl through any internet connection enabling compliance status to be monitored, fixes to be applied or required actions to be communicated to the user.

Downloading and setting up SecureConnector for each endpoint is simple and doesn't impact the usability or productivity of the device. It also means that by maintaining a compliant posture at all times when connected to any network, the device is less likely to encounter problems when next connecting to the corporate network.

Similarly, the RemoteControl appliance sitting in the DMZ automatically reflects the policy settings of CounterACT whilst providing the IT Administrator to adjust settings to suit the teleworking population that will be using RemoteControl. This provides granularity and flexibility in managing users and endpoint devices.

RemoteControl is featuring this week at the RSA Conference taking place in San Francisco and its announcement today can be seen here: "Continuous endpoint compliance both on and off the corporate network"

Jonathan Newell is a broadcast and technical journalist specialising in security systems and transport safety. He contributes to a range of titles in the technical press. He shares his time between the UK and Kazakhstan

Bookmark and Share