Business networks – from SMBs to large enterprises to education institutions and everyone in between – have never been more vulnerable. Trends like cloud computing, bring your own device, remote workers, Internet of Things and connected devices, wide-scale wireless access points, and many more have exponentially increased the number of vulnerability points organizations face.
Attackers watch these trends with as much interest as the CIO – they know each step forward on the productivity front translates into 4-5 steps backward on the security front. But in today's business environment, keeping attackers off of a network is simply impossible – there are too many vulnerabilities and infection points to keep everyone out. It's not a matter of if a business' defense will be penetrated, but when. No matter what we come up with from a security product standpoint, there is nothing that can protect an organization 100 percent of the time from an attacker's best friend – the unwitting employee who accidentally clicks a malicious link, opens an infected attachment, or visits a corrupted website.
This knowledge is driving some fundamental changes in the security industry, the biggest of which is a move away from a pure prevention model of security, where the priority was focused on strong perimeters to keep threats out, to one that combines prevention with rapid detection, investigation and remediation. The goal of this security ecosystem is to minimize and lessen the impact of a threat by identifying, finding and removing the threat's electronic foothold as fast as possible.
The security industry has been trending this way with the emergence of each new enterprise movement. Bring-your-own-device (BYOD) drove the emergence of the mobile device management (MDM) industry. Advanced threats drove the increased reliance on security intelligence, SIEM and forensic investigation solutions. Mobile proliferation and connected devices brought about bigger investments in endpoint compliance solutions.
The seemingly common place billion dollar acquisitions and IPOs in the security industry are evidence of the growing importance of these solutions and a harbinger for what's coming next: a security ecosystem that encompasses the best of these technologies, integrated and working in tandem to automatically identify and remove all threats from a network. The only thing that has been missing is the ability gain broad, real-time visibility of everything connected to a network, combined with real-time mitigation capabilities.
Automating Threat Response in the NAC of Time
Network Access Control (NAC) is one of the longest standing and most effective security technologies in the industry. The original use of NAC was to make sure that people connecting to a network should be on the network in the first place. As business trends evolved, so did the technology and use. NAC enjoyed a re-birth in the face of BYOD. As businesses were inundated from personal devices demanding network access, NAC provided visibility and profiles of every device that came into contact with a network, and ensured security policy could be automatically enforced. Integrated with MDM, NAC provided the foundation for a BYOD solution that addressed security on a device and network level.
This is the foundation for the next generation of automated threat response. NAC completes the picture by contributing unique actions missing from threat detection solutions. NAC identifies every device with an IP address on a network and correlates that IP to a specific device, user and connection point. This enables businesses to immediately identify infection points and root cause devices in the case of a security incident.
This needed visibility is accompanied with NAC's ability to immediately remediate the threat by taking the compromised device off the network. Because NAC can identify devices down to the user level, they can also take off other devices the infected device owner may have that are currently connected to the network. Here are six primary benefits of NAC as the core of an automated security ecosystem:
- Live Connection Inventory – maintains a live inventory of every user, device, point and time of connection and disconnection;
- Pre-Connect Endpoint Risk Assessment – device risk is assessed before network access is granted;
- Risk-Based Network Access – every device and user is provisioned network access based on policy and risk assessment;
- Connection History and Playback – records every user, device, connection location and time, to trace a threat's entry point and propagation path;
- Network Alert to Endpoint Mapping – network-based alerts are correlated to infected endpoints reducing incident response time;
- Real-Time Threat Remediation – blocks or isolates infected devices in real-time minimizing a threat's window for impact.
NAC has emerged as the enforcement arm of the growing integrated security ecosystem. As a result, businesses can reduce the risk and minimize the incident response time to a security event. In a world where prevention is impossible, understanding and minimizing impact by automating threat response critical to mitigating risk.