All Posts By

Michael Marvin

Marketing Coordinator, Ra’anana, Israel

By | Careers | No Comments

Portnox seeks an ambitious, hard-working and creative junior marketer to assist in the company’s global marketing and business development efforts. This role will work out of Portnox’s headquarters in Ra’anana, and report into the Director of Marketing, who is based remotely in the New York City area. The marketing coordinator will be responsible for providing support for on-going lead generation campaigns, content creation, social media and more.

Responsibilities:

  • Manage Portnox’s editorial calendar and content development processes
  • Draft blog posts in coordination with area experts from across departments
  • Oversee the company’s third-party forum contribution program (Reddit, Quora & Spiceworks)
  • Manage the company’s social media accounts (Linkedin, Facebook, Twitter & Instagram)
  • Ensure the hygiene of directory listings on Capterra, G2 Crowd, etc.
  • On-going CRM and marketing automation data cleansing and mining
  • Support on-going partner initiatives
  • Prepare monthly marketing reports
  • Oversee event-related logistics (shipping, swag, set-up, etc.)
  • Manage on-going cybersecurity awards programs
  • Liaise with executive leadership on-site for ad hoc projects

Requirements:

  • Independently lead and manage projects
  • Strong communication skills – written, verbal, presentation
  • Ability to manage numerous requests and time demands concurrently
  • A quick study – able to easily understand the team and larger company dynamic
  • A willingness to step outside your comfort zone to produce great work
  • BA/BS degree in business, marketing or another relevant field
  • English speaker
  • Experience with Salesforce, HubSpot, Canva and WordPress a plus
  • Basic HTML and CSS knowledge a plus

To apply, please send your CV to apply@portnox.com.

The Portnox network security weekly roundup

Weekly Network Security News Roundup – June 26, 2020

By | Network Security | No Comments

This Week in Network Security

In an effort to help you sift through the endless bombardment of content, news, and events, Portnox is excited to deliver its inaugural weekly network security news roundup. Below, find hand-picked articles, blog posts and more from across the web covering an array of topics, including network security architecture, access control, SD-branch, working remotely and more.

Happy reading and happy Friday!

COVID on the brain…

 

The IoT buzz…

 

The network security generalist…

 

For our MSP/MSSP brethren…

 

New from Portnox…

WEBINAR: How To Elevate Enterprise Remote Access to Zero-Trust

 

UPCOMING WEBINAR: How Mid-Size Enterprises Can Secure WiFi for Employees, Contractors & Guests

Register Today

Portnox Releases Zero-Trust Remote Access Control Solution for Enhanced VPN & VDI Security, Offers 90 Days of Free Service

By | press releases | No Comments

Cloud-Delivered Solution Strengthens Remote Access Security for Growing Remote Workforces in Wake of Coronavirus Outbreak

NEW YORK, NY – March 31, 2020 – Portnox, a leading provider of cloud-delivered network access control solutions, today announced the release of its Zero-Trust Remote Access-as-a-Service solution. Purpose-built to be layered over enterprise VPNs or virtual desktop infrastructure (VDI), the new cloud-delivered solution strengthens the security of remote access through VPN or VDI.

“With the COVID-19 outbreak, employees are being sent home to work. As a result, VPN usage is surging. This has left many companies scrambling to assess the security of their remote access infrastructure,” said Ofer Amitai, CEO of Portnox. “In many cases, they’re finding that they’re not prepared for such a large workforce trying to connect remotely.”

Portnox’s Zero-Trust Remote Access-as-a-Service solution elevates remote access security by enabling organizations to continually assess the risk posture of remote devices that may not be on their local network for weeks or even months, and to proactively take action based on endpoint risk – such as allowing, quarantining or denying access through the VPN. In addition to device posture assessment and access control decisions, network security teams can leverage Portnox’s solution to easily remediate devices that sit outside of internal risk policies, and restore devices to the proper posture to eventually grant network access.

“What truly makes this solution unique is that it’s delivered from the cloud. A member of the network security team can use our self-on-boarding portal to implement this from the comfort of their home in under an hour – it’s really that easy, said Tomer Shemer-Buchbut, Vice President of Products at Portnox. “Another great factor when laying this solution over your VPN or VDI, is that it requires absolutely no changes or additions be made to your existing remote infrastructure.”

For customers in select industries significantly impacted by the coronavirus outbreak, Portnox is offering the opportunity to extend maintenance and subscription periods of Portnox CLEAR by three months free of charge. Additionally, in order to help ensure that remote employees can connect securely through the VPN and remain compliant at all times, Portnox is providing three free months of remote access posture assessment for VPN access.

The rise of remote access in the wake of the global coronavirus pandemic presents a series of new and unique challenges for network security professionals and the organizations they work for. Most businesses are equipped with enough VPN hardware to support 20-30% of their workforce, but with nearly everyone deemed “non-essential” working remotely, this is proving to be not nearly enough. It is expected that during this period of quarantine and social distancing that cybercrime and the number of network security threats will grow exponentially.

 

About Portnox

Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit www.portnox.com, and follow us on Twitter and LinkedIn.

 

Media Contact

Michael Marvin
Director of Marketing, Portnox
e: michael.marvin@potnox.com
p: +1-802-249-7059

Royal London Bolsters Network Security & Gains Visibility & Access Control with Portnox

Royal London Bolsters Network Security & Gains Visibility & Access Control with Portnox

By | Network Access Management, Threat Detection and Response | No Comments

Cyber security data breaches are becoming increasingly common and severe. Today, banks, insurance companies, investment firms, and other financial institutions are considered to be prime targets. Due to the sensitivity and importance of their data, these institutions suffer approximately 300X more cyber breaches than any other industry.

In 2018, the financial sector reported 819 cyber incidents, an explosive increase from the 69 incidents reported for 2017 – including the infamous Equifax data breach. The total numbers for 2019 won’t be available until next year, yet we know that the financial sector has already experienced a number of significant attacks already this year. Such breaches included the attacks on Capital One, First American Financial Corp., Desjardins Group and Westpac/PayID.

Despite these pervasive cyber security threats, financial institutions are still failing to prevent, defend, prepare and respond effectively to attacks – particularly when it comes to network security. In many cases, the problem stems from executive leadership not prioritizing the cybersecurity budget or emphasizing its importance. Few organizations make prevention a priority, few apply the top recommended CIS controls or prepare employees on how to respond effectively in the event of a security incident. Unfortunately, poor network access control and other cyber security oversights lead to hundreds of millions of dollars in losses, the exploitation of personal data and more.

Some financial institutions, however, have already decided to take proactive measures this year to obtain risk monitoring, visibility and access controls. One such group is Royal London, the UK’s largest mutual life, pensions and investment company. Faced with limited network and device visibility, they had a variety of security and compliance issues to contend with. However, since implementing Portnox CORE, the company and all of its locations have instituted a higher level of cyber hygiene.

CORE is a simple to operate network access control solution that provides full visibility into every endpoint and component on the network, along with risk monitoring and enforcement capabilities. It is simple to deploy and manage and has received numerous cyber security awards.

From the moment Portnox’s on-premises NAC solution was implemented, Royal London’s security team has been able to successfully handle all challenges associated with visibility, control and compliance enforcement. This includes the ability to see all endpoints on the network, and ensure that they are properly secured according to company policies, privacy standards and regulatory compliance.

Furthermore, as risk-monitoring and other network security enforcement actions that would otherwise have to be done manually are now automated, Royal London’s IT team can devote their time to more important tasks, thereby increasing efficiency and productivity.

Fill out this form to immediately receive the full case study:



What is Network Access Control (NAC)?

By | Cloud Security, IoT, Network Access Management, Network Security, Our Technology, Threat Detection and Response | No Comments

An Examination of NAC, its Use Cases & its Future

Network Access Control (NAC) sits within the larger field of cybersecurity, and more specifically network security. It is a technology that enables organizations to enact its own unique policy for how and when endpoints (desktops, laptops, smartphones, etc.) can connect to their corporate networks. NAC solutions are typically designed to allow IT security teams to gain visibility of each device trying to access its network, and specifically the type of device and access layer being used (i.e. wifi, wired ports, or VPN).

Today, NAC provides a number of powerful features on top of what it was originally designed for nearly 15 years ago. These include security posture assessments for endpoints, which pinpoints any associated endpoint risks, allowing network security administrators to control network access based on their organization’s risk tolerance threshold.

With the rise of cloud computing, remote workforces, bring-your-own-device (BYOD) policies, and the internet of things (IoT), network access control has become a much more critical part of the larger cybersecurity technology stack at most companies. The technology itself has also evolved quite drastically in response to these emerging trends and their impact on networking and ensuring network security.

Expanding networks makes cloud based access control more important than ever.

The use cases for NAC today are constantly expanding. Network security professionals leverage NAC solutions for network visibility, the discovery of endpoints, security profiling, compliance enforcement, remediation…the list goes on. In general, NAC is designed to do two core tasks: 1) authenticate the endpoint trying to connect to the network, and 2) authorize access based on authentication and posture assessment.

Throughout this piece, we will examine how NAC is being used out in the real world, things to consider when defining your NAC policies, the best way to invest in NAC, and more. Feel free to skip to any section using the links below:

The Value of Network Access Control

Network access control delivers a host of benefits to the organizations that deploy it. Generally speaking, the value unlocked by NAC can be broken into three distinct areas of focus: 1) operational need, 2) security best practices, and 3) regulatory compliance.

A network access control system can be leveraged for a number of operational purposes.

Operational Need

One of the most interesting aspects of NAC is the fact that unlike many other areas of network security, it brings more than just the value of security to the table. In particular, NAC delivers three core operational values:

  • Device Onboarding – Properly connecting and removing new non-managed devices to/from the network.
  • Guest / Contractor Access – Securely granting limited access for third-parties connecting to the network, either for short or long periods of time.
  • Asset Profiling – Identifying which devices exist in your organization and where they are connecting from.

Security Best Practice

The importance of network security goes without saying. Network access control, however, checks the boxes for a variety of IT security best practices, including:

  • WiFi Security – Nearly 20% of SMBs experience a data breach by a former employee who still has WiFi access…make sure you can control all WiFi connections.
  • VisibilitySee all devices on your network – no matter device type, location, or access layer used to connect.
  • Containment – The ability to quarantine, block, or provide limited (guest) access to endpoints that do not meet your internal risk policies.
  • Asset Profiling – see above.

Regulatory Compliance

Highly regulated industries like banking, financial services, and healthcare require strict compliance policies when it comes to their networks. NAC helps to deliver this and more through:

  • Posture Assessment – Continually assess the risk posture of connecting devices across the network, no matter location or access layer.
  • Port / Wired Security – Ensuring no un-trusted device can physically connect to the network via wired ports in the office.
  • Segmentation – Properly directing employees into their respective departmental VLANs, or pushing visitors to the guest network.
  • WiFi Security – see above.

Individual Use Cases for Network Access Control

Within each of the three primary areas of value of NAC are a variety of different use cases for NAC. These include…

Device On-Boarding

NAC is frequently used for device onboarding, which is the process of providing new devices with access to the corporate network for the first time. It sounds simple, but it’s anything but. Business units and even departments (think Finance & Accounting, for example) often have their own VLANs since they’re dealing with very sensitive, confidential data.

Network access security is evolving as companies become more and more distributed.

The task of setting up such VLANs and onboarding new devices is just one of dozens of tasks overseen by frequently overburdened IT teams. So, if not done correctly at first, it can open the door to potential network vulnerabilities, such as a person gaining access to a part of the network he/she should not have the privileges for.

At a small scale, managing access manually if often sufficient. For larger organizations, however, this just isn’t sustainable. As a result, many large organizations that don’t have a secure onboarding process will often compromise on network security hygiene.

Guest Access

At some point in the workday, most companies will have non-employees visiting their offices for meetings and business dealings. These guests are typically on-site for brief periods of time but may need wifi access during the course of their stay.

Typically, each organization defines the level of authentication and monitoring they want for their visitors. Common policies include:

  • Disclaimer Only – Notifying the rules for which they might need to abide while using the company network.
  • Pre-Generated Username & Password – Simple authentication for better control of whom is connecting the network
  • Sponsorship – Authentication based on an individual working for the organization. Usually, the sponsor will receive an email to approve the connected guest.

Many organizations offer a guest network, where day-to-day visitors are directed. This approach effectively eliminates the most common threat – someone that is just looking to be connected to the internet. The most common way to implement network access for guests is through the use of a captive portal.

Contractor Access

Additionally, many businesses hire contractors or consultancies to tackle specific projects. These individuals and groups will need network access for extended periods of time and will need to be granted access to company resources and sensitive, proprietary data. NAC is used to dictate and enforce the level of access these types of individuals receive based on internal policies.

BYOD

In recent years, remote work has soared due to a greater demand for mobility and flexibility. This has given rise to the adoption of bring your own device (BYOD) policies within many organizations. Now, while this approach makes operational (and even financial) sense, it does come with a caveat. By allowing employees, contractors, and guests alike to use their own devices to connect to the network, you’re immediately faced with issues like data leakage, malware infections, the mixing of corporate and personal data, and more.

To secure network access, you need to understand how your organization uses devices.

With BYOD, a network access control solution can effectively secure such a fragmented network through multiple methods of authentication, and by making sure device risk posture is valid and continuously remediating any security issues in real-time. First, network security administrators can use a dedicated SSID for employee device authentication – no matter if it’s managed or personal. They can then create a separate SSID for guests and contractors to authenticate those individuals to the guest wifi.

The other option available for authentication is through the use of directory credentials. Integrating tools like Okta or Active Directory with your NAC can allow you to authenticate manage corporate devices through certificates, and personal credentials for BYOD.

Captive Portal

Captive portal is a web page for authenticating users and verifying their device type and posture state. While this method is sufficient for visitors, it is an insufficient solution for employees or permanent visitors on your network. The most common use cases for captive portal are:

  • Guest access
  • Self-service portal for BYOD / IoT on-boarding

It’s important to note that this is an interactive method to access the network, so when non-interactive devices, such as IoT are “pushed” to a captive portal, they can not react and thus can not gain access to the network. In order to use IoT onboarding with a captive portal, the end-user should either register the IoT in the self-service portal or download some form of credentials to be inserted to the IoT device (such as a digital certificate).

Remote Access

For fully remote employees or contractors, companies have traditionally relied on VPNs to establish secure encrypted connections for remote access to the corporate network. A VPN does not stop an endpoint from accessing the network, however – it’s only a way of providing remote network connectivity. By itself, a VPN is missing the ability to authenticate a user – it can not prevent “unhealthy” devices from connecting to the network.

In the instance of remote access, NAC can be layered over the top of a VPN, VDI or other remote access methods, such as a Meraki Z3 Teleworker Gateway, to provide effective authentication and access control, as well as endpoint risk profiling – just like any other access layer (i.e. wifi or wired port).

Device Risk Posture Assessment

Your corporate network is only as strong as its weakest security link. This means continuous risk posture assessment is paramount. By continually monitoring the network, your network and security teams can stay ahead of cyberattacks with the ability to identify new risks in real-time, react to these risks, and take action. In a world with ever-expanding boundaries and an exponential increase in types of endpoints, continuous risk posture assessment must function no matter location, device type, or the type of data is being transferred.

Endpoint Remediation

Having a rapid remediation plan in place will not only help prevent further damage or the lateral spread of attacks but also allow for business continuity. Effective endpoint remediation consists of:

  • Automated Patch Updates Across the Network – Enforce necessary patch, anti-virus, operating system, and application updates across managed and unmanaged endpoints.
  • Immediate Incident Response – Contain ransomware events by remotely disconnecting endpoints from the network without the need for manual intervention.
  • Armed Incident Response Teams – Arm IT professionals and network admins with the ability to remotely take actions on employees’ devices.

The proliferation of IoT devices over the last decade has prompted a growing number of network security concerns. With all of these devices – printers, CCTV cameras, ATMs, MRI machines, etc. – now connected to their respective networks, it’s exponentially expanding corporate threat surfaces.

A NAC solution can be used to control the access of IoT devices.

To combat the many risks posed by these new endpoints, companies are turning to NAC to gain visibility, knowledge, and control over IoT devices – much the same as traditional PCs and VoIP phones based in the office. There is a huge variety of IoT devices, and in general, there’s a serious lack of centralized management with regards to their security posture. Many of these IoT devices still rely on IT security technology from the 1980s, with no password brute force controls and no available patches.

It’s not a question of if vulnerabilities exist on IoT devices, this is a given. Today, it’s a matter of ensuring these devices can be properly controlled to they can’t compromise the network. Currently, the only line of defense is segmenting them out of the network. Making sure only authorized users and devices can access them – this is exactly what NAC solutions are doing in an automatic method.

Regulatory Control

Industries like banking, financial services, and healthcare are typically subject to a plethora of compliance regulations, such as SOX, HIPAA, PCI-DSS, GLBA, and now GDPR. Embedded in many of these regulations are certain network security parameters that necessitate access control so that sensitive personal and confidential information is not compromised.

Once a company has defined its internal network security compliance policies, it needs to implement a network access control solution to put in them into effect in order to continually assess its compliance standing.

Compliance

NAC is used to enforce regulatory policies and maintain compliance across the organization. In practice, this typically means:

  • Understanding how mobile, BYOD, and IoT devices will affect and transform not only the organization but the industry and implementing the right processes and tools control them.
  • Tracking any network related device or program in real-time via a centrally secured platform providing full and actionable visibility.
  • Controlling access to the network and to cloud applications, even based on the geographical locations of users.
  • Ensuring that the business is in compliance with governmental regulations like SOX, PCI DSS, HIPPA, FINRA, FISMA, GLBA among others. Strict compliance will provide legitimacy with clients and partners.

Common Network Access Control Policies

Access Control Policies

Network security teams define and activate access control policies to control device access to the corporate network, which is ultimately based on the device authorization state. Once a device is authorized for network access, a network access policy determines which specific virtual LAN (VLAN) that device or user is directed to. On top of that, the policy also defines, for each type of authorization violation, whether to deny entry or whether to quarantine the device by assigning it to a specific VLAN or apply an ACL.

Risk Assessment Policies

In addition to defining an access control policy, network administrators will typically define a risk assessment policy, which assigns a risk score to each device. This score will indicate the level of risk posed by the device. Depending on the NAC solution in use, these risk scoring systems may differ. A risk assessment policy defines, for each device attribute (such as OS, security posture, geo-location, and more), the risk rating to apply if the device violates the current policy in use. At the end of the day, the risk score is used to determine whether allow, block, or quarantine from accessing the network. This is the backbone of NAC.

Remediation Policies

In some instances, the network security team may define a series of remediation policies. Essentially, a remediation policy consists of unattended corrective and preventive actions (CAPA), automatically applied to devices upon every transmission or on a recurring basis. A remediation policy can be used to reduce devices’ risk scores and increase compliance levels for network access.

Common Network Access Control Concepts

Post-Connect vs. Pre-Connect

Within the world of network access control, “post-connect” refers to a device being allowed to connect to the network and immediately being checked for authentication. If a device does not meet the organizational criteria for authentication, it will be blocked from having access to the network (or access will be limited).

In contrast, “pre-connect” means that authentication decisions are being made before a device is allowed on the network. Only once the device is authenticated will it be granted access to the network based on the policy. 802.1X is a traditional pre-connect method.

In general, a pre-connect approach is more secure since the device is granted access to the network only after identified as an organizationally trusted device. Post-connect is more operational for end-users, as they are granted access to the network before a decision is made.

Agent-Based vs. Agentless

Today, most NAC solutions can perform authentication and authorization without the need of an agent. Agents are typically employed for the following reasons:

  • Risk Posture Assessment – This mainly the case for companies with BYOD policies.
  • Remediation – In order to know if a firewall or anti-virus is out-of-date, you must have an agent.
  • On-Boarding of Unmanaged Devices – Again this mainly applies to BYOD.

In some cases, the agent does not need to live within the network access control solution. Rather, third-party agents such as mobile app management software (MAM/MDM) and services can be leveraged to execute the above functions.

Cloud NAC vs. On-Prem NAC

As we go into further detail below, if you can move NAC to the cloud, you should. There is a myriad of benefits to doing so. At a high-level, these include operational time savings thanks to easier deployment and less on-going maintenance, better accessibility (especially for distributed enterprises), more flexibility as your business needs change, etc. In general, enterprises are increasingly adopting purpose-built cloud technologies for different operational needs, and NAC is no exception.

Not every organization has the ability to deploy a cloud NAC solution, however. One of the main hindrances of doing so is a lack of openness or internal expertise for cloud services. There still remain dwindling concerns, misconceptions and unrealistic expectations over the potential benefits and overall security of public cloud services, which has resulted in some industries such as government agencies, healthcare, and education – to name a few – to be slow in adopting new enterprise cloud technologies.

Passive Profiling vs. Active Profiling

A core function of NAC is the profiling of network traffic and connected devices. In general, there are two approaches to profiling: 1) passive profiling and 2) active profiling.

Passive profiling means that a company’s NAC solution has been allowed to see all traffic across the network, and uses this intelligence to observe and analyze traffic to develop a passive profile of each device. On the other hand, active profiling means that a company’s NAC solution has been configured to initiate requests to the endpoints so that each device can have a profile created for it.

Must-Have Network Access Control Solution Capabilities

Full Access Layer Coverage

As today’s networks explode in size and scope, particularly with remote workforces on the rise, it’s imperative that your NAC solution can manage access control across all existing access layers. This includes the obvious – wired ports and WiFi. It also must be able to manage the various remote access methods used within your organization. These may include VPN, virtual desktop infrastructure (VDI), Meraki Z-Series Teleworker Gateways, and beyond.

Network access control solutions must cover wired ports, wifi and VPN.Cloud-Delivered

Nearly primary management and productivity tool used by businesses have shifted to the cloud. Network access control is no exception. The inherent productivity, operational, economic, and accessibility benefits have driven this trend in the last fifteen years.

When it comes to NAC, however, there is a big difference between cloud-based and cloud-delivered. Some NAC providers offer an accessible cloud-based platform from which to manage network access, but this typically still requires on-site hardware to be installed. With a cloud-delivered approach, you stand up everything from a RADIUS server in the cloud to allow for centralized authentication and authorization up to certificate authority. This saves a significant amount of time and means that even large distributed organizations can implement NAC across their many locations in a fraction of the time as traditional on-premise network access control solutions.

802.1X Authentication

Today, 802.1X is the standard protocol for network access control. When searching for a NAC solution, the ability of the system to deliver 802.1X authentication is of the utmost importance. With access control based on 802.1X, network administrators can confidently block rogue devices, quarantine noncompliant endpoints, limit access to specified resources – whatever your internal policy calls for. 802.1X remains one of the best ways to authenticate devices because of its continuous and direct communication, in contrast to post-scanners, or other less secure authentication solutions that expose the network to vulnerabilities.

Zero-Trust for Endpoints

While “zero-trust” has become another overused buzzword in the world of network security, it is, in fact, an effective approach to sealing your network off from rogue devices. With zero-trust, an organization inherently does not trust any endpoint inside or outside its perimeters. A zero-trust network access control solution can eliminate the need for extensive endpoint scanning since the status of a device is already known. This doesn’t eliminate all of the attack surfaces, but it does help in protecting both endpoints and your network.

Endpoint Risk Assessment

The ability to continuously assess the risk of devices connected to or trying to connect to your network is paramount. Understanding the risk posture of devices – on-site or remote – and proactively taking action based on endpoint risk – such as allowing, quarantining, or denying access across access layers – is the best way to ensure network threats are kept at bay.

The world is changing – threat surface is expanding, and companies are increasingly turning to purpose-built enterprise cloud applications to streamline business processes. Today, it’s not enough to just protect what’s on-premise – you need to know the risk posture assessment of every device that connects to corporate resources, no matter location.

Continuous Device Remediation

Awareness is only a piece of the puzzle, however. When considering a NAC solution, it’s important to understand if it can easily remediate devices that sit outside of internal risk policies and restore those devices to the proper posture to eventually grant network access. Put simply, ensuring devices are healthy reduces security risk. That means network administrators can sleep a bit more soundly at night.

As we covered earlier, real-time device remediation has a major operational benefit as well – it saves time! By eliminating the need for network or security administrators to fix devices manually, you’re freeing them up for more important tasks.

Corrective & Preventative Action (CAPA)

Risky technology behavior like inserting an untrusted USB drive, or failing to update a firewall or anti-virus is prevalent. We’re almost all guilty of it. The ability to prevent this risky behavior is thus important. Not just for the sake of lowering the exposure time, also saving important time for the organization by fixing the issue automatically and preventing a potential breach.

Multi-Factor Authentication (MFA)

Leveraging MFA for NAC that looks at a user’s credentials and an enrolled device is critical to ensuring access control across today’s expanding networks. MFA should be integrated within your NAC, especially on remote access. This approach ensures that security is offered on two levels: protection of the user identity, and authorization of the device – making sure only managed and secure devices are allowed to gain access. With MFA, if a user’s credentials are compromised, they’re effectively useless and if the device being used is not enrolled with the NAC you cannot access the VPN, VDI, or cloud applications.

The Future of Network Access Control

NAC and the Rise of SD-WAN

The adoption of Software-as-a-Service (SaaS) and cloud services has decentralized data traffic flows, making Multiprotocol Label Switching (MPLS) inefficient for wide area network (WAN) transport. This has given rise to SD-WAN for the implementation of software-defined branch (SD-branch), now allowing IT environments to be extended to branches outside of the headquarters that need high-quality network connectivity.

NAC security is evolving with the rise of SD-WAN.Traditionally, in order for NAC to effectively operate, it has needed a direct connection to headquarters and appliances deployed on-site at individual branches. This is a costly, time-consuming endeavor, and has historically limited the use of SD-WAN and SD-branch. NAC has adapted by moving to the cloud, eliminating the need for on-site appliances and on-going maintenance. Now, all one needs is an internet connection to implement.

The Impact of Secure Access Service Edge (SASE) on NAC

In 2019, Gartner introduced SASE as a new enterprise networking technology category. In essence, SASE converges the functions of network and security solutions into a single, unified cloud service. This marks an architectural transformation within the realm of enterprise networking and security, and it means that IT teams can now deliver a holistic and flexible service to their businesses.

Network visibility solutions must take SASE into account.The logical next step in the evolution of network security is for organizations to be able to leverage a NAC solution that’s delivered as a cloud service. This eliminates the need for costly on-site appliances and on-going maintenance. Now, all that’s needed to control network access at branches and the headquarters alike, is an internet connection.