Blazing New Trails in Securing Your Network
Not to brag, but 2022 was a banner year for us here at Portnox! Not content with just having an award-winning cloud-native zero trust platform, we had several major releases focused on securing your network and raising the bar for zero trust.
Securing Your Network with Cloud-Native TACACS+
How do you keep network device administration from turning into a nightmare of changing password policies, too many people having too much access, and risking constant device lockouts? TACACS+, of course! After all, it’s the industry standard for making device access manageable. Portnox released the first ever cloud-native TACACS+ service, which combines Authentication, Authorization, and Accounting (AAA) services with all the benefits of a fully cloud-native platform – e.g. we work with the equipment you have, and no nights wasted for upgrades and patches.
Our TACACS+ service offers seamless integration with your existing identity provider, as well as key features like privilege levels and executed command logging to make network device administration simpler than ever.
Shining a Light on the Shadows: IoT Fingerprinting
IoT (Internet of Things) devices are inescapable at this point – everything from your fish tank to your fridge can connect to the internet. The use cases for these devices span many industries – from IoMT (Internet of Medical Things) which can monitor your health and adjust medication in real-time, to IIoT (Internet of Industrial Things) which can track inventory down to the smallest screw in seconds, to the more familiar consumer IoT which lets you control your window blinds, thermostat, lights, and more from your phone.
But as useful as these devices are, they present an equal number of security concerns, chief among them being visibility. That’s to say – how do you know when they’re connected to your network?
Enter IoT Fingerprinting from Portnox – the first ever cloud-native fingerprinting service that requires no on-prem installation or setup whatsoever! No more having to watch your network slow to a crawl while running a port scanner, or painstakingly troubleshooting how to deploy a listener. You will see your IoT devices and all the information you need – make, model, OS, firmware – and still maintain the magic of a cloud-native solution with no upgrades, patches, or maintenance taking up your free time.
What’s our secret? DHCP Gleaning! This is a process by which the switch listens in on DHCP requests when a device joins the network and asks for an IP and extracts information from the request that helps identify the device. Many enterprise switches support this (although they may not call it Gleaning specifically; that’s actually a Cisco term.)
DHCP Goes Even Further in Securing Your Network
While DHCP Gleaning is an excellent method of gathering critical information about your IoT devices, the downside is that not all enterprise switches support it. And that’s another tricky thing about IoT devices – they don’t respond to traditional monitoring protocols, they often ship with all ports closed, and you can’t install extra software on them. So how do you discover and fingerprint them on your network if you can’t take advantage of DHCP gleaning?
Enter another first – Portnox’s SaaS-based DHCP listener! This makes IoT Fingerprinting truly vendor agnostic, as any switch worth its salt will be able to configure a DHCP helper (sometimes called a DHCP relay agent or forwarder.) With a simple configuration, your device will listen for DHCP and BOOTP broadcasts and forward them to our DHCP listener. And when we say simple configuration, we mean it – here’s a sample from a Cisco IOS router:
ROUTER> ENABLE
ROUTER# CONFIGURE TERMINAL
ROUTER(CONFIG)# INTERFACE VLAN2
ROUTER(CONFIG-IF)# IP HELPER-ADDRESS 20.85.253.96
Just 4 simple lines and you’re ready to go. Most devices support the configuration of more than one listener, too, so if you already have one set up for something else you can still take advantage of our cloud-based listener.
Wearing Shades for the Future
We’re pretty proud of these features, but we obviously have no intention of resting on our laurels. We have a lot of exciting things planned for 2023 to continue our commitment to protecting your weekends from maintenance and upgrades with a cloud-native, vendor-agnostic, feature-rich, zero trust, network access control platform.
Try Portnox Cloud for Free Today
Gain access to all of Portnox's powerful zero trust access control free capabilities for 30 days!