Next Gen Firewall (NGFW) and Secure Endpoint Protection (SEP) solutions, combined with external Threat Intelligence sandboxing and signature updates, go a long way in protecting enterprise networks from breaches, data hijacking and data loss.
But they don’t go all the way.
While peripheral and end point protection solutions can address the majority of compromise attempts, there are still solid opportunities for the network to be breached.
Business cases today for many enterprise networks dictate that multiple types of devices and unknown users need to be granted network access. And that’s not just Windows end points. It’s IoT devices, tablets, smart phones, peripherals, HVAC, cameras etc. In 2018, to build a highly Secure Enterprise Network, it is necessary that the internal network be able to capture intelligence on who and what is connecting to the network, and to feed this intelligence to installed network security devices.
As various endpoints connect internally to the network, they represent the preferred attack vectors for today’s bad actors. As more and more endpoints are granted access to the network, the attack vector footprint grows.
Given the nature of today’s threats posed by this situation, it must be part of an enterprise network’s comprehensive security footprint to identify and authenticate all devices connecting to the network. And this calls for security solutions that can quickly identify, authenticate and control access for all types devices and users.
The challenge for Enterprise Network Managers is that these Network Access Control and Identity Management Solutions are complex to implement and administer. And in most cases do not have a broad feature set, nor elegantly integrate with existing network security devices, to enable network security policies to be applied effectively.
The market is in need of a security platform that can deliver the required feature sets, ease of implementation and administration, and effective integration with existing firewall and SIEM solutions.
The characteristics of this platform would include
- Provide comprehensive actionable security intelligence through visibility and control available at an IT admin’s finger tips to respond quickly and reduce the risks of a data breach for an organization
- Simplify and automate the process to authorize users and devices to the network and cloud applications
- Provide security intelligence directly from devices and the network
- Perform detection and discoveries as an overlay without requiring access to all packets end to end
- Provide mitigation and remediation where possible
- Provide purpose-built performance and redundancy to scale to any size
- Manage devices by applying device management configurations and commands such as lock, wipe. Geo and Network Location, application install and uninstall, app restrictions, etc.
- Detect security vulnerabilities by scanning all systems for security vulnerabilities and actionable intel to mitigate risk
- Discover Windows machines for IOC’s and conduct forensic analysis using IOC’s
- Provide a mechanism to eliminate risk posed by stolen credentials
More specifically the feature set required to meet the needs of today’s enterprise network would include:
- Maintain an asset inventory of all devices connecting, attempting to connect, on and off the network both in real time and historically
- Discover, fingerprint and monitor any peripheral device such as scanners, printers, gaming consoles and the new peripherals which make up the Internet of Things
- Automate integration with the current directory to authenticate users
- Scan all devices to profile and identify the security status of devices based on patch level, encryption, vulnerabilities, indicators of compromise etc.
- Monitor and enforce compliance by creating policies to take action with automated response rules
- Enable and automate self-enrollment of devices by users
- Enable bulk enrollment to onboard multiple numbers of devices
- Enable guest access and management
- Manage connectivity of all users and devices by policy
- Enable 2 Factor authentication and private key exchange to eliminate risk of stolen passwords
- Provide for simple credential management including certificate management
- Track, wipe and modify assets on and off the network
- Integrate with NGFW and SIEM solutions for unified policy creation
Most enterprise networks today do not know:
- What devices are connected to their network
- What they are doing on their network
- Which applications on devices are being used
- What the current state of the device is
- What potential threats may be present on devices connected to the network
The answer for 2018 is to implement a robust but usable and manageable Network Access Control and Identity Management.