|
IT managers are well aware of the threats to their networks, and have spent heavily on solutions to protect the corporate environment. Despite high expenditure on security software and hardware products, in today’s diversified environment many organizations are not truly in control of their users. In the drive for more fl exible working, networks are opened to third parties, such as contractors, whose security applications are not subject to control by the organization. As far as direct employees are concerned, administration rights usually granted to to enable them to use their computers productively often compromises security by allowing critical security serices to be disabled.
However, the majority of organizations have no enforcement mechanism in place either to drive compliance or to report on results. This gap in corporate policy exposes the enterprise to a range of threats – not just from malware, hackers, and malicious users, but also to loss of intellectual property, and non-compliance with regulatory requirements.
The complexity of managing modern security applications, combined with the lack of control of endpoint computers attaching to the network, has persuaded many security vendors to incorporate compliance and enforcement capabilities as extensions to existing products. Indeed, some vendors have even shifted from promoting single endpoint security products to creating and endorsing entire endpoint security programs.
For IT managers to maximize their return on investment, they need vendor-neutral solutions that work with their existing infrastructures, enabling them to take control of threats from malware and unknown or non-compliant users. The critical factor for successful implementation is an ability to define firstly, unique policies that can be applied to groups of users, and secondly, the membership of those groups of users appropriate to the organization’s operations.
Technology and initiatives
Security experts agree that there is absolutely no way to eliminate every threat. What an organization can realistically do, however, is to assess and eliminate vulnerabilities, and have systems in place that consistently manage network security by looking for potential threats and adequately protecting enterprise resources.
The key, which is easier said than done, is to manage vulnerabilities. The complexity of network infrastructures, coupled with the vast choice of security solutions, provide little direction on what course of action an organization should take. The hardware and software security products available, for the most part, do a great job providing security for a network’s up-to-date, managed computers – however, those products can only prevent the problems they find. Too often, unexpected threats are introduced to the network by some unmanaged means, such as a system that hasn’t been patched, a computer not managed by the enterprise, or even worse, a managed computer that simply doesn’t have the product correctly installed or running. Therefore, access to the protected, managed, and already compliant network must be controlled by determining a connecting computer’s level of security before allowing it to connect – and preventing access by non-compliant computers – and continuing to assess compliance once connected.
Network access control
Network access control (NAC) technology is a viable answer to solving the issues of compliance of all computers attempting to connect to the network, whether LAN-based or remote, managed or unmanaged. True NAC reports on the security status of a computer to be assessed against a predefined policy before it connects and periodically during a network session, as well as enforcing policies that manage access at various levels, and provides for the remediation of non-compliant computers. Network access control solutions should do the following:
Assess the security state of a computer attempting to connect, and provide feedback on its level of compliance
Compare a computer’s security state to the relevant policy that defines the requirements for network access
Enable a minimum level of network access for automated remediation or self-remediation of a computer to bring it to a state of compliance
Monitor the security state of computers that are already connected to the network
Enforce network access according to the requirements of the environment
Provide effective reporting.
Scanning determines the state of a computer’s configuration, such as its application levels and security status. The information is sent to a policy manager that determines what level of network access is allowed, which is then implemented by the network.
|
