Mobility, convergence, 802.11ac wireless standards, BYOD and increased access to wireless LANs are all elements of a fundamental change in how networks are used today. These changes have contributed to decreased visibility into how networks are being accessed.
The multitude of devices and connections in use today offer demonstrated productivity and collaboration benefits, but they also create multiple avenues for introducing viruses, worms and other malware into an organization. This has increased the likelihood of unauthorized access — consider the recent high-profile password breaches at eBay, Adobe and Home Depot.
In fact, more than 60 percent of respondents to a recent, large-scale security survey report they were breached in 2013. A quarter of them cited a lack of employer investment in adequate defenses as a factor.
That’s why many organizations have begun implementing endpoint security solutions — also known as network access control (NAC) — that make devices prove they’re secure before they are allowed to connect to the network. NAC was rated the highest of all security technologies in its potential to defend against today’s cyber threats in the “2014 Cyberthreat Defense Report,” a survey of more than 750 security decision makers and practitioners in organizations with 500-plus employees in North America and Europe.
The survey was conducted by CyberEdge Group in conjunction with nine other information security companies. It was designed to complement Verizon’s annual Data Breach Investigations Report.
Question and Verify
NAC solutions provide role- and location-based user authentication and require a minimum acceptable security posture for all devices using the network infrastructure. Before allowing a user to access the network, NAC asks who they are, where they are located and what device are they using. Based upon the answers to those questions, the NAC solution authenticates the user, determines the user’s access permissions, determines what endpoint security policies are applicable, and ensures that the policies are enforced through quarantine or remediation. All of this activity is tracked through an audit trail.
Network-based policy enforcement can take many forms, including dedicated gateway, DHCP manipulation, 802.1x authentication, and port- and VLAN-based enforcement on switches. In addition to ensuring that the right users have access to the right data, NAC solutions also verify that unauthorized individuals cannot access sensitive data. If a security breach is detected, NAC solutions can notify the appropriate individuals and use self-remediation and automated remediation to help contain the damage.
These factors made NAC the highest-rated defense solution in the Cyberthreat Defense Report. Participants were asked to rate various solutions on a scale of 1 to 5, with 5 being highest. NAC received the highest marks at 3.71. Enterprise mobility initiatives have contributed to the fairly widespread adoption of NAC.
In the report, one quarter of organizations noted they are conducting full network scans weekly or daily, indicating a greater understanding of the tremendous value of continuous monitoring. However, 52 percent of responding organizations conduct full network vulnerability scans quarterly or annually. Alarmingly, one in five organizations admitted to rolling the dice by doing nothing to assess the state of their transient devices between regularly scheduled active scans. This provides a large window of opportunity for a successful cyberattack against the transient device.
Fifty-one percent of survey respondents said NAC is their most-used means of detecting vulnerabilities and security misconfigurations within transient laptops and mobile devices between full-network vulnerability scans. In addition, 77 percent of respondents said they are using or plan to use NAC for mobile security, and 53 percent said they use it to detect host security misconfigurations.
Growing demands for network connectivity, combined with increasingly sophisticated threats, have raised the stakes for security professionals. NAC is a vital tool for improving security by improving network visibility into user, device and application access.
“It is obvious from our research that NAC is an important weapon within many organizations’ arsenals — and for good reason,” said Steve Piper, CEO of CyberEdge Group. “Many of our respondents saw it as a versatile tool that could support protection efforts ranging from BYOD policy enforcement to configuration management.”