According to the SANS top 20 Critical Controls, one of the first items is a detailed list of all assets within your organization. You can not protect an item if you do not know it exists. This can be accomplished by using a network access control (NAC) product. A NAC enables organizations to generate a comprehensive list of all assets, and then either trust them (allow them access to areas within your network) or untrust them (restrict access to your network). So just as the name implies it will control access to your network. In addition to simply trusting or not, using the NAC will enable organizations to determine what the asset will be able to connect to within your network, which with the proliferation of IoT devices can be of tremendous value.
NAC products provide protection from the inside out (as opposed to firewalls from the outside in). Features of NACs include:
- Role based access control
- Policy automation
- Enforcing Mobile security (BYOD)
- Proactive protection from Phishing and Malware
- Block of communication to command and control servers
The added benefits of a NAC include:
- The ability to provide extended guest management, allowing them to access the internet, and at the same time monitor the guests behaviour for anything out of the ordinary;
- Extended profiles, while providing a listing of the assets is great, the NAC also has the ability to include more information about the specific devices such as the authenticated user, MAC address, IP Address, Hostname, Operating System, Patch Level, Antivirus (if any), as well as the defined group that the device belongs to.
- The ability to run a vulnerability assessment and provide any critical vulnerabilities found on the device (CVE).
Symtrex’s product portfolio includes the NetSHIELD Network Access Control, which is a non-inline product. Plug the device in and it will discover the assets within your network. For larger organizations use a hub and spoke topology, with smaller devices at remote locations with a command center to provide the single pane of glass of all your assets at head office. To learn more about NetShield, visit our Netshield page or contact us to discuss the next generation network and mobile access control product.