Article by Jan Hof, international marketing director, ForeScout Technologies, Inc. www.forescout.com

Jan Hof, International Marketing Director, ForeScout Technologies

Maintaining security over IT networks has become a much tougher challenge over the last few years, once solid perimeters turned into Swiss cheese and classic security tools became insufficient in dealing with contemporary demands. One prominent example is the attack against Sony Pictures Entertainment in December 2014[1]. The hacker was subsequently localised in North Korea and the attack revealed the capabilities (and obsessions) of cyber criminals. Even big players with large security budgets have problems maintaining their networks.

It is difficult to keep up with the pace of ever-changing network security challenges. There are threats from zero-day vulnerabilities, but even when an application or operating system weakness becomes known, IT needs time to research it and understand it, in order to fix the leak in the network. Gartner argues that through 2015 attackers will exploit well-known vulnerabilities in 80 percent of the cases that are open to attack because of insufficient actions.[2]

It would be unfair to write that off as human failure. Dealing with security leaks requires time and resources, and both are hard to find, especially when facing more and more attack vectors. Also the strength of attacks, and therefore the time necessary for remediating them is increasing. In a recent survey by Frost & Sullivan on skills gaps in the IT industry, 85 percent of all interviewed security professionals feel that they spend significant amounts of time remediating attacks and malware. The number has risen over the last few years as well.[3]

Today, networks also need to be open and secure enough for wireless access. The amount of devices and processes that are integrated into the digital network is rising. Cloud services, smart watches and even coffee machines must be considered as network endpoints by organisations, which opens up a wide, uncontrolled space for attacks. This so-called “shadow IT” (i.e. hardware or software within an enterprise that is not supported by the organisation’s central IT department) is a significant new demand on security and, with more and more devices connecting, it is easy to lose visibility over networks. IT directors are already experiencing the changes and often cannot tell for sure how many devices are accessing their networks every day. According to Gartner[4], organisations are only aware of 80 percent of the devices operating in their networks.

New Requirements in Network Security

Businesses, including banks, need to rethink their cyber strategies, as there is currently no single vendor that offers a comprehensive solution to prevent and protect networks against all attacks. Baseline is the fact that networks under attack from different sites and organisations will face security issues sooner or later.

The ability to execute security policies is necessary not only during a connection, but also before and after a connection is established. To address the heterogenic mass of users’ actions on a network at any one time, an exchange must be done automatically, but still be flexible enough to allow for the enforcement of granular policies for different user groups and individuals.

Classic IT tools are still necessary, but new ways to strengthen network security are also required. In an April 2015 survey, Frost & Sullivan asked about the best tools to improve security in networks and the most common answer, from 75 per cent of the IT professionals questioned, was network access control (NAC)[5]. IT professionals feel that tools for network analysis are the best way to harden their networks.

NAC as a Response Centre for Security Issues

Next generation NAC has matured and is capable of managing devices without requiring a client (also called supplicant or agent) installed. NAC solutions are generally operating system agnostic, and support employer-provided, BYOD or company-owned, and personally enabled (COPE) approaches. The moment a device tries to log in to the network, NAC creates a security profile, including information on patches, unsanctioned software, active host-based defences (including anti-malware, AV, IPS and related tools). Patch management is a first step to close the attack vector of known vulnerabilities.

Odd behaviours can be addressed without directly blocking or switching off the device. Users are informed, can self-remediate their system and ultimately change behaviour before policy enforcement is enacted. Critical issues can be settled with high-speed tickets through the default path. NAC not only delivers periodical scans; incorrect or non-compliant configurations, compromised systems or issues with host-based protection and management software can be considered, and granular actions taken.

Modern NAC solutions do not rely solely on the IEEE standard 802.1X and can deal with virtual infrastructures, more expansive network environments (comprised of multiple subnets), and remote and transient devices. Support of alternative authentication methods allows the management of both employer- and user-provided endpoints. Even devices making-up the so-called Internet of Things (IoT), with small footprints left in the network, can be embraced.

With a monitor-only mode, all actions can be tracked, allowing NAC to learn about the applications, devices and services in the environment. This allows a lean and quick implementation, and shows security gaps and exceptions. It also enables organisations to find weaknesses in their defence, and helps with the application of knowledge from third parties.

In the case of a leak or loss of data, NAC helps with providing post-connection information for forensic analysis. NAC hardens network security and helps achieve compliance with different industry standards, such as ISO 27001, which provides a framework for the legal and physical legislation controls involved in information risk management processes.

This turns NAC into a response centre. The management is centralised in one location and assures that approved actions are taken and reports are generated to significantly aid external compliance and internal governance requirements.

Summary

New endpoint types and malicious applications make a NAC system the best practice solution to face the challenges of securing today’s next-generation networks. In the future the number of devices trying to access networks will continue to grow, so security solutions need to be more responsive and flexible. The trend of “things” accessing the network will not stop with watches. NAC meets a number of requirements in the area of operational intelligence, endpoint compliance assessment, access control, threat protection and even incident response that makes it well-suited for the challenge.

[1] Wired http://www.wired.com/2015/01/fbi-director-says-north-korean-hackers-sometimes-failed-use-proxies-sony-hack/ January 2015

[2]Gartner: “Preparing for Advanced Threats and Targeted Attacks”, December 2014, Kelly Kavanaugh

[3] Frost & Sullivan “(ISC)² GISWS 2015“ https://www.isc2cares.org/IndustryResearch/GISWS/ April 2015 P. 6

[4] Gartner: “Preparing for Advanced Threats and Targeted Attacks”, December 2014, Kelly Kavanaugh

[5] Frost & Sullivan „(ISC)² GISWS 2015“ https://www.isc2cares.org/IndustryResearch/GISWS/ April 2015 P. 13