Network Access Control

The concept of a network perimeter is becoming less relevant in a corporate environment. As employees demand the right to bring their own devices into the network, as well as IoT devices demanding network and internet access, the organization is losing control of what is part of the ‘trusted’ network.

Traditional hacking methods involved breaking through a corporate firewall. This led to a mentality of trusted employees using trusted devices being subject to very few security controls, while all those on other networks being subject to heavy scrutiny. It wasn’t long before hackers found it easier to take over a trusted device to bypass that scrutiny. It’s no longer enough to assume that a trusted staff member is the only one using a device on your network.

When a device joins a corporate network, you need to know that the device is authorized to join it and has a level of security that is compliant with security policies and is not infected with malware or remote control Trojans. Network access control assists this process by profiling and querying new devices. It needs to perform security checks to ensure that it is correctly patched and is running up-to-date malware protection and other security controls. Until a device is proven to be compliant, its ability to communicate on the network is severely curtailed.

Providing support to users used to be a heavy commitment with network access controls. Helping users, which were not compliant with the security policy remediate the non-compliance and restore connectivity was a substantial, operational task. However, modern network admission control solutions allow integration with a huge array of infrastructure, simplifying the assessment and management process. By querying authentication sources, anti-malware solutions, vulnerability scanners and other sources of information, many decisions and actions can be automated without human interaction.