Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 ForeScout Technologies, Page 1 Bob Reny, Sr. Systems Engineer Do you know NAC? Data Connectors - Vancouver 4/25/2013.

Published byMyles McKenzie Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2012 ForeScout Technologies, Page 1 Bob Reny, Sr. Systems Engineer Do you know NAC? Data Connectors - Vancouver 4/25/2013."— Presentation transcript:

1 © 2012 ForeScout Technologies, Page 1 Bob Reny, Sr. Systems Engineer Do you know NAC? Data Connectors - Vancouver 4/25/2013

2 © 2012 ForeScout Technologies, Page 2 The Origin of Network Access Control Blaster - $320 million damage Sasser - $500 million damageCode Red worm – $2 Billion damage SoBig- $37.1 billion damage MyDoom - $38.5 billion damage

3 © 2012 ForeScout Technologies, Page 3 Cisco’s Answer (2004) Source: http://web.archive.org/web/20040603071700/http://www.cisco.com/en/US/netsol/ns466/networking_solutions_sub_solution_home.htmlhttp://web.archive.org/web/20040603071700/http://www.cisco.com/en/US/netsol/ns466/networking_solutions_sub_solution_home.html

4 © 2012 ForeScout Technologies, Page 4 Cisco’s Answer (2004) Source: http://web.archive.org/web/20040603071700/http://www.cisco.com/en/US/netsol/ns466/networking_solutions_sub_solution_home.htmlhttp://web.archive.org/web/20040603071700/http://www.cisco.com/en/US/netsol/ns466/networking_solutions_sub_solution_home.html

5 © 2012 ForeScout Technologies, Page 5 Cisco’s Decision to Use 802.1x

6 © 2012 ForeScout Technologies, Page 6 Initial Hype – Then Massive Disappointment

7 © 2012 ForeScout Technologies, Page 7 Do You Know NAC? WRONG!

8 © 2012 ForeScout Technologies, Page 8 BYOD phenomenon Ubiquitous expectation of wireless networks Greater concern over data leakage –Need to keep private data from getting onto the wrong devices Greater realization that desktop security is hard –IT managers want a third-party check on PC security posture Products are better Today The NAC Market is Booming

9 © 2012 ForeScout Technologies, Page 9 Simpler, less complex Easy to deploy and manage Help you control BYOD Provide tremendous visibility Offer a range of enforcement options Integrate with other security infrastructure (SIEM, MDM, etc.) Deployment options – physical, virtual, managed services Modern Network Access Control Products Great variations exist between vendors’ NAC products, but the best products are:

10 © 2012 ForeScout Technologies, Page 10 Visible Not Visible Why Do You Need NAC? -- Visibility NAC Real-time Visibility and Automated Control Endpoints Network Devices Applications Corporate Resources Antivirus out of date… Unwanted application… Encryption/DLP agent not installed… Protection Possible No Protection Possible Users Non-Corporate ?

11 © 2012 ForeScout Technologies, Page 11 The Poster Child for Visibility: Smartphones Smartphones at a major hospital – Believed they had 8,000 devices on the network – They actually had 12,000 – The culprit? Smartphones – No security measure in place

12 © 2012 ForeScout Technologies, Page 12 Policy automation –Roll out and enforce standardized security policies –User acknowledgement Guest management automation –Wired and wireless guest registration –Role-based access Asset management automation –Maintain accurate inventory control –Hardware and software Why Do You Need NAC? -- Cost Savings

13 © 2012 ForeScout Technologies, Page 13 Why Do You Need NAC? -- BYOD Control

14 © 2012 ForeScout Technologies, Page 14 “NAC provides one of the most flexible approaches to securely supporting BYOD.” “No matter what [BYOD] strategy is selected, the ability to detect when unmanaged devices are in use for business purposes will be required — and that requires NAC.” Why Do You Need NAC? -- BYOD Control Gartner, “NAC Strategies for Supporting BYOD Environments”, 22 December 2011, Lawrence Orans and John Pescatore http://mammanatech.wordpress.com/category/cloud-computing/

15 © 2012 ForeScout Technologies, Page 15 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints

16 © 2012 ForeScout Technologies, Page 16 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only

17 © 2012 ForeScout Technologies, Page 17 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only  Ensure security agents are installed, running, and up-to-date

18 © 2012 ForeScout Technologies, Page 18 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only  Ensure security agents are installed, running, and up-to-date  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports

19 © 2012 ForeScout Technologies, Page 19 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only  Ensure security agents are installed, running, and up-to-date  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows, Mac, Linux, iOS, Android, …

20 © 2012 ForeScout Technologies, Page 20 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only  Ensure security agents are installed, running, and up-to-date  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows, Mac, Linux, iOS, Android, …  Role-based network access control

21 © 2012 ForeScout Technologies, Page 21 Agent-based endpoint security solutions are only good if they are installed, running and updated. Agent-based systems have blind spots. –“We identified that McAfee ePO was pushing DAT files properly, but ForeScout found a couple hundred endpoints where the McShield service was not running.” –“On another occasion, McAfee ePO failed to receive and push DAT files for a week. Desktop operations was unaware because McAfee ePO was unaware. ForeScout noticed the problem and notified the InfoSec team.” Example: Endpoint Security Validation

22 © 2012 ForeScout Technologies, Page 22 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only  Ensure security agents are installed, running, and up-to-date  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows, Mac, Linux, iOS, Android, …  Role-based network access control  Detect and control unmanaged endpoints  Detect and control rogue network devices  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Role-based network access control

23 © 2012 ForeScout Technologies, Page 23 Why Do You Need NAC? -- Network Access Control Guest Network SalesFinance HR Sales Finance Employees HR

24 © 2012 ForeScout Technologies, Page 24 Agenda History of NAC Why the NAC market is booming Selecting a NAC product

25 © 2012 ForeScout Technologies, Page 25 Technology that identifies users and network-attached devices and automatically enforces security policy. What is Network Access Control (NAC)? GRANTED LIMITED BLOCKED FIXED

26 © 2012 ForeScout Technologies, Page 26 –Who are you / group? –What device? –Device configuration? –Security posture? –Device location? –Time of day? What is Network Access Control (NAC)?

27 © 2012 ForeScout Technologies, Page 27 NAC comes in many flavors... –Network framework NAC –Endpoint software NAC –Out-of-band appliance NAC –In-line appliance NAC You have to determine which flavor is best for your environment and users NAC Basics – Form Factor

28 © 2012 ForeScout Technologies, Page 28 802.1x VLAN change ARP poisoning In-line blocking ACL management TCP resets DHCP NAC Basics – Network Enforcement Mechanisms

29 © 2012 ForeScout Technologies, Page 29 Agent-based –Well, the agent must be working! –Provide deep intelligence –More complex to manage –May impact endpoint performance –May not work in an unmanaged environment (BYOD) Agent-less –Less complex to operate –Easy integration with network intelligence –Easily adaptable to BYOD environments –Easy integration with network enforcement mechanisms –But may not provide as deep intel as agent-based NAC Basics – Agent or Agentless

30 © 2012 ForeScout Technologies, Page 30 Guest vs. employee Computers (Mac, Win, Linux) Virtual machines Printers and fax Handheld devices VoIP phones WAP devices Equipment USB devices Software Processes NAC Requirements – Accurate Discovery

31 © 2012 ForeScout Technologies, Page 31 Pre-connection –Comply with security policies –Meet regulatory requirements –Remediate problems Post-connection –Monitor endpoints to ensure that they remain compliant –Look for abnormal activity on the endpoints –Ensure that approved endpoints remain valid and are not spoofed NAC Requirements – Health Check

32 © 2012 ForeScout Technologies, Page 32 Support diverse types of users, devices, access methods –Managed and unmanaged devices –Employees, guests, contractors –Wired, wireless, VPN Provide a range of responses –Audit –Alert/Inform –Allow –Limit –Remediate –Block NAC Requirements – Flexibility

33 © 2012 ForeScout Technologies, Page 33 NAC Policy Engine Switch VPN Wi-Fi User Dir SIEM Windows Mac/Linux MDM Antivirus Advanced NAC – Integration

34 © 2012 ForeScout Technologies, Page 34 Switches Wireless VPN Databases Applications Endpoints Security Devices SIEM Example: Integration with SIEM

35 © 2012 ForeScout Technologies, Page 35 Switches Wireless VPN Databases Applications Endpoints Security Devices NAC SIEM Example: Integration with SIEM

36 © 2012 ForeScout Technologies, Page 36 Switches Wireless VPN Databases Applications Endpoints Security Devices Endpoint Posture and Context NAC SIEM Example: Integration with SIEM

37 © 2012 ForeScout Technologies, Page 37 Switches Wireless VPN Databases Applications Endpoints Security Devices Endpoint Posture and Context Remediation Actions NAC SIEM Example: Integration with SIEM

38 © 2012 ForeScout Technologies, Page 38 Example of Best-in-class NAC

39 © 2012 ForeScout Technologies, Page 39 ForeScout’s Third Generation NAC Horizontal visibility –Every device on the network Vertical visibility –Deep information about the device, software, and user Extensive range of actions –Inform, educate, remediate, control, block Easy to implement –Works with your existing network infrastructure

40 © 2012 ForeScout Technologies, Page 40 How It Works Out of band Agentless ForeScout CounterACT

41 © 2012 ForeScout Technologies, Page 41 ( ( ( ( ( ( ( See Grant Fix Protect What type of device? Who owns it? Who is logged in? What applications? ForeScout CounterACT

42 © 2012 ForeScout Technologies, Page 42 See Grant Fix Protect

43 © 2012 ForeScout Technologies, Page 43 See Grant Fix Protect Grant access Register guests Block access Restrict access ( ( ( ( ( ( ( ForeScout CounterACT

44 © 2012 ForeScout Technologies, Page 44 See Grant Fix Protect Remediate OS Fix security agents Fix configuration Start/stop applications Disable peripheral ForeScout CounterACT

45 © 2012 ForeScout Technologies, Page 45 See Grant Fix Protect Customized Policy Enforcement –Degree of disruption directly related to degree of violation –Multiple actions and conditions available and can be nested with Boolean logic –Policies are enforced at the point of connection and throughout the duration of the connection –Malicious threat detection is always on with enforcement actions configured by administrator

46 © 2012 ForeScout Technologies, Page 46 Is the software installed? -Run a script that can install software as an automated action Install Antivirus

47 © 2012 ForeScout Technologies, Page 47 Is AV not running? –Start software Additional action: –Notify user –Notify administrator Start Antivirus

48 © 2012 ForeScout Technologies, Page 48 Update Operating System

49 © 2012 ForeScout Technologies, Page 49 See Grant Fix Protect Detect unexpected behavior Block insider attack Block worms Block intrusions ForeScout CounterACT

50 © 2012 ForeScout Technologies, Page 50 Example of Best-in-class NAC

51 © 2012 ForeScout Technologies, Page 51 Thank You Insert contact information here

Download ppt "© 2012 ForeScout Technologies, Page 1 Bob Reny, Sr. Systems Engineer Do you know NAC? Data Connectors - Vancouver 4/25/2013."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
Managed Infrastructure. 2 ©2015 EarthLink. All rights reserved. IT resources are under pressure… is it time to rethink the IT staffing model? Sources:

Managed Infrastructure. 2 ©2015 EarthLink. All rights reserved. IT resources are under pressure… is it time to rethink the IT staffing model? Sources:
© 2012 ForeScout Technologies, Page 1 Toni Buhrke, MBA, CISSP - Senior Security Solutions Architect Addressing the BYOD Challenge.

© 2012 ForeScout Technologies, Page 1 Toni Buhrke, MBA, CISSP - Senior Security Solutions Architect Addressing the BYOD Challenge.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
© 2008 McAfee, Inc. “Endpoint” Security Defining the endpoints and how to protect them.

© 2008 McAfee, Inc. “Endpoint” Security Defining the endpoints and how to protect them.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Information Security in Real Business

Information Security in Real Business
Wireless Network Security

Wireless Network Security
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,

The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,
© 2003, Cisco Systems, Inc. All rights reserved. 111 8426_07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.

Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.

Similar presentations

Ads by Google