Close

HPE Aruba Networking Blogs

Can you and the health of your device affect the health of enterprise networks?

It's cold season and nobody is immune to catching at least one virus that's out there. Just as our immune systems can't fight off every virus, your enterprise network is not completely immune from vulnerabilities — especially now that laptops are the computer of choice and often used at home and on the road. Just like smallpox, desktop computers are a thing of past.

Because these laptops are used on open networks and occasionally to check out social media sites and to visit other sites for personal use, their exposure to viruses is far greater than in the past.

Why are users so complacent?

Users do not necessarily know that their behavior is threatening to the network — in most cases users are completely unaware that what they visit and connect to may be the main cause of compromising networks.  And due to inconvenience, very few users regularly update and run anti-virus (A/V) software programs on their devices. They also do not realize that not running security tools pose a security threat, even when working remote.

This is why it is critical to implement and automate policies that help users perform and maintain the health of their devices. By implementing an NAC solution that checks for A/V, anti-spyware, and firewalls, IT can ensure that basic assessments are performed before a device gains access to the network. While this sounds like simple prevention, it isn't true for all vendors. Look before you leap!

Why is NAC not implemented ubiquitously?

First off, I think it's because so much attention has been on smart devices.  But, older NAC software did require significant IT resources to implement and install on the endpoints, which was a serious pain point.  Furthermore, not all anti-virus and anti-spam software were supported. Often times, the solution was a separate appliance that did not include policy management, so another point solution was required.

Newer versions of NAC with health check capabilities are far easier to implement today and include greater capabilities that can help future proof the security of your network. And instead of just basic assessments, they allow IT to check for USB devices, encrypted disks, peer-to-peer apps, and more. Policy simulation and auto-remediation make roll-outs easy for IT and your users.

I think the last issue that keeps IT from deploying health checks is that enterprises typically wait for a breach to occur before looking into a solution. The customer often mentions that compliance reasons are another driver that they're looking for a solution. It's funny how "penalties" often help with compliance. For example, in healthcare policies can be implemented to meet HIPAA compliance by ensuring that all computers run encryption when connected to the network. Again, simple prevention.

To help, the ClearPass Policy Manager with OnGuard is built to support computers with both wired and wireless adapters. Health checks can also be performed over VPN connections for organizations with remote and work-from-home policies. Why wait for something to happen?

More information on ClearPass OnGuard and the operating systems we support is here.