Why You Should Take Another Look at Network Access Control

Share Post

Network visibility into endpoints and devices is critical. Network access control (NAC) solutions provide that visibility into devices and users, in support of BYOD, mobility and IoT implementations. By taking the next step with automated network access and incident response, IT organizations can fill the gaps in a shortage of skilled security professionals.

The increasing level of malware and cyberattacks is driving NAC investments. TechNavio predicts the global NAC market will see a compound annual growth rate (CAGR) of more than 27% during the period 2018-2022.

Source: TechNavio

NAC is Necessary to Secure Mobility and BYOD
NAC is a foundational network security defense, built on authentication, authorization and accounting (AAA). However, many IT people don’t understand that NAC is also about enabling mobility and dynamic security to protect data and users in a mobile, cloud and IoT world.

NAC solutions have evolved toward improved network visibility and monitoring of network devices, more security features and orchestration with other security products such as next-generation firewalls, SIEM and endpoint security. This is the foundation of automated threat detection and response.

Aruba has long been in the forefront of helping customers adopt mobility and BYOD. Aruba ClearPass provides full spectrum visibility and dynamic role-based access control for security enforcement and response across both wired and wireless networks. Aruba’s promise to our customers remains that ClearPass will be an open ecosystem with no lock-in. Our commitment is evident from the hundreds of technology partners that are in in the Aruba 360 Security Exchange program.

Automated Threat Detection and Response
With more smart IoT-enabled devices in the network, automated detection and remediation capability is becoming critical for large organizations. NAC solutions should be able to automatically detect threats, identify the compromised devices and quarantine them to safeguard the corporate network.

By integrating with best-of-breed security products such as Palo Alto Networks, ClearPass can exchange contextual information and execute responses based on the granular security policies.

NAC security solutions also must deliver profiling, policy enforcement, guest access, BYOD on-boarding and more to deliver enhanced threat protection to offload the already burdened IT staff and improve the user experience.

ClearPass achieves bidirectional integration and interoperability with other security solutions in the security ecosystem, via syslog and RESTful APIs.

ClearPass Extensions
Extensions are a self-contained application providing additional services or capabilities. The extension functions on top of ClearPass without dependencies on the ClearPass operating system. This is similar to how an app functions on a mobile device.

In the screen shot below, we are able to see the partnership with best-of-breed solutions such as MobileIron, McAfee and Carbon Black.

Agentless Enforcement
Long-time ClearPass OnGuard customers will be familiar with posture analysis for features such as presence of host-based firewall and antivirus. With the release of the new ClearPass 6.8, customers can manage posture analysis for Windows endpoints that are joined to the company’s Microsoft Active Directorywithout the need to deploy agents and end user intervention.

When ClearPass identifies a managed Windows client on the network, it remotely connects and executes the agentless OnGuard capabilities, which provide the same posture analysis and remediation that the traditional persistent agent provides.

What’s Next for NAC?
NAC gives organizations clear visibility into their network devices and users and is a foundation element for secure BYOD, mobility and IoT. Organizations should take the next step and automate security incident response so when a compromised device is identified, the attack is stopped faster, and the damage is limited.

Looking ahead, as organizations continue to adopt cloud, NAC solutions will follow the trend, with solutions that support a hybrid on-premises and SaaS model. IoT is exploding across organizations, and as organizations converge their IT and operational technology (OT) networks, NAC solutions must become more adept with IoT devices. I also expect to see large security vendors acquire or partner with smaller NAC vendors or otherwise enhance their products with NAC capabilities to provide customers with a comprehensive enforcement solution.

Learn more
Introducing ClearPass Device Insight: Cloud-Enabled, AI-Powered Device Discovery and Profiling

Put Access Control in Context with ClearPass and CarbonBlack

ClearPass Extensions: A Way to the Future