OK, you have spent a lot to secure your endpoints, but is your investment going to waste?
IT organizations large and small have invested heavily in endpoint security to address the rapidly evolving security challenge. AntiVirus, AntiSpam, Firewall, Host Intrusion Prevention, Compliance Auditing and more have been deployed to protect and assess endpoints. Much has been made of the “dissolving perimeter problem”, and rightly so. But in today’s economy companies are increasingly looking to also ‘dissolve the controls” in an effort to reduce operational and hardware cost by allowing end users to acquire and manage their own hardware. When many users are allowed to self administer their own computers, it becomes relatively easy for them to install all manner of questionable applications (e.g. peer to peer) and even tamper or disable Antivirus or endpoint firewall policies. This introduces a great challenges to network security staff, as this self imposed ‘back door’ creates a vulnerability and risk that needs a solution.
NAC (Network Access Control), continues to generate a lot of enthusiasm, and correspondingly, a large number of corporate initiatives to ensure the security and ‘health’ of endpoints connecting to the corporate network. An August survey of McAfee’s customers shows that 68% of companies are evaluating or have already deployed a NAC (Network Access Control) solution. A great potential for a NAC solution is to ensure that machines that are outside of some compliance standards cannot access corporate resources unless they meet a minimal standard of health, such as
- Security tools are up to date: is AV and Anti-Spyware on are signatures within a certain age limit? Are DLP solution installed and working properly?
- Are only acceptable applications present. e.g. no Peer to Peer applications.
- Once a machine is on the network, is it ‘clean’? For example, is it infected with a bot or other malware that a NAC solution can detect.
NAC has the potential to ensure investments in security tools are maintained. More on this in an upcoming post.