© 2012 ForeScout Technologies, Page 1 Bob Reny, Sr. Systems Engineer Do you know NAC? Data Connectors - Vancouver 4/25/2013.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
Managed Infrastructure. 2 ©2015 EarthLink. All rights reserved. IT resources are under pressure… is it time to rethink the IT staffing model? Sources:
© 2012 ForeScout Technologies, Page 1 Toni Buhrke, MBA, CISSP - Senior Security Solutions Architect Addressing the BYOD Challenge.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
© 2008 McAfee, Inc. “Endpoint” Security Defining the endpoints and how to protect them.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Information Security in Real Business
Wireless Network Security
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,
© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
SYSTEM CENTER: ENDPOINT PROTECTION FUNDAMENTALS Howard A. Carter III Senior Consultant Microsoft Consulting Services September 21, 2013 TechGate 2013 –
It’s Not Your Father’s NAC: Next-generation NAC
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
SMART SECURITY ON DEMAND NETWORK ACCESS CONTROL Control Who And What Is On Your Network Larry Fermi Sr. Systems Engineer, NAC Subject Matter Expert.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Selecting the Right Network Access Protection Architecture
Tim Vander Kooi Systems
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
May 2015 Toni Buhrke, Director Systems Engineering.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Network Access Technology: Secure Remote Access S Prasanna Bhaskaran.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Wireless Intrusion Prevention System
Scott Teeters, Jr. MicroSolved, Inc. in partnership with Sogeti USA How to Fail A Penetration Test Concepts in Securing a Network.
Synchronized Security Revolutionizing Advanced Threat Protection
Agency Introduction to DDM Dell Desktop Manager (DDM) Implementation.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Reducing server sprawl and IT power/cooling costs Moving from reactive to proactive state Quickly troubleshooting PC and laptop issues Deploying new.
Presented by MPIRIRWE BYANAGWA STEPHEN. An approach to computer network security that attempts to unify endpoint security technology (such as antivirus,
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
IT Pro Day MDMC Daniel von Büren V-TSP / Senior Consultant / CTO, redtoo ag Modern Device Management through the Cloud.
Copyright © 2008 Juniper Networks, Inc. 1 Juniper Networks Access Control Solutions Delivering Comprehensive and Manageable Network Access Control Solutions.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015.
Mobile Security Solution Solution Overview Check Point Mobile Threat Prevention is an innovative approach to mobile security that detects and stops advanced.
Kevin Watson and Ammar Ammar IT Asset Visibility.
LANDesk Software Confidential Data Analytics LANDESK Day 5. March 2014 Jan Pisarik Technical Presales Manager.
Unified Endpoint Management and Security Mobile Device Management.
Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication.
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Chapter 7. Identifying Assets and Activities to Be Protected
The Game has Changed… Ready or Not! Andrew Willetts Technologies, Inc.
VCE Practice Test Questions Answers
Network Access Control 101 Securing the Critical Edge of Your Network
2018 Real Cisco Dumps IT-Dumps
Check Point Connectra NGX R60
PLANNING A SECURE BASELINE INSTALLATION
Network Access Control
IT Management, Simplified
IT Management, Simplified
Presentation transcript:

© 2012 ForeScout Technologies, Page 1 Bob Reny, Sr. Systems Engineer Do you know NAC? Data Connectors - Vancouver 4/25/2013

© 2012 ForeScout Technologies, Page 2 The Origin of Network Access Control Blaster - $320 million damage Sasser - $500 million damageCode Red worm – $2 Billion damage SoBig- $37.1 billion damage MyDoom - $38.5 billion damage

© 2012 ForeScout Technologies, Page 3 Cisco’s Answer (2004) Source:

© 2012 ForeScout Technologies, Page 4 Cisco’s Answer (2004) Source:

© 2012 ForeScout Technologies, Page 5 Cisco’s Decision to Use 802.1x

© 2012 ForeScout Technologies, Page 6 Initial Hype – Then Massive Disappointment

© 2012 ForeScout Technologies, Page 7 Do You Know NAC? WRONG!

© 2012 ForeScout Technologies, Page 8 BYOD phenomenon Ubiquitous expectation of wireless networks Greater concern over data leakage –Need to keep private data from getting onto the wrong devices Greater realization that desktop security is hard –IT managers want a third-party check on PC security posture Products are better Today The NAC Market is Booming

© 2012 ForeScout Technologies, Page 9 Simpler, less complex Easy to deploy and manage Help you control BYOD Provide tremendous visibility Offer a range of enforcement options Integrate with other security infrastructure (SIEM, MDM, etc.) Deployment options – physical, virtual, managed services Modern Network Access Control Products Great variations exist between vendors’ NAC products, but the best products are:

© 2012 ForeScout Technologies, Page 10 Visible Not Visible Why Do You Need NAC? -- Visibility NAC Real-time Visibility and Automated Control Endpoints Network Devices Applications Corporate Resources Antivirus out of date… Unwanted application… Encryption/DLP agent not installed… Protection Possible No Protection Possible Users Non-Corporate ?

© 2012 ForeScout Technologies, Page 11 The Poster Child for Visibility: Smartphones Smartphones at a major hospital – Believed they had 8,000 devices on the network – They actually had 12,000 – The culprit? Smartphones – No security measure in place

© 2012 ForeScout Technologies, Page 12 Policy automation –Roll out and enforce standardized security policies –User acknowledgement Guest management automation –Wired and wireless guest registration –Role-based access Asset management automation –Maintain accurate inventory control –Hardware and software Why Do You Need NAC? -- Cost Savings

© 2012 ForeScout Technologies, Page 13 Why Do You Need NAC? -- BYOD Control

© 2012 ForeScout Technologies, Page 14 “NAC provides one of the most flexible approaches to securely supporting BYOD.” “No matter what [BYOD] strategy is selected, the ability to detect when unmanaged devices are in use for business purposes will be required — and that requires NAC.” Why Do You Need NAC? -- BYOD Control Gartner, “NAC Strategies for Supporting BYOD Environments”, 22 December 2011, Lawrence Orans and John Pescatore

© 2012 ForeScout Technologies, Page 15 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints

© 2012 ForeScout Technologies, Page 16 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only

© 2012 ForeScout Technologies, Page 17 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only  Ensure security agents are installed, running, and up-to-date

© 2012 ForeScout Technologies, Page 18 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only  Ensure security agents are installed, running, and up-to-date  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports

© 2012 ForeScout Technologies, Page 19 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only  Ensure security agents are installed, running, and up-to-date  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows, Mac, Linux, iOS, Android, …

© 2012 ForeScout Technologies, Page 20 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only  Ensure security agents are installed, running, and up-to-date  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows, Mac, Linux, iOS, Android, …  Role-based network access control

© 2012 ForeScout Technologies, Page 21 Agent-based endpoint security solutions are only good if they are installed, running and updated. Agent-based systems have blind spots. –“We identified that McAfee ePO was pushing DAT files properly, but ForeScout found a couple hundred endpoints where the McShield service was not running.” –“On another occasion, McAfee ePO failed to receive and push DAT files for a week. Desktop operations was unaware because McAfee ePO was unaware. ForeScout noticed the problem and notified the InfoSec team.” Example: Endpoint Security Validation

© 2012 ForeScout Technologies, Page 22 Why Do You Need NAC? -- Endpoint Security Traditional Security AgentsAgentless NAC Managed Endpoints Unmanaged Endpoints  Protect system from attack (malware)  Protect data (encryption, DLP)  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows only  Ensure security agents are installed, running, and up-to-date  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Windows, Mac, Linux, iOS, Android, …  Role-based network access control  Detect and control unmanaged endpoints  Detect and control rogue network devices  Identify unauthorized applications  Update software and configuration  Compliance and inventory reports  Role-based network access control

© 2012 ForeScout Technologies, Page 23 Why Do You Need NAC? -- Network Access Control Guest Network SalesFinance HR Sales Finance Employees HR

© 2012 ForeScout Technologies, Page 24 Agenda History of NAC Why the NAC market is booming Selecting a NAC product

© 2012 ForeScout Technologies, Page 25 Technology that identifies users and network-attached devices and automatically enforces security policy. What is Network Access Control (NAC)? GRANTED LIMITED BLOCKED FIXED

© 2012 ForeScout Technologies, Page 26 –Who are you / group? –What device? –Device configuration? –Security posture? –Device location? –Time of day? What is Network Access Control (NAC)?

© 2012 ForeScout Technologies, Page 27 NAC comes in many flavors... –Network framework NAC –Endpoint software NAC –Out-of-band appliance NAC –In-line appliance NAC You have to determine which flavor is best for your environment and users NAC Basics – Form Factor

© 2012 ForeScout Technologies, Page x VLAN change ARP poisoning In-line blocking ACL management TCP resets DHCP NAC Basics – Network Enforcement Mechanisms

© 2012 ForeScout Technologies, Page 29 Agent-based –Well, the agent must be working! –Provide deep intelligence –More complex to manage –May impact endpoint performance –May not work in an unmanaged environment (BYOD) Agent-less –Less complex to operate –Easy integration with network intelligence –Easily adaptable to BYOD environments –Easy integration with network enforcement mechanisms –But may not provide as deep intel as agent-based NAC Basics – Agent or Agentless

© 2012 ForeScout Technologies, Page 30 Guest vs. employee Computers (Mac, Win, Linux) Virtual machines Printers and fax Handheld devices VoIP phones WAP devices Equipment USB devices Software Processes NAC Requirements – Accurate Discovery

© 2012 ForeScout Technologies, Page 31 Pre-connection –Comply with security policies –Meet regulatory requirements –Remediate problems Post-connection –Monitor endpoints to ensure that they remain compliant –Look for abnormal activity on the endpoints –Ensure that approved endpoints remain valid and are not spoofed NAC Requirements – Health Check

© 2012 ForeScout Technologies, Page 32 Support diverse types of users, devices, access methods –Managed and unmanaged devices –Employees, guests, contractors –Wired, wireless, VPN Provide a range of responses –Audit –Alert/Inform –Allow –Limit –Remediate –Block NAC Requirements – Flexibility

© 2012 ForeScout Technologies, Page 33 NAC Policy Engine Switch VPN Wi-Fi User Dir SIEM Windows Mac/Linux MDM Antivirus Advanced NAC – Integration

© 2012 ForeScout Technologies, Page 34 Switches Wireless VPN Databases Applications Endpoints Security Devices SIEM Example: Integration with SIEM

© 2012 ForeScout Technologies, Page 35 Switches Wireless VPN Databases Applications Endpoints Security Devices NAC SIEM Example: Integration with SIEM

© 2012 ForeScout Technologies, Page 36 Switches Wireless VPN Databases Applications Endpoints Security Devices Endpoint Posture and Context NAC SIEM Example: Integration with SIEM

© 2012 ForeScout Technologies, Page 37 Switches Wireless VPN Databases Applications Endpoints Security Devices Endpoint Posture and Context Remediation Actions NAC SIEM Example: Integration with SIEM

© 2012 ForeScout Technologies, Page 38 Example of Best-in-class NAC

© 2012 ForeScout Technologies, Page 39 ForeScout’s Third Generation NAC Horizontal visibility –Every device on the network Vertical visibility –Deep information about the device, software, and user Extensive range of actions –Inform, educate, remediate, control, block Easy to implement –Works with your existing network infrastructure

© 2012 ForeScout Technologies, Page 40 How It Works Out of band Agentless ForeScout CounterACT

© 2012 ForeScout Technologies, Page 41 ( ( ( ( ( ( ( See Grant Fix Protect What type of device? Who owns it? Who is logged in? What applications? ForeScout CounterACT

© 2012 ForeScout Technologies, Page 42 See Grant Fix Protect

© 2012 ForeScout Technologies, Page 43 See Grant Fix Protect Grant access Register guests Block access Restrict access ( ( ( ( ( ( ( ForeScout CounterACT

© 2012 ForeScout Technologies, Page 44 See Grant Fix Protect Remediate OS Fix security agents Fix configuration Start/stop applications Disable peripheral ForeScout CounterACT

© 2012 ForeScout Technologies, Page 45 See Grant Fix Protect Customized Policy Enforcement –Degree of disruption directly related to degree of violation –Multiple actions and conditions available and can be nested with Boolean logic –Policies are enforced at the point of connection and throughout the duration of the connection –Malicious threat detection is always on with enforcement actions configured by administrator

© 2012 ForeScout Technologies, Page 46 Is the software installed? -Run a script that can install software as an automated action Install Antivirus

© 2012 ForeScout Technologies, Page 47 Is AV not running? –Start software Additional action: –Notify user –Notify administrator Start Antivirus

© 2012 ForeScout Technologies, Page 48 Update Operating System

© 2012 ForeScout Technologies, Page 49 See Grant Fix Protect Detect unexpected behavior Block insider attack Block worms Block intrusions ForeScout CounterACT

© 2012 ForeScout Technologies, Page 50 Example of Best-in-class NAC

© 2012 ForeScout Technologies, Page 51 Thank You Insert contact information here

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.