Network Control (NAC) is the process of leveraging security protocols such as endpoint monitoring 和 身份和访问管理(IAM) 最大限度地控制谁或什么可以访问专有网络.
经常, there are 系统s on a network that simply do not receive the same level of visibility as others. 因此,这些成为威胁行为者破坏网络的更容易的访问点. 根据Forrester, “security 和 risk pros need to address problems introduced by a mobile 和 remote workforce incentivized by cloud integrations. NAC解决方案过去和现在仍然被认为是复杂和昂贵的,难以有效部署.”
显然,每个组织的NAC看起来都不一样. 因此,让我们来看看两种不同类型的过程:
这种类型的NAC网络安全控制确保一个人, 系统, 或者希望访问网络的设备在实际访问之前被检查出. IAM authentication procedures can be leveraged during this process to ensure no one or thing is granted access to a network that doesn’t have a right to be there.
This type of NAC control essentially “follows” an authenticated user around the network, continuously verifying their credentials to ensure they aren’t admitted to a part or segment of the network they don’t need in order to do their job or complete a task. 以这种方式, 如果一个威胁行为者进入了一个特定的部分, 他们会被隔离在那个区域, 保护大型网络.
你需要NAC,因为有大量的威胁行为者在寻找 蛮力 他们通过低或不受监控的接入点进入网络. Visibility 和 automation are necessary to be able to cover the large scale of many enterprise networks, NAC解决方案可以在这些领域提供保护.
这种类型的安全解决方案的内在好处包括:
So, how exactly would an NAC solution help to fortify security posture 和 contain threats? NAC程序的具体功能有很多, 并最终有助于统一认证协议, 端点配置, 以及对企业环境的全面访问.
在为您的特定环境寻找NAC解决方案时, Gartner®州 “组织应评价下列能力”:
除了这些功能之外, it’s important to remember that compliance – as noted above – is critical 和 is also a moving target. 为了保持NAC解决方案功能的有效性, it’s a good idea for security practitioners to conduct periodic assessments 和 audits.
Scheduling regular network assessments 和 audits can ensure compliance with secure configurations, 密码策略, 以及接入网的控制要求. Assessing network security against internally constructed benchmarks can also help mitigate threats.
NAC solutions are ubiquitous 和 they can do different things depending on the specific environment of the security organization looking to leverage its capabilities. 让我们看一下一些更常见的用例.
随着员工将更多的物联网设备带入公司网络, IT teams must keep pace to try 和 ensure they are operating securely on the network. 自动化这个过程可以简化这个领域的操作, helping to authenticate each device 和 determine if its reason for accessing the network is valid.
从BYOD趋势开始, it's been an ongoing evolution of how to balance the benefits with the risks that arise from letting your employees 和 partners use their own devices on the internal or corporate network. Powerful NAC solutions like authentication protocols 和 multi-step verification technologies have helped to ensure security while these devices are accessing the network.
当涉及到供应商, we’ll assume you’ve thoroughly vetted these partners 和 entrusted a portion of your business practices 和 services to their care. This means each of these providers will need at least a degree of access to your corporate network, with network segmentation helping to facilitate that access as well as protecting the network as a whole.
You implement network access control by adhering to some stringent best practices that will help ensure the solution has its best chance to protect the organization.