Saturday, March 31, 2012

Network Access Control Vendors Reviewed

One of the core principles of Information Security is that organizations should have preventive, detection, and corrective controls in place to protect their infrastructure and data. If one looks at annual spending in Information Security it is dominated by preventive controls such as firewalls, anti-spam, and anti-virus solutions. One thing that those solutions have in common is that they all fail. In dealing with many clients we see a lack of detective and corrective tools and processes in place to respond to the inevitable breakdowns that occur because of user errors, zero-day attacks, or sophisticated adversaries.

To get a quick overview of your environment, can you answer questions such as these:
  • What devices are on your network?

  • Are they compliant with current policies?

  • Are there any unauthorized devices (such as tablets and mobile phones) on the network?

ForeScout Technologies has a great solution, CounterACT, that is marketed as a NAC (Network Access Control) but provides much more functionality that helps organizations deal with the device on their network. It provides an internal intrusion detection system to identify devices that have gone “rogue” (are trying to spread malware or viruses) through a dynamic “honeypot” solution.

In addition, it can inventory devices to detect when they are not compliant with companies policies, such as not running and AV solution or not encrypted. It also provides corrective controls to warn users and administrators of a potential issue, automate remediation through scripting interfaces, and it can quarantine devices and/or processes that are not supposed to be running.

The Tolly Group has issued a report on behalf of ForeScout that compares the main competitors in the NAC marketplace across 34 different criteria. To access this report please click here. If you would like more information, please reach out to us.