Use of external portable devices by employees (BYOD) bypass the traditional multi-tier security. A case study on how Network Access Control (NAC) can be used as a solution to the disappearing perimeter.
Presenter: Rahul Desai
The Ultimate Guide to Choosing WordPress Pros and Cons
NAC - A Solution for Disappearing Perimeter
1. 1
NAC - A Solution for
Disappearing Perimeter
December 11, 2013
Rahul Desai
Company Proprietary and Confidential
NAC - A Solution to Disappearing Perimeter
2. Agenda
•
•
•
•
2
Understanding Today's Threat Landscape
BYOD - Bring Your Own Device
NAC - A Solution for BYOD Security Threats
Case Study
Company Proprietary and Confidential
NAC - A Solution to Disappearing Perimeter
3. Changing Threat Landscape
3
• Conventional Threats and Security Models
• Generic threats for mass disruption
• Multi-tier security approach
• Reactive by design; mainly address known threats
• Emerging Threats
• Polymorphic and zero-day
• Personalized and targeted
• Evolving Threat Vectors
• Increasing BYOD culture – more Internal threats
• Limited control on non-compliant, with conventional approach
• Fear of the unknown!
Company Proprietary and Confidential
NAC - A Solution to Disappearing Perimeter
4. BYOD: Bring Your Own Device
4
• Bring Your Own Device
• Use of personally owned devices like smartphones, tablets and
laptops at workplace
• Flexibility to users by allowing non-WinTel platforms
• 95% of Enterprises allow BYOD in some form
• Security concerns introduced with BYOD
• Increased internal threat to data – Customers, I-P, employees’
personal information
• Better means for ‘Bad leaver’ to harm
• Existing infrastructure security limitations
• Lesser control on users, system. Disappearing Perimeters!
Company Proprietary and Confidential
NAC - A Solution to Disappearing Perimeter
5. NAC: A Solution to BYOD Security Threats
5
• BYOD Security Solutions: VDI, MDM and NAC.
• NAC for BYOD works independently, addresses all platforms,
maintains the user experience and protects data at the Network level.
• Network Access Control
• Unification of network security, endpoint security and user/system
authentication
• Targeted at Security policy enforcement, identity/access
management and mitigation of zero-day threats
• NAC for BYOD Security Vs. NAC for Conventional Network
• Agentless and inline
• Wired and wireless network coverage
• Addressing the unknown!
Continued
Company Proprietary and Confidential
NAC - A Solution to Disappearing Perimeter
6. NAC: A Solution to BYOD Security Threats
6
Employees
Wired/Wireless
Contractors
Network Access
Guests
• User Identity Management
• Security Policy Enforcement and
Remediation
Company Proprietary and Confidential
NAC - A Solution to Disappearing Perimeter
7. Case Study: Introducing BYOD in a Multinational FMCG
7
• Multinational FMCG organization
• 80+ Countries, 200+ Locations worldwide
• Mixed IT environment
• Unix, Windows Servers; Windows Desktops and Laptops
• Official acceptance of BYOD
• To additionally allow Smartphones, Tablets (iOS and Android) and
MacBooks
• Challenges:
• Increased IT Infrastructure management cost (time, effort and
increased risk)
• Inadequate IT Security controls to accommodate mobile devices
• Lack of employee awareness of BYOD best practices
Continued
Company Proprietary and Confidential
NAC - A Solution to Disappearing Perimeter
8. Case Study: Introducing BYOD in a Multinational FMCG
8
• Solution: Integrate NAC into existing IT security infrastructure
• Policy based Network access control
• Transparent to compliant end-users
• Host integrity enforcement through Remediation system
• Optional remediation mechanism for Smartphones
• NAC Implementation Process
• Identify the scope of devices to be allowed
• Define and update IT Security policies and controls
• Implement and rollout
• Use Cases
1. MacBook is running older Mac OS.
2. iPhone is running a restricted application.
3. An employee’s personal Windows laptop does not have Antivirus
installed.
Company Proprietary and Confidential
NAC - A Solution to Disappearing Perimeter