Questions to Add to Your Network Access Control Request for Proposal

Similar documents
Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

Securing Your Most Sensitive Data

August knac! 10 (or more) ways to bypass a NAC solution. Ofir Arkin, CTO

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Cisco Network Admission Control (NAC) Solution

ForeScout ControlFabric TM Architecture

Comprehensive Database Security

Maximizing IT Security with Configuration Management WHITE PAPER

BUFFERZONE Advanced Endpoint Security

BUFFERZONE Advanced Endpoint Security

Symantec Network Access Control Starter Edition

2013 InterWorks, Page 1

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Secure IP Address Management Layer 2 Network Access Control Solution

Automating the Top 20 CIS Critical Security Controls

Network Segmentation Through Policy Abstraction: How TrustSec Simplifies Segmentation and Improves Security Sept 2014

Symantec Network Access Control Starter Edition

Understanding Network Access Control: What it means for your enterprise

Sage Data Security Services Directory

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Symantec Network Access Control Starter Edition

The Business Case for Network Segmentation

SYMANTEC DATA CENTER SECURITY

Detecting MAC Spoofing Using ForeScout CounterACT

The Value of Automated Penetration Testing White Paper

Shortcut guide to Web application firewall deployment

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

The McAfee MOVE Platform and Virtual Desktop Infrastructure

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

SIEMLESS THREAT DETECTION FOR AWS

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM

Audience. Overview. Enterprise Protection Platform for PCI DSS & HIPAA Compliance

Identity-Based Cyber Defense. March 2017

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Network Access Control Whitepaper

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

TNC EVERYWHERE. Pervasive Security

Novell ZENworks Network Access Control

Spotlight Report. Information Security. Presented by. Group Partner

Compliance in 5 Steps

Maximize Network Visibility with NetFlow Technology. Adam Powers Chief Technology Officer Lancope

Best Practices in Securing a Multicloud World

Networks with Cisco NAC Appliance primarily benefit from:

Managing BYOD Networks

Threat Modeling for System Builders and System Breakers!! Dan Copyright 2014 Denim Group - All Rights Reserved

ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Securing Today s Mobile Workforce

Executive Summery. Siddharta Saha. Downloaded from

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

An Investment Checklist

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Simplify PCI Compliance

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management

Security Solutions. Overview. Business Needs

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:

Operational Network Security

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Client Computing Security Standard (CCSS)

Vulnerability Management

Portnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview

The Convergence of Security and Compliance

COMPLETING THE PAYMENT SECURITY PUZZLE

2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.

PCI DSS Compliance. White Paper Parallels Remote Application Server

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Motorola AirDefense Retail Solutions Wireless Security Solutions For Retail

ANATOMY OF AN ATTACK!

SECURITY PRACTICES OVERVIEW

Cloud Customer Architecture for Securing Workloads on Cloud Services

Background FAST FACTS

Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0

Security and Compliance for Office 365

HOW MIDSIZE ORGANIZATIONS CAN MEET COMPLIANCE REQUIREMENTS AND ENHANCE CYBERSECURITY WITH MICRO-SEGMENTATION WHITE PAPER FEBRUARY 2018

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

SMARTCRYPT CONTENTS POLICY MANAGEMENT DISCOVERY CLASSIFICATION DATA PROTECTION REPORTING COMPANIES USE SMARTCRYPT TO. Where does Smartcrypt Work?

Mobile Data Security Essentials for Your Changing, Growing Workforce

Wireless Network Security

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

ForeScout Extended Module for Bromium Secure Platform

NEN The Education Network

ForeScout CounterACT. Automated Security Control Platform. Network Access Control Mobile Security Endpoint Compliance Threat Prevention

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

10 Hidden IT Risks That Might Threaten Your Business

Enterprise SM VOLUME 1, SECTION 5.7: SECURE MANAGED SERVICE

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

WHITE PAPER. Achieve PCI Compliance and Protect Against Data Breaches with LightCyber

Windows Server The operating system

Transcription:

Questions to Add to Your Network Access Control Request for Proposal Complete and real-time NAC is achievable if you ask the right questions September 2006 United States 1 Blue Hill Plaza Pearl River, NY +1.212.461.3620 info@insightix.com www.insightix.com International 13 Hasadna Street Ra'anana, Israel +972.9.748.4033

Contents Complete and Real-Time Network Access Control is Achievable...1 Recommendations for Your NAC RFP...1 Question #1 How do you define NAC?...1 Question #2 What are the prerequisites for your NAC solution to be implemented?...2 Question #3 What is the architecture of your NAC solution?...2 Question #3.1 How does your NAC solution perform element detection?...2 Question #3.2 How does your NAC solution perform compliance checks...3 Question #3.3 How does the quarantine mechanism of your NAC solution work?...4 Question #3.4 How does your NAC solution provide enforcement?...5 Analyzing RFP Responses...5 Technology...5 Time-to-Value...5 Total Cost of Ownership...5 About Insightix...6 By providing this document, Insightix is not making any representations regarding the correctness or completeness of its contents and reserves the right to alter this document at any time without notice.

Complete and Real-Time Network Access Control is Achievable Network Access Control (NAC) promises to allow only authorized and compliant devices to access and operate on a network. If implemented properly, NAC can lower the overall security risks faced by an enterprise. The need for NAC is clear, although many NAC offerings today are still expensive propositions that require network re-architecture and are based on a complex set of bypassable technologies. At the same time, many vendors have jumped on the NAC bandwagon with products that appear to provide NAC-like features, although do not offer full network coverage and leave an enterprise exposed to significant security vulnerabilities. The result is a confused marketplace. Despite this, NAC is achievable. You can implement complete and real-time NAC with your existing network setup. Your NAC deployment can be accomplished within your budgetary and implementation expectations. You can ensure that all the devices connected to your network are and remain authorized and compliant throughout their lifecycle on your network. Recommendations for Your NAC RFP Asking the right questions when evaluating NAC solutions can help you make the correct buying decision. In order to select and implement a valuable NAC solution, the following questions are recommended to include in your Request for Proposal (RFP). Question #1 How do you define NAC? Since NAC is a hot topic and considered by many to be the Next Big Thing in the IT security space, many vendors are misusing the term NAC do gain extra visibility. As a result, there are many products available today claiming to offer NAC, although not all of them offer a complete solution to achieve coverage of an entire network and ensure that only authorized and compliant devices are accessing and operating on a network. As a first question, it is essential to ask How do you define NAC? As an extension of this question, it is also worthwhile to understand what threats the NAC solution is designed to mitigate. - Page 1 -

Question #2 What are the prerequisites for your NAC solution to be implemented? These prerequisites are considered the tasks that must be performed and the expenses that must be incurred in order for the NAC solution to be implemented and operate as advertised. The answer to this question can reveal potentially hidden costs and complexities associated with implementing the NAC solution. Here are some additional questions to ask about the prerequisites of a NAC solution: Does the solution require changes to your network architecture? Does the solution rely on specialized networking gear? This question refers to the need for additional networking equipment from the vendor itself or a third party vendor. Does the solution require the networking equipment to be upgraded or replaced? Does the solution require the installation of software agents? How are admission checks performed? The answers to these questions enable you to calculate the total cost of ownership of the NAC solution, including deployment expenses, such as labor and hardware (upgrades, replacements, additional appliances or servers needed, etc.). Question #3 What is the architecture of your NAC solution? You should ask the NAC vendor to describe the architecture of its NAC solution. Requesting a description of the NAC architecture and then asking specific questions regarding the various techniques, methods and technologies help you determine the strengths and weaknesses of the proposed solution. Question #3.1 How does your NAC solution perform element detection? Element detection is a core feature that must be supported by a NAC solution. This essential NAC feature provides the ability to detect in real-time a new element attempting to attach itself to the network. If a NAC solution cannot perform element detection in real-time then it does not provide a valuable line of defense for your network. In other words, if the NAC solution does not support real-time element detection, you cannot expect it to defend against devices that it is not aware of. - Page 2 -

Additional questions that can be listed in this section of your RFP include: How does the solution detect the presence of a new element? Does the solution use agents for element detection? If the answer is yes, then not all devices can be detected. Elements on which agents cannot be installed must have their MAC addresses white listed. This leaves these types of devices open to MAC spoofing-based attacks. For example, the white listed MAC address of a printer can be detached and replaced with a laptop spoofing the MAC address of the printer without attracting the attention an agent-based NAC solution. Does the solution use the switch for element detection? It is important to know that not all switches support this capability. Relying solely on the capability if a switch to provide information regarding new elements connecting to the network is not reliable. Is element detection performed in real-time? If element detection is not performed in real-time, then there is a time gap in during which a malicious insider can freely operate on the network without being detected by the NAC solution. Does the element detection include hosts other than Microsoft Windows-based elements? If not, then a malicious insider using an operating system other than a Microsoft Windows-based operating system can freely operate on the network without being blocked by the NAC solution. How does the information regarding the elements residing on the network stays current? Does the solution utilize DHCP for element detection? If the answer is yes, then there may be other elements operating on the network that may not make use of DHCP. Any element that is configured with a static IP address may not be detected by the NAC solution. Does the solution utilize 802.1x for element detection? If the answer is yes, it means all networking equipment must support 802.1x and there may be other pre-requisites, such as the installation of a software agent. With such a NAC solution, you may need to white list non-802.1x compatible devices, which exposes your network to MAC spoofing-based attacks. Question #3.2 How does your NAC solution perform compliance checks Questions that can be listed under this section of your RFP include: What are the parameters that can be checked when an element is being admitted to the network? Is a software agent required when performing compliance checks? If answered yes, then the deployment of the NAC solution becomes complicated. As the number of systems that an agent - Page 3 -

should be installed on increases, so does the complexity of the deployment. What operating systems are supported with compliance checks? To what degree can the solution assist the organization in meeting the requirements of compliance regulations, such as Sarbanes- Oxley, GLBA, PCI and HIPAA? Can custom compliance checks be defined? Question #3.3 How does the quarantine mechanism of your NAC solution work? There are a variety of quarantine methods available, each with varying strengths and weaknesses. However, it is important for you to understand if the quarantine method of the NAC solution can be bypassed and if it allows a quarantined element to interact and infect other quarantined elements. In this section of your RFP, the following questions should be asked: Does the quarantine method rely on specialized hardware or software? When an element is quarantined, is it possible for it to be infected by other quarantined elements? You need to evaluate whether the quarantine area is shared between the quarantined elements. If so, they are able to easily infect and penetrate each other. When an element is quarantined, is it possible for other quarantined elements to try to penetrate into it? An attacker might use a shared quarantine area as its entry point to the network in order to infect the other quarantined elements with zero day malware. Once readmitted to the network, these elements may allow the attacker to access other parts of the network and information it should not access. Is the quarantine performed at Layer 2 or Layer 3? Layer 3 is problematic because elements are still able to interact with other devices on the local subnet. Layer 3 quarantining enables the local infection of quarantined elements by another quarantined element and the ability of a quarantined element to directly attack another quarantined element trying to abuse a certain vulnerability to gain unauthorized access to the network. Can the quarantine mechanism isolate virtual machines? As virtualization becomes an integral part of the data centers as well as R&D and QA environments, this is an important feature to make note of. Can elements connected to a non-managed switch to a hub be put into quarantine? - Page 4 -

Question #3.4 How does your NAC solution provide enforcement? How is enforcement performed? Is the enforcement is being done at Layer-2 or Layer 3? Layer 3 is problematic because elements are able to interact with other devices on the local subnet. Does the enforcement involve the networking gear? If so, how? The answer to this question may unveil hidden costs, ways to circumvent the solution, etc. Does the enforcement depend on specialized hardware? If yes, then there maybe additional deployment costs that you need to consider. Does the enforcement depend on specialized software? Can you enforce your NAC policy on individual virtual machines (specifically against virtual guests)? Analyzing RFP Responses The answers to RFP questions allow you to analyze the technology of the NAC solution, its time-to-value, and overall total cost of ownership. Each is important to take into consideration when making your buying decision. Technology Learn whether the offered NAC solution meets your security requirements. Evaluate the weaknesses of the offered solution and determine if the NAC solution may be easily bypassed. Time-to-Value One of the important aspects of deploying a NAC solution is how much time is required to deploy the NAC solution throughout the entire enterprise. This is an important consideration when deploying a NAC solution. Total Cost of Ownership Calculating the total cost of implementing the NAC solution, not just the licensing fee, is important for your evaluation. For each NAC solution you evaluate, take into consideration the costs associated with deployment, as these may increase the cost of the solution beyond your expectation. Included in the overall costs are the NAC product itself, any networking gear upgraded and/or replacements, servers and appliances needed for the NAC product and labor efforts required to implement and manage the solution. - Page 5 -

The NAC solution that provides you with a strong technology along with a short time-to-value at a reasonable total cost of ownership should be the NAC solution that you choose. About Insightix Insightix develops stateful IT visibility and network access control solutions. Insightix's solutions are agentless, provide full network coverage and deliver an immediate return-on-investment for network security, IT operations and regulation compliance. Insightix solutions are simple to use and overcome the technical limitations of existing solutions. Insightix customers include prominent companies in the banking, retail, media, transportation, manufacturing, education and additional industries. Insightix s investors include SoftBank Capital, Blumberg Capital, Quest Software (NASDAQ:QSFT) and several technology veterans. For more information, please contact Insightix at info@insightix.com or +1.508.620.4788. Please visit our web site at www.insightix.com. - Page 6 -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback