Protect the network from devices that rarely visit your office
Over the last few years there has been a slow but steady increase in the use of 802.1X and Network Access Control technologies to secure corporate LANs. However, the increase in mobile and home worker employees means that these remotely connected users are becoming a significant percentage of the devices accessing your work LAN, and does your trusted dot 1X solution still have a role to play?
The issues here are many but let’s start with the most likely method of connection from their location to your network, VPNs. This technology is all about creating a tunnel between them and you, which is encrypted to a standard you trust, such that people (just about) can’t snoop on your data. The potential weakness for remote workers is the local wireless connection, but assuming you put the VPN client on the PC/Laptop, you have done all you can reasonably do here.
You might then opt for a second layer of security, which is to verify that this device is with the user it’s meant to be with and involve some form of two factor authentication too. So now you have a secure tunnel and a check on the end user, pretty good, but notice the one thing you haven’t checked yet? The state of the device itself.
The biggest issue with home and mobile workers devices is that the security of the machine itself is not checked on a regular basis. And the longer it stays away from your corporate network, the greater the risk there is of it drifting into a compromised state. This can be anything from the version of AV, how often it's patched, what’s been downloaded onto it, new threats that your corporate world might know of but not generally covered yet, kids, USB sticks, etc etc. There are a multitude of potential issues.
So, the challenge is, can we take the technologies you trust in NAC and 802.1x and get them to monitor the state of mobile and remote machines each time they join your network from afar, whilst managing the risks they might have picked up along the way?
One such solution is Portnox Clear. It’s basically 802.1X in the Cloud; with end user risk assessment and policy driven remediation rolled into one solution. And as automated as you want it to be.
Our engineers are on hand for a chat or demo.