What is Network Access Control? 

网络控制(NAC)是利用安全协议的过程,如端点监视和 identity 和 access management (IAM) to maximize control over who or what can access a proprietary network.

经常, 网络上有一些系统无法获得与其他系统相同级别的可见性. Therefore, those become easier access points for a 威胁的演员 破坏网络. 根据Forrester, “安全和风险专家需要解决由云集成激励的移动和远程员工所带来的问题. NAC解决方案过去和现在仍然被认为是复杂和昂贵的,难以有效部署.”

Obviously, NAC can 和 will often look different for each organization. Therefore, let’s take a look at two different types of the process:

入院前

This type of NAC cybersecurity control ensures a person, 系统, or device that wishes to access a network is checked out before they actually do so. 在此过程中可以利用IAM身份验证过程,以确保没有人或事物被授予无权访问网络的权限.

Post-admission

这种类型的NAC控制本质上是在网络中“跟随”经过身份验证的用户, 不断验证他们的凭据,以确保他们不会被允许进入他们不需要的网络的一部分或段,以完成他们的工作或完成任务. 以这种方式, if a 威胁的演员 were to gain access to a particular segment, they would be walled off in that segment, protecting the larger network.

Why Do You Need Network Access Control? 

You need NAC because of the amount of 威胁的演员s looking to 蛮力 their way onto a network via low or unmonitored access points. 可见性和自动化是能够覆盖大量企业网络的必要条件, 和 an NAC solution can offer protection in these areas.

NAC解决方案的好处

The inherent benefits of this type of security solution include:

  • 节约成本: By limiting the amount of threat-actor access points on a network, you limit the number of incidents. Even if your security org has the most advanced 和 fastest 脆弱性管理事件响应 程序,NAC解决方案将有助于更多地关闭不必要的事件.
  • 合规: NAC solutions help with regulatory st和ards of all kinds, 无论是在较小的范围内,比如一个州或领土,还是在较大的范围内,比如一个国家或王国. By controlling network access points, 它向监管机构表明,企业或安全组织对每个人都有最好的意图.
  • 最小化 攻击表面关闭接入点,只对那些需要访问的人,有助于分割网络,以便, if a bad actor were to gain access, the damage would likely be limited to that particular segment.
  • 身份验证实现像多因素身份验证(MFA)这样的IAM协议可以帮助彻底验证请求网络访问的人或资产是否确实有权在网络上. 零信任安全 is also a powerful model to ensure proper network access.
  • 更强的安全态势通过将NAC集成到您的安全程序中,您正在超越平均能力. 您正在创建一个更强大的安全态势,确保您的网络被锁定,每个人和每件事都正确地验证到他们需要的地方.

Network Access Control Capabilities

那么,NAC解决方案究竟如何帮助加强安全态势和遏制威胁呢? An NAC program’s specific capabilities are many, 和 can ultimately help to unite authentication protocols, 端点配置, 和 overall access to an enterprise environment.

When it comes to searching out an NAC solution for your specific environment, Gartner®州 that “an organization should evaluate the following capabilities":

  • 设备能见度/分析:哪些设备正在尝试访问公司网络,它们的风险概况是什么? 
  • 访问控制这是NAC解决方案的功能,它实际控制谁能进入,谁不能进入. 
  • 安全态势检查: A cloud security posture management (CSPM) 功能可以提供对应用程序和工作负载配置的可见性.
  • 客户管理: Users can manage guests requesting access to the corporate network, including authentication 和 granting limited access.
  • Bidirectional integration with other security products: It's important – particularly during the shopping process – that security operations center (SOC) 领导者需要一个NAC解决方案,它可以集成和扩展他们当前的安全解决方案套件.

In addition to these capabilities, 重要的是要记住,合规——如上所述——是至关重要的,也是一个不断变化的目标. In order to maintain the efficacy of an NAC solution’s capabilities, 安全从业人员进行定期评估和审计是个好主意.

定期安排网络评估和审计可以确保符合安全配置, 密码策略, 和 access network control requirements. 评估 网络安全 against internally constructed benchmarks can also help mitigate threats.

Network Access Control Use Cases

NAC解决方案无处不在,它们可以根据希望利用其功能的安全组织的特定环境做不同的事情. Let’s take a look at some of the more common use cases.

Internet of Things (IoT) Devices

As a workforce brings more IoT devices onto the corporate network, IT团队必须跟上步伐,努力确保他们在网络上安全运行. Automating this process can streamline operations in this area, 帮助验证每个设备,并确定其访问网络的原因是否有效.

Bring Your Own Device (BYOD)

From the beginning of the BYOD trend, 如何平衡让员工和合作伙伴在内部或公司网络上使用自己的设备所带来的利益与风险,一直是一个不断发展的过程. 强大的NAC解决方案,如身份验证协议和多步骤验证技术,有助于确保这些设备访问网络时的安全性.

供应链合作伙伴

当涉及到供应商, 我们假定您已经彻底审查了这些合作伙伴,并将您的部分业务实践和服务委托给他们. 这意味着这些提供商中的每一个都至少需要一定程度的访问您的公司网络, 网络分段有助于促进访问,并保护整个网络.

How Do You Implement Network Access Control? 

通过遵循一些严格的最佳实践来实现网络访问控制,这将有助于确保解决方案有最佳的机会来保护组织. 

  • Conduct a thorough assessment of network needs: Prior to implementing an NAC solution, 重要的是要知道网络的访问漏洞在哪里,以及它们在不久的将来可能存在的地方. 您最需要哪些关键访问控制来保证网络操作的安全?
  • Ensure the right credentials go to the right person: If you’re going to implement an NAC solution, it’s critical to ensure there aren’t liabilities in the area of privileges. Cloud infrastructure entitlement management (CIEM) 策略(如零信任)可以通过确保每个人在被授予访问权限之前都以多种方式进行严格的身份验证来帮助减轻这种潜在的漏洞.
  • Educate yourself when vendor vetting: We've discussed partners 和 vendors a bit already, 但这一点不能被低估:NAC供应商应该提供强大的产品,帮助保护您的网络免受未经授权的访问和潜在的攻击或数据盗窃. 购买能够做到这一点的解决方案的唯一方法是彻底研究并与NAC供应商交谈,以确保该功能能够满足您组织的特定需求.
  • 了解你的网络优势: How far does your network extend 和 what are its specific cloud operations? Network perimeters can expand all over the globe, but that doesn’t mean it’s impossible to secure access points.