1. /
  2. Confident Insights Newsletter/
  3. Network Access Control to the Rescue

Network Access Control to the Rescue

September 24, 2007

Summary

Remote and mobile users compound risk every time they connect to the Web via their non-compliant laptops at coffee shops, hotel rooms, or other insecure locations where they are even more vulnerable to attack or infection.

Introduction

Whenever a new laptop or desktop is deployed in your business, you probably take steps to ensure the device is configured in line with your security policy, including all the applicable security updates, approved application sets, antivirus software, firewall settings, and other configuration settings. Once those machines are put into use, however, it is easy to lose those initial configurations. In the meantime, users could be installing new software, blocking patch updates, disabling firewalls, or making other changes that put the device – and ultimately your entire IT infrastructure – at risk. Remote and mobile users compound that risk every time they connect to the Web via their non-compliant laptops at coffee shops, hotel rooms, or other insecure locations where they are even more vulnerable to attack or infection.

Protecting the targets

Today's threats not only target specific businesses, but they also target desktops, laptops, and other endpoints as backdoor entryways to a business' operations and resources.

How well a SMB manages the security of each endpoint directly correlates to the overall security and availability of the business’ IT infrastructure and operations. Network access control helps ensure your user endpoints (including those of remote employees, guests, contractors, and temporary workers) are properly configured and secured before they are allowed to access resources on your business network.

Network access control guarantees that each endpoint continually complies with security and configuration management policies. Failure to guarantee endpoint policy compliance leaves businesses vulnerable to a wide array of threats, including the spread of malicious code throughout the enterprise, disruption of business-critical services, increased IT recovery and management costs, exposure of confidential information, damage to reputation, and regulatory fines due to non-compliance.

Many businesses are still hesitant to embrace network access control, and instead, employ patch management or software distribution solutions. These solutions work on a predetermined schedule to correct computers that have slipped out of compliance back to their proper states. The problem is that once the computer has been infected and then connected to the network, those solutions do too little, too late. Patch management or software distribution solutions are also ineffectual against users with administrator privileges who think they are exempt from business policy and, as result, block attempts to roll back their computers to their proper state of configuration.

Network access control solutions enable businesses to prevent those kinds of scenarios from affecting the IT infrastructure. Before any computer can access the production network and its resources, that computer must be in total compliance with established business policy, such as proper version levels of security patches, antivirus software, and virus definitions. However, in spite of their ability to prevent non-compliant endpoints from attaching to the business network, network access control solutions have not been embraced by some organizations for a variety of reasons, including the fact that many solutions:
  • Fail to deliver effective enforcement and remediation
  • Increase the number of management agents that must be installed on the endpoints
  • Introduce too much complexity and too many disruptions to the IT infrastructure
  • Lack the flexibility to meet business' unique needs, such as appropriately accommodating guest and temporary workers
  • Fail to properly integrate with the overall endpoint security management infrastructure

Symantec Network Access Control

Symantec Network Access Control addresses all of these concerns with an end-to-end solution that controls access to business networks, enforces endpoint security policy, and is OS-neutral, so it easily integrates with existing IT infrastructures. The architecture behind Symantec Network Access Control is comprised of three key components:
  1. Endpoint evaluation technologies assess the state (checks if they are compliant or noncompliant with policy) of endpoints attempting to access the network
  2. Enforcers act as the gate/door that permits or denies access to the network
  3. Policy management creates, edits, and manages network access control rules or policies via a central management console
By leveraging the endpoint compliance verification and enforcement capabilities of Symantec Network Access Control, your business can benefit from:
  • Greater network availability and reduced disruption of services for end users
  • Verifiable near-real-time endpoint compliance data
  • Minimized TCO as a result of a centralized management architecture
  • Verification that endpoint security investments such as antivirus and client firewall technologies are properly enabled

Conclusion

For many SMBs, the growth and productivity that results when employees can connect from anywhere via multiple devices is tempered by the potential threats that may be introduced to the network. Symantec Network Access Control provides control over all your endpoints without interfering with operations. It is easy to deploy, easy to manage, and allows you to relax, knowing all your business' endpoints are being carefully monitored.

Back to Newsletter