Debate

Share this article:

FOR, by Hilik, Kotler, co-founder and VP for business development, Promisec

NAC vendors purport to provide a solution for internal threats; however, NAC is a partial solution which addresses only a small part of the problem.

In contrast, endpoint security looks at the make-up and operation of all desktops, laptops and servers in a network to make sure no hidden threats exist that could expose the organization to a full-blown security breach.

Although NAC includes elements of endpoint security, businesses should not make the mistake of believing that the two technologies are one and the same. NAC, by definition, ensures that only devices which are authorized and deemed "clean" from security threats are allowed network access. It does not handle

the problem of non-compliant behavior — intentional or otherwise — once an endpoint device is connected to the network.

Comprehensive endpoint security products address the full scope of internal threats that niche products — such as device protection, application protection and NAC — cannot achieve on their own.

AGAINST, by Alan Shimel, CSO, StillSecure

We talk about "complete NAC," which incorporates several capabilities that work together to protect the network.

The first is pre-connect testing, accomplished using an agentless or agent-based approach. Pre-connect testing is deep and expansive, but most importantly, can be used on both managed and unmanaged devices.

Second is post-connect monitoring.

Utilizing behavior-based and signature-based traffic analysis, malicious network activity triggers an immediate response to quarantine the offending device.

Third is identity-based access control, where devices only have access to permitted assets.

NAC and endpoint security are linked. We would all be safer if networks only consisted of managed devices, but the reality is that networks are open to vendors, contractors, guests, and others not under our control. The fundamental difference: NAC protects the network and its key assets. Endpoint security protects the endpoint. There is a place for both in today's layered security model.

 

THREAT OF THE MONTH:

Unsecured outsourcing

What is it?

Organizations work with an increasingly complex mix of outside firms on collaborative endeavors, extended business operations and cooperative ventures. A contractor can
easily circumvent the minimal protections often applied to the sensitive files stored on corporate servers.

How does it work?

It is easy to copy full files and transport them, either to innocently perform required work, or with the intent to sell proprietary information for profit. Shielding information from inadvertent disclosure and ensuring data privacy in this more open environment is a significant challenge.

Should I be worried?

This can result in the sharing of intellectual property, business plans or internal communications, and can strike at the core of a business.

How can I prevent it?

Protect data by encrypting files stored on servers. 

Secure all data exchanges with business partners. Take measures to include business partners in your data security practices. 

Centrally enforce security policies on the use of removable media. A combination of access control and the use of company issued encryption keys make it very difficult for unscrupulous contractors to smuggle information out of an organization.

— Malte Pollmann, vice president, products, Utimaco

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not ...

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.