Recently, researchers at Purdue University analyzed how quickly malware, introduced via a mobile or other endpoint device, can spread throughout a network. The startling results found that malicious software can propagate to roughly 500,000 devices in just 100 seconds. That's all it takes for one rogue device to take down an entire network and put sensitive corporate data at risk.
Armed with this knowledge, a network professional looking for a secure network access control (NAC) solution for bring-your-own-device (BYOD) recently conducted an experiment. Using his mobile phone, he logged onto his corporate network and watched the seconds tick away. He found that it took 45 seconds for that vendor's solution to identify his device on the network.
His simple experiment highlights a fundamental flaw: it can only identify a device after it has connected to the network. As proved by Purdue's research, many bad things (malware, viruses, hacking into corporate data, etc.) can happen in 100 seconds, 45 seconds, or even one second, before that rogue device is detected and booted off the network. Unfortunately, whatever security measures you take at that point are meaningless because the damage has already been done—the device is like a fox in the henhouse, wreaking havoc.
It's critical that organizations looking to protect themselves from threats introduced via mobile devices look for a solution that identifies devices and applies access policies BEFORE allowing devices on the network. Decisions about whether a device should be on the network, and what access to give it, need to occur before the connection takes place. This needs to be a prerequisite if BYOD is to be a serious option for any enterprise, school, hospital or other organization.
The following are three “must-haves” when considering the right BYOD solution:
- Visibility must include not just the device type, but also the software configuration (including whether anti-virus and malware protection is up to date), the user the device is associated with, and even the location and time of day the device is trying to log on.
- Control that must provide the ability to define and enforce highly granular access policies based on who the user is, which device he or she is using, where and when they are using it.
- Remediation must be built in to fix problems like out of date anti-virus software or operating system patch.
All this activity must take place automatically, so IT departments can enable BYOD easily and securely across their organization. If all of these elements are taken into consideration when selecting a solution for BYOD security challenges, IT won't be plagued by the 45-second window and can sleep much better knowing that no device is entering their network without prior knowledge.