4 Things to Consider When Assessing Device Posture for Effective Network Access Control

4 Things to Consider When Assessing Device Posture for Effective Network Access Control

By Benny Czarny

One of the main reasons to have a NAC (Network Access Control) system in place is to keep risky devices from connecting to your organization’s network. Unfortunately, simply purchasing a NAC solution is not going to guarantee your protection.

You will also need to consider several other elements in addition to acquiring an NAC solution, including finding a product that provides protection without hindering employee productivity.

While the blocking, routing and admission of devices is usually taken care by the NAC system, there are other technologies that can help to ensure the users behind those devices have a painless experience when trying to connect.

Here are four things you should consider in addition to acquiring a NAC system:

#1. Device Risk

Devices are often determined to be risky or not based on whether they meet certain compliance standards. Compliance standards aim to run a set of checks in order to determine the likelihood of the device being compromised or falling short of regulatory requirements. They also check for risks related to data leakage or productivity loss.

These checks must constantly adapt and change as the threat landscape changes and as more device types need to connect to your network. Here are a few examples of checks that have changed over time:

  • Make sure the installed anti-malware software is running and that there are no important directories excluded from the scan
  • Checks for anti-malware software aren’t needed for users with iPhones or iPads
  • Checking to see if web protection is enabled on the user’s browser to prevent phishing and drive-by-infections
  • Make sure the device’s disk is encrypted and if so, check to see if its strong encryption and protecting the necessary directories

#2. Infection State

While anti-malware products are effective in protecting devices, no single anti-malware engine can provide protection against 100 percent of threats. In some cases, an engine may either fail to remove a threat that is detected or fail to detect a threat completely.

If this happens, it is good to have additional security measures in place.

For example, in the case of a threat that is at a kernel-level of infection, the anti-malware software may detect the threat but may fail to remove it because it is baked into the kernel. Having the ability to detect repeated attempts to clean a detected threat is a sign that the device has a persistent infection.

Another example is when the endpoint’s installed anti-malware software fails to detect a threat. There are techniques that can be used to effectively detect these compromised devices without slowing down the system, including: scanning the running memory modules with multiple anti-malware engines or by checking for connections to suspicious IPs or URL addresses.

#3. Speed

Blocking network access during device posture assessment can create a significant loss in productivity. If the user is unable to connect, then they cannot perform their intended duties.

This issue is particularly concerning for those users that may be trying to connect to the network for the first time. If a user has not had any prior access to the network, either locally or remotely, it may take them longer to connect, especially if there are security issues with their device.

No one wants to deal with a 30-minute delay related to network connectivity issues.

There will be restrictions in the technologies you can use to determine infection and compliance state if you are looking for a solution that can quickly perform quality checks.

Fortunately, by combining your chosen NAC solution with a user-friendly enterprise device security and compliance tool, you can achieve the speed and ease-of-use needed.

#4. User Education

User education is key to keeping workplace productivity high and minimizing risk. One of the ways you can address user education is by creating preventative measures that reduce instances of blocked network access.

If a user is notified to take proactive security measures such as patching vulnerable applications, updating their installed antivirus software or properly configuring their browser security settings, they can actively fix issues that may prevent them from connecting.

Having a NAC solution in place is important if you want to keep your network and private data secure. However, remember to take a look beyond just whether a user has the required security applications installed. Take the extra step to perform a quality check – not all security applications are created equal.

You also want to make sure that the users that fail to connect to your network receive easy remediation instructions. You don’t want to have a bunch of flustered contractors and employees to deal with. Make it easy for them to fix issues and you will increase their productivity and decrease your IT support costs

As CEO, Benny Czarny oversees OPSWAT’s day-to-day-operations and leads the company’s overall business strategy. His 20 years of expertise and deep interest in the Computer and Network Security industry is evidenced by his extensive participation in creating solutions within encryption, network operations, and security vulnerabilities detection fields. His understanding of the industry can be attributed to his breadth of experience spanning roles as a programmer, team leader, and engineering manager in several companies before founding OPSWAT in 2002. Benny earned a Bachelor’s degree in Computer Science from Technion – Israel Institute of Technology.

Check out Malwarebytes CEO Marcin Kleczynski’s interview with Benny Czarny below: