SlideShare uma empresa Scribd logo

How to Overcome Network Access Control Limitations for Better Network Security

Transferir como PPTX, PDF
Cryptzone
Cryptzone

The document summarizes the limitations of Network Access Control (NAC) solutions for securing networks and controlling access in modern IT environments where resources are distributed. It argues that a Software-Defined Perimeter (SDP) model provides better security by establishing encrypted, individual connections between each user and only the specific applications and resources they are authorized to access, rather than relying on trust-based access inside the network perimeter. Key benefits of SDP include zero-trust authentication, dynamic identity-based policies, encryption of all traffic, simplicity, and consistency across cloud and hybrid environments.

Tecnologia
1 de 49
How to Overcome NAC Limitations Why a Software-Defined Perimeter delivers better network security for today’s enterprises
Enterprise technology has changed. DYNAMICSTATIC IDENTITY CENTRIC NETWORK CENTRIC SOFTWAREHARDWARE INTERCONNECTEDISOLATED
Work habits have changed. Home Mobile Contractors Third-party partners
The network perimeter has dissolved. Enterprise resources – applications, databases, and infrastructure – are increasingly outside the perimeter. And people are constantly working outside the perimeter.
Network security must change to keep up with enterprise technology and work habits.
There’s a fundamental shift in network security happening right now.
The philosophical difference is centered around trust: Network Access Control (NAC) Trusts Users Inherently Software-Defined Perimeter (SDP) Trusts No One
Do you trust users completely? NAC solutions are designed to work inside the perimeter, a trust-based model...
It's impossible to identify trusted interfaces 1 The mantra "trust but verify" is inadequate 2 Malicious insiders are often in positions of trust 3 Trust doesn't apply to packets 4 …a model that Forrester says is broken for these reasons Read: Forrester, No More Chewy Centers: The Zero Trust Model Of Information Security
Or are no users trusted? Abolishing the idea of a trusted network inside (or outside) the corporate perimeter. Instead opting for a Software-Defined Perimeter where…
…there is zero trust.
NAC was designed to work inside the perimeter. Build a perimeter around the internal network, verify who users say they are, and once in the door users gain full access to the network or at least a large portion of the network.
In this changing world, NAC falls short For SEVEN reasons
NAC doesn't extend to cloud1 So enterprises need another security solution for the cloud. And that adds another layer of network security. NAC
NAC relies on VLANs, which are complicated to manage2 Defining VLAN segments – Creating can be easy…keeping them relative and accurate as your environment changes is the real challenge. So most enterprises only have a limited number of VLAN segments defined.
NAC doesn’t encrypt traffic.3 If social networks can encrypt traffic, why not corporate networks? WhatsApp SnapchatFacebook Messenger Telegram
NAC isn’t fine-grained4 It can’t provide fine-grained control of the network resources users can access. Instead, NAC relies on existing (and separately managed) network segments, firewalls and VLANs.
– requiring yet another set of policies to manage. NAC’s remote user support is non-existent5 Remote users need yet another solution – like a VPN
NAC struggles to support the agile enterprise6 NAC causes management issues because it’s not agile or dynamic – it’s static. It’s complex for the security team to add firewall rules for thousands of workers and their many devices.
It doesn’t check specific attributes such as location, anti-virus or device posture or broader system attributes such as an alert status within a SIEM. NAC doesn’t provide deep, multi- faceted, context-aware access control7
A Software-Defined Perimeter eliminates these limitations
A Software-Defined Perimeter is a new network security model that dynamically creates 1:1 network connections between users and the data they access. Read: Why a Software-Defined Perimeter
A Software- Defined Perimeter has MAIN BENEFITS
The Zero-Trust model 1 An “Authenticate first - Connect second” approach Everything on the network is invisible, until authorization is granted and access is then only allowed to a specific application.
for policy compliance. 2 Identity-centric (not IP-based) access control Know exactly who accessed what for how long the context of the device when they connected
3 Encrypted Segment of One Individualized perimeters for each user and each user-session – a Segment of One. All the other services that exist on the network are invisible to the user. Once a user obtains their entitlements, all network traffic to the protected network is encrypted.
As new server instances are created, users are granted or denied access appropriately and automatically. As context changes (time, location, device hygiene, etc.) dynamic access policies provide continuous and immediate security. 4 Dynamic policy management
5 Simplicity Much simpler – and dramatically fewer – firewall and security group rules to maintain.
Consider the people and time spent collecting, consolidating, and making sense of access logs. Organizations have reduced this by up to 90% when using a Software-Defined Perimeter. A Software-Defined Perimeter offers: • Auditable, uniform policy enforcement across hybrid systems. • Dramatically reduced audit- preparation time: no need to correlate IP addresses to users. 6 Compliance
Consistent access policies across 7 Consistency On-premises In the cloud Hybrid environments
Would you like to know more? Watch the video SDP to prevent malicious insiders, over-privileged users and compromised third-party access Get a demo Let us show you how an SDP can work for your organization
Let’s put NAC vs. SDP to the test… Consider port scanning.
A tester uses credentials to connect to the network Do a simple port scan to see how many services it finds: • On the internal network? • On Wi-Fi? • On other organization’s services? *If using a hosting provider.
The tester would see every single network port and service available for every server that’s in that VLAN. That could be thousands and thousands of resources. Port-scan test with NAC
Port-scan test with a Software-Defined Perimeter The tester would authenticate first, connect second. The only ports the tester would see are the ones he has explicit rights to through his digital identity. Everything else would be completely invisible.
(we’ll need to get techie for a bit) Here’s why
SDP Architecture 37 Protected Applications SDP Controller SDP Gateway (Accepting Host) SDP Client (Initiating host) PKI Identity Management Policy Model The SDP controller is the authentication point, containing user access policies
SDP Architecture Protected Applications SDP Controller SDP Gateway (Accepting Host) SDP Client (Initiating host) PKI Identity Management Policy Model Controller is the authentication point, containing user access policies Clients are securely onboarded
SDP Architecture 39 Protected Applications SDP Controller SDP Gateway (Accepting Host) SDP Client (Initiating host) PKI Identity Management Policy Model Controller is the authentication point, containing user access policies Clients are securely onboarded All connections are based on mutual TLS connectivity
SDP Architecture 40 Protected Applications SDP Controller SDP Gateway (Accepting Host) SDP Client (Initiating host) PKI Identity Management Policy Model Controller is the authentication point, containing user access policies Clients are securely onboarded All connections based on mutual TLS connectivity Traffic is securely tunneled from Client through Gateway
An SDP stops people like this from abusing your network Negligent Insiders Malicious Insiders Compromised Insiders Cyber Criminals Advanced Persistent Threat (APT) Agents State Sponsored Actors Compromised Third Party Users Over-privileged / Super-privileged Users
Helping to Prevent These Type of Attacks Server Exploitation Credential Theft Connection Hijacking Compromised Devices Phishing DDoS Insider Threats Malware Man in the Middle
Software-Defined Perimeter sounds great… But what if a NAC is already in place?
NAC and SDP CAN Coexist Enterprises with existing NACs • Can deploy SDP without replacing NAC. • Get the benefit of an SDP solution without a rip and replace program. Enterprises without NACs • Should consider SDP as a simpler alternative. • There’s no compelling reason to deploy a new NAC solution because SDP offers better security, removes complexity, enforces uniform compliance, lowers cost of ownership.
uncompromised network security and compliance A Software-Defined Perimeter delivers across hybrid environments
Industry experts agree Legacy, perimeter-based security models are ineffective against attacks. Security and risk pros must make security ubiquitous throughout the ecosystem.” “ Through the end of 2017, at least 10% of enterprise organizations (up from less than 1% today) will leverage software-defined perimeter technology… by 2021, 60% of enterprises will phase out network VPNs for digital business communications in favor of software-defined perimeters, up from less than 1% in 2016” SDP enables organizations to provide people-centric, manageable, secure and agile access to networked systems.” “ “
Cryptzone delivers the market leading Software-Defined Perimeter: AppGate
Learn more about AppGate Network Access Control vs. Software-Defined Perimeter – or both? WEBINAR The Zero Trust Model of Information Security WHITEPAPER Forrester Report No More Chewy Centers: AppGate VIDEO Network Security is Changing See How AppGate Works
FREE TRIAL | START NOW Email: info@cryptzone.com Twitter: @Cryptzone LinkedIn: linkedin.com/company/cryptzone GET IN TOUCH Get access to a 15-day free trial on AWS marketplace. Want to know more? www.cryptzone.com

Recomendados

AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Government Technology & Services Coalition
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0 Shamun Mahmud
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trustZscaler
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 

Recomendados

AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Government Technology & Services Coalition
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0 Shamun Mahmud
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trustZscaler
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforcePerimeter 81
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseBeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseIvan Dwyer
 
How VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at RiskHow VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at RiskCyxtera Technologies
 
Cloud Access Security Brokers
Cloud Access Security BrokersCloud Access Security Brokers
Cloud Access Security BrokersAbhishek Tripathi
 
Take It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitectureTake It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitecturePriyanka Aash
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesPriyanka Aash
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)Robb Boyd
 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler
 
BeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapBeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapIvan Dwyer
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsZscaler
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Zscaler
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Zscaler
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly servicesZscaler
 
Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) rkulandaivel
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network SecurityInformation Technology
 

Mais conteúdo relacionado

Mais procurados

The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforcePerimeter 81
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseBeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseIvan Dwyer
 
How VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at RiskHow VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at RiskCyxtera Technologies
 
Cloud Access Security Brokers
Cloud Access Security BrokersCloud Access Security Brokers
Cloud Access Security BrokersAbhishek Tripathi
 
Take It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitectureTake It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitecturePriyanka Aash
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesPriyanka Aash
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)Robb Boyd
 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler
 
BeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapBeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapIvan Dwyer
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsZscaler
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Zscaler
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Zscaler
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly servicesZscaler
 
Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) rkulandaivel
 

Mais procurados (20)

The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined Perimeter
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without Firewalls
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseBeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone Else
 
How VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at RiskHow VPNs and Firewalls Put Your Organization at Risk
How VPNs and Firewalls Put Your Organization at Risk
 
Cloud Access Security Brokers
Cloud Access Security BrokersCloud Access Security Brokers
Cloud Access Security Brokers
 
Take It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitectureTake It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security Architecture
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security Architectures
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacks
 
BeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapBeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence Gap
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero Trust
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly services
 
Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB)
 

Destaque

Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecturebabak danyal
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security ApplicationsHatem Mahmoud
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
Extract Network and System resource for analysis of Network Security Modeling
Extract Network and System resource for analysis of Network Security ModelingExtract Network and System resource for analysis of Network Security Modeling
Extract Network and System resource for analysis of Network Security ModelingDhiraj Gajurel
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationamiable_indian
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
The embedded researcher
The embedded researcherThe embedded researcher
The embedded researcherAmy Silvers
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information SecurityAjay Dhamija
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Slideshare Powerpoint presentation
Slideshare Powerpoint presentationSlideshare Powerpoint presentation
Slideshare Powerpoint presentationelliehood
 

Destaque (19)

Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Security
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
Network security
Network securityNetwork security
Network security
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
Extract Network and System resource for analysis of Network Security Modeling
Extract Network and System resource for analysis of Network Security ModelingExtract Network and System resource for analysis of Network Security Modeling
Extract Network and System resource for analysis of Network Security Modeling
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Kerberos
KerberosKerberos
Kerberos
 
Network Security
Network SecurityNetwork Security
Network Security
 
The embedded researcher
The embedded researcherThe embedded researcher
The embedded researcher
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Slideshare Powerpoint presentation
Slideshare Powerpoint presentationSlideshare Powerpoint presentation
Slideshare Powerpoint presentation
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 

Semelhante a How to Overcome Network Access Control Limitations for Better Network Security

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxTrongMinhHoang1
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessMoving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessEnterprise Management Associates
 
SAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero TrustSAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero TrustInstaSafe Technologies
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxcockekeshia
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxkkhhusshi
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
What Comes After VPN?
What Comes After VPN?What Comes After VPN?
What Comes After VPN?Zscaler
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoCristian Garcia G.
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxgriffinruthie22
 

Semelhante a How to Overcome Network Access Control Limitations for Better Network Security (20)

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance Strategy
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
 
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessMoving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
 
SAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero TrustSAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero Trust
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptx
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
What Comes After VPN?
What Comes After VPN?What Comes After VPN?
What Comes After VPN?
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
 

Último

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Último (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

How to Overcome Network Access Control Limitations for Better Network Security

  • 1. How to Overcome NAC Limitations Why a Software-Defined Perimeter delivers better network security for today’s enterprises
  • 2. Enterprise technology has changed. DYNAMICSTATIC IDENTITY CENTRIC NETWORK CENTRIC SOFTWAREHARDWARE INTERCONNECTEDISOLATED
  • 3. Work habits have changed. Home Mobile Contractors Third-party partners
  • 4. The network perimeter has dissolved. Enterprise resources – applications, databases, and infrastructure – are increasingly outside the perimeter. And people are constantly working outside the perimeter.
  • 5. Network security must change to keep up with enterprise technology and work habits.
  • 6. There’s a fundamental shift in network security happening right now.
  • 7. The philosophical difference is centered around trust: Network Access Control (NAC) Trusts Users Inherently Software-Defined Perimeter (SDP) Trusts No One
  • 8. Do you trust users completely? NAC solutions are designed to work inside the perimeter, a trust-based model...
  • 9. It's impossible to identify trusted interfaces 1 The mantra "trust but verify" is inadequate 2 Malicious insiders are often in positions of trust 3 Trust doesn't apply to packets 4 …a model that Forrester says is broken for these reasons Read: Forrester, No More Chewy Centers: The Zero Trust Model Of Information Security
  • 10. Or are no users trusted? Abolishing the idea of a trusted network inside (or outside) the corporate perimeter. Instead opting for a Software-Defined Perimeter where…
  • 12. NAC was designed to work inside the perimeter. Build a perimeter around the internal network, verify who users say they are, and once in the door users gain full access to the network or at least a large portion of the network.
  • 13. In this changing world, NAC falls short For SEVEN reasons
  • 14. NAC doesn't extend to cloud1 So enterprises need another security solution for the cloud. And that adds another layer of network security. NAC
  • 15. NAC relies on VLANs, which are complicated to manage2 Defining VLAN segments – Creating can be easy…keeping them relative and accurate as your environment changes is the real challenge. So most enterprises only have a limited number of VLAN segments defined.
  • 16. NAC doesn’t encrypt traffic.3 If social networks can encrypt traffic, why not corporate networks? WhatsApp SnapchatFacebook Messenger Telegram
  • 17. NAC isn’t fine-grained4 It can’t provide fine-grained control of the network resources users can access. Instead, NAC relies on existing (and separately managed) network segments, firewalls and VLANs.
  • 18. – requiring yet another set of policies to manage. NAC’s remote user support is non-existent5 Remote users need yet another solution – like a VPN
  • 19. NAC struggles to support the agile enterprise6 NAC causes management issues because it’s not agile or dynamic – it’s static. It’s complex for the security team to add firewall rules for thousands of workers and their many devices.
  • 20. It doesn’t check specific attributes such as location, anti-virus or device posture or broader system attributes such as an alert status within a SIEM. NAC doesn’t provide deep, multi- faceted, context-aware access control7
  • 22. A Software-Defined Perimeter is a new network security model that dynamically creates 1:1 network connections between users and the data they access. Read: Why a Software-Defined Perimeter
  • 24. The Zero-Trust model 1 An “Authenticate first - Connect second” approach Everything on the network is invisible, until authorization is granted and access is then only allowed to a specific application.
  • 25. for policy compliance. 2 Identity-centric (not IP-based) access control Know exactly who accessed what for how long the context of the device when they connected
  • 26. 3 Encrypted Segment of One Individualized perimeters for each user and each user-session – a Segment of One. All the other services that exist on the network are invisible to the user. Once a user obtains their entitlements, all network traffic to the protected network is encrypted.
  • 27. As new server instances are created, users are granted or denied access appropriately and automatically. As context changes (time, location, device hygiene, etc.) dynamic access policies provide continuous and immediate security. 4 Dynamic policy management
  • 28. 5 Simplicity Much simpler – and dramatically fewer – firewall and security group rules to maintain.
  • 29. Consider the people and time spent collecting, consolidating, and making sense of access logs. Organizations have reduced this by up to 90% when using a Software-Defined Perimeter. A Software-Defined Perimeter offers: • Auditable, uniform policy enforcement across hybrid systems. • Dramatically reduced audit- preparation time: no need to correlate IP addresses to users. 6 Compliance
  • 30. Consistent access policies across 7 Consistency On-premises In the cloud Hybrid environments
  • 31. Would you like to know more? Watch the video SDP to prevent malicious insiders, over-privileged users and compromised third-party access Get a demo Let us show you how an SDP can work for your organization
  • 32. Let’s put NAC vs. SDP to the test… Consider port scanning.
  • 33. A tester uses credentials to connect to the network Do a simple port scan to see how many services it finds: • On the internal network? • On Wi-Fi? • On other organization’s services? *If using a hosting provider.
  • 34. The tester would see every single network port and service available for every server that’s in that VLAN. That could be thousands and thousands of resources. Port-scan test with NAC
  • 35. Port-scan test with a Software-Defined Perimeter The tester would authenticate first, connect second. The only ports the tester would see are the ones he has explicit rights to through his digital identity. Everything else would be completely invisible.
  • 36. (we’ll need to get techie for a bit) Here’s why
  • 37. SDP Architecture 37 Protected Applications SDP Controller SDP Gateway (Accepting Host) SDP Client (Initiating host) PKI Identity Management Policy Model The SDP controller is the authentication point, containing user access policies
  • 38. SDP Architecture Protected Applications SDP Controller SDP Gateway (Accepting Host) SDP Client (Initiating host) PKI Identity Management Policy Model Controller is the authentication point, containing user access policies Clients are securely onboarded
  • 39. SDP Architecture 39 Protected Applications SDP Controller SDP Gateway (Accepting Host) SDP Client (Initiating host) PKI Identity Management Policy Model Controller is the authentication point, containing user access policies Clients are securely onboarded All connections are based on mutual TLS connectivity
  • 40. SDP Architecture 40 Protected Applications SDP Controller SDP Gateway (Accepting Host) SDP Client (Initiating host) PKI Identity Management Policy Model Controller is the authentication point, containing user access policies Clients are securely onboarded All connections based on mutual TLS connectivity Traffic is securely tunneled from Client through Gateway
  • 41. An SDP stops people like this from abusing your network Negligent Insiders Malicious Insiders Compromised Insiders Cyber Criminals Advanced Persistent Threat (APT) Agents State Sponsored Actors Compromised Third Party Users Over-privileged / Super-privileged Users
  • 42. Helping to Prevent These Type of Attacks Server Exploitation Credential Theft Connection Hijacking Compromised Devices Phishing DDoS Insider Threats Malware Man in the Middle
  • 43. Software-Defined Perimeter sounds great… But what if a NAC is already in place?
  • 44. NAC and SDP CAN Coexist Enterprises with existing NACs • Can deploy SDP without replacing NAC. • Get the benefit of an SDP solution without a rip and replace program. Enterprises without NACs • Should consider SDP as a simpler alternative. • There’s no compelling reason to deploy a new NAC solution because SDP offers better security, removes complexity, enforces uniform compliance, lowers cost of ownership.
  • 45. uncompromised network security and compliance A Software-Defined Perimeter delivers across hybrid environments
  • 46. Industry experts agree Legacy, perimeter-based security models are ineffective against attacks. Security and risk pros must make security ubiquitous throughout the ecosystem.” “ Through the end of 2017, at least 10% of enterprise organizations (up from less than 1% today) will leverage software-defined perimeter technology… by 2021, 60% of enterprises will phase out network VPNs for digital business communications in favor of software-defined perimeters, up from less than 1% in 2016” SDP enables organizations to provide people-centric, manageable, secure and agile access to networked systems.” “ “
  • 47. Cryptzone delivers the market leading Software-Defined Perimeter: AppGate
  • 48. Learn more about AppGate Network Access Control vs. Software-Defined Perimeter – or both? WEBINAR The Zero Trust Model of Information Security WHITEPAPER Forrester Report No More Chewy Centers: AppGate VIDEO Network Security is Changing See How AppGate Works
  • 49. FREE TRIAL | START NOW Email: info@cryptzone.com Twitter: @Cryptzone LinkedIn: linkedin.com/company/cryptzone GET IN TOUCH Get access to a 15-day free trial on AWS marketplace. Want to know more? www.cryptzone.com