Firm has NAC for network protection

By Andrew R. Hickey, News Writer 24 Jan 2006 | SearchNetworking.com

News on networking, mobility and voice Digg This!     StumbleUpon     Del.icio.us

The IT department at SNL Financial used to spend countless hours manually providing patches for remote access users. If that wasn't enough, they spent even more time following up with those users in person, to make sure everything was a-ok.

All in all, a half-day a week that could've been spent doing other things was wasted. That is, until last October, when the Charlottesville, Va.-based financial information and research firm rolled out CyberGatekeeper Remote, a network access control appliance from InfoExpress.

SNL Financial doesn't mince words. The company knows that malicious attacks like worms, viruses and Trojan horses are out there. And it knows that remote users are most likely to introduce these threats to the network simply because their laptops are often used in environments other than on the corporate VPN.

For more information Read why NAC was in the spotlight at Interop Check out a story on Cisco's NAC framework

"We allow [mobile users] to take their machines into other environments … this gives us better protection and better control," said SNL's network services manager Joel Lothamer.

With SNL's off-site workforce continually growing, it is now up to about 140, and comprising nearly 30% of the company's total number of end users, Lothamer said the company needed to do something.

"We've had an increase in remote access users, and that's going to continue," he said. That increase, in addition to an increase of the company's overall business, motivated SNL to boost its protection.

The CyberGatekeeper Remote sits between the remote access point and the corporate network. It audits all networked systems continuously for policy compliance. Unqualified systems attempting to access the network are automatically blocked and redirected for remediation. The box protects SNL's network from off-site computers that could be infected, misconfigured or lack the most up-to-date security patches.

"We spent a lot of hours patching remote access systems and following up with end users in person," Lothamer said. Since the CyberGatekeeper was deployed, he has noticed a significant drop in the time spent addressing patches and follow ups. "We've seen some efficiency improvements," he said.

Having a network access control appliance in place allows SNL's IT department to centrally manage the tool, which automatically scans any remote machine trying to access the network, for the latest anti-virus software and other critical updates. If something potentially damaging is found, that user is blocked, quarantined and forced into a remediation area where necessary updates are pushed to their machine. Also, the system can be set to continue with periodic scans throughout a remote session.

According to Lothamer, a lot of the peace of mind comes from knowing that any viruses that may have been missed during manual scans will likely now be found and removed. A lot of the guesswork is eliminated.

"It's going to be there to catch any viruses we may have missed," he said. "The faster these exploits come out, [the more we are able] to have central control and to adjust to things we haven't seen yet."

Both Lothamer and SNL network engineer Mike Vosper said that there wasn't one specific incident that fueled the decision to consider the InfoExpress product. However, they are convinced that deploying it will help them avoid any potential "zero day" exploits their team is working on blocking. A zero day exploit is essentially an exploit that takes advantage of a security vulnerability the same day it becomes generally known, meaning a zero day exploit can take advantage of a vulnerability before a software patch or other fix is created.

In a statement from a press release, Lothamer said, "… with malicious attacks becoming more sophisticated and remote computers being especially vulnerable, we felt we had to take extra precautions to ensure the integrity and safety of our information network."

Because the system is automated, Lothamer said it is less labor intensive on his staff and on the end user, who may have to reboot after remediation, but that's about it.

Tags: Network Security Monitoring and Analysis,  Network Access Control,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Monitoring and Analysis Network penetration testing guide Performing a penetration test Penetration testing strategies Penetration testing methodology and standards Types of penetration tests Network security forecast 2010: Startups cash out, uber-devices step up Mobile computing security concerns lead to more IPS, SSL VPN spending Application-specific network intrusion detection systems emerge Anomaly-based intrusion protection configuration and installation How can I calculate perimeter firewall throughput? Network Access Control NAC appliance combats unwitting insider threats from infected devices How does Active Directory for Cisco ACS work? Two colleges switch to Enterasys in order to escape ACL programming Using NAC endpoint fingerprinting to inventory dumb devices What are two common devices that control outbound network access? Using NAC for smartphone security on wireless LAN Network security risks multiply when enterprises begin outsourcing Dynamic policy ensures faster, safer network for school district NAC appliance vendors: Can you depend on them? NAC integration at the endpoint

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary