【正文】 14% 16% 17% 19% 23% 24% 28% 30% 34% 37% 0% 10% 20% 30% 40%Visibility to endpoint configurationsThreat propagation detection / IDSScalability / fault toleranceReportingVisibility to endpoint threatsRedirection of users to remediation resourcesEndpoint configuration posture check (on admission)Ease of deploymentEndpoint configuration posture check (continuous/ongoing)Network infrastructure independentEase of managementPrevent infection of your endpoints by remote control,…Identitybased controlIntegration with current work infrastructureDay zero malware control% of Respondents All RespondentsAberdeen Research, 2023 14 CONFIDENTIAL Key Elements of NAC Solutions Common NAC Elements NAC is an evolving space with evolving capabilities NAC solution elements some or all ? Identify Detect authenticate new devices ? Assess Endpoint integrity checks to determine levels of risk and adherence to security policy ? Monitor Watch the device’s activity for change of assessed state with respect to policy and threat status ? Mitigate Take appropriate action upon any device that is identified as a security risk by previous three elements 16 CONFIDENTIAL Identify Find/Authenticate New Devices Question How do you know when a new device es on the work? Is it a known or unknown device? Is it an authenticated user? Common approaches ? Leverage or work infrastructure OS ? Authenticate through existing EAP infrastructure to pass credentials to authentication server ? Special purpose DHCP server ? Authentication usually web based and tied to authentication server ? Authentication proxy ? NAC solution serves as a proxy between device and authentication server ? Inline security appliances (. security switches) ? Serve as a proxy between device and authentication server ? Real time work awareness ? Authentication usually web based and tied to authentication server All approaches trigger off entry on the work by a new IP device 17 CONFIDENTIAL Identify Pros Cons of Various Approaches approach ? Pros: Device detected and authenticated prior to IP address assignment ? Cons: Often is a costly and time consuming installation ? Requires switch upgrade/reconfiguration ? Endpoints must be enabled requires supplicant software ? Must create guest/remediation VLANs DHCP approach ? Pros: Easier to deploy, independent of work infrastructure, covers both managed and unmanaged devices ? Cons: Bypassed by static IP address assignment, remediation typically to a broadcast VLAN (cross infection risk) 18 CONFIDENTIAL Identify Pros Cons of Various Approaches cont. Authentication proxy ? Pros: Good hook for checking managed devices ? Cons: Unknown devices may never authenticate, but still could have work access。 Usually not granular in quarantine server assignment。 no latency, switch integration Infrastructure Independent: All works, All devices, All OSs Zero Day protection without signatures Agentless: Easy to Deploy and Manage Quarantines without switch integration Patented technology Check on Connect PreAdmission Zero Day Threat Prevention Post Admission Policy Enforcement 43 CONFIDENTIAL Thank You 演講完畢，謝謝觀看！ 。 Can granularly block suspect traffic。Risk Management using Network Access Control and Endpoint Control for the Enterprise Kurtis E. Minder – Mirage Networks i 2 CONFIDENTIAL Agenda Drivers of NAC Key Elements of NAC Solutions ? Identify ? Assess ? Monitor ? Mitigate NAC Landscape 3 CONFIDENTIAL Business Needs Drive Security Adoption 3 Ubiquitous Security technologies ? Antivirus Business driver: File sharing ? Firewalls Business driver: Interconnecting works (. Inter) ? VPNs Business driver: Remote connectivity Today’s top security driver Mobile PCs and devices ? Broadband access is everywhere ? Increased percentage of the time devices spend on unprotected works ? Perimeter security is rendered less effective because mobile devices bypass it and aren’t protected by it Mobility of IP devices is driving the need for Network Access Control solutions ? Leading source of work infections ? More unmanaged devices on t