Genian Next-Gen NAC enhances the capabilities of existing threat detection and monitoring systems such as SIEM (Security Information and Event Management) and SOAR (Security, Orchestration, Automation and Response). Increased visibility and surveillance, real-time quarantine options and multiple options for notifications through external systems ensures SecOps Teams are able to maximize the effectiveness of existing Cybersecurity ecosystems. Examples of Genian NAC integrations providing these capabilities include the Seceon aiSIEM and Infoblox DDI.
While SIEMs are able to ingest and consolidate alerts from a multitude of sources, providing a single pane of glass for security alerts, SOAR solutions automate response to the massive number of alerts generated. Within the SOAR space, IBM is among the leaders with IBM Resilient. Resilient has over 160 integration applications available in the IBM AppExchange. Applications allow IBM Resilient to interact with external systems for a variety of functions which are not provided natively within Resilient.
Leveraging the power of Device Platform Intelligence (DPI), Genian NAC provides Visibility 2.0. Legacy device fingerprinting is outdated and insufficient for BYOD, IoT and OT environments. With DPI, information provided goes beyond basic device category (PC, phone, printer, etc). Information such as an actual image of the device, EOL/EOS, CVE and business risk are included. This level of granularity and context allows for more specific decisions when applying NAC Policy rules to nodes identified as a threat by Resilient.
Real-Time Layer 2 Quarantine
Identifying threats and automating actions to external systems through applications is a core function of IBM Resilient. However, the external system performing the action is where the true quarantine capability comes into play. The architecture of that system will determine how effective the quarantine is, as well as how difficult it is to implement. When Resilient detects a threat, an API call is made to Genian NAC to dynamically assign a Tag to the network node. The software-defined tag can restrict access or quarantine the node. This takes place in real-time using Genian NAC ARP Enforcement. With no reliance on network infrastructure, it is truly vendor agnostic and can be rapidly deployed, unlike legacy NAC enforcement models.
For details regarding the Genian NAC / IBM Resilient integration, refer to the IBM App Exchange listing for Genian NAC.
Notification Options for Enhanced Collaboration
With the number of systems deployed and managed by the average SecOps team, effective and granular notifications are critical. Since the Genian Next-Gen NAC integration with IBM Resilient is automated, alerts are informational more so than actionable because nodes presenting threats have already been quarantined in real-time. Typical email notifications may not be sufficient to effectively track and manage the threat landscape in today’s remote and highly collaborative work model. Integration with collaboration systems such as Slack, Teams, ServiceNow, etc provides a better avenue for communication. Using Genian NAC’s Slack integration as an example, SecOps can direct alerts via Webhook to a specific Slack channel. The team could designate an Resilient-GenianNAC-Remediated channel to track these notifications or enable any of the additional notification options available such as Email, SMS, Syslog, etc.
When comparing IBM Resilient applications to maximize your organization’s SOAR investment, Genian Next-Gen NAC stands out as a rapid deployment option that is both cloud managed as well as truly vendor neutral. Virtual Network Sensors are a key component to ensure that Genian NAC can easily monitor and enforce in any network environment, making the prerequisite checklist for IBM Resilient integration a short one.