Next-Gen NAC to secure WFH Environments
The term “new normal” is mentioned very frequently these days in many different capacities. Most often, in IT circles, it is a reference to the massive increase in WFH policies being implemented by companies of all shapes and sizes. With major companies leading the way, many other companies that were being dragged into the 21st century concept of a remote workforce are now leaping in that direction on their own.
Accordingly, this has brought much focus on securing remote worker connections to legacy on-premise data centers as well as protecting cloud hosted resources and applications. However, with a shift this large in scale and with at least some indication of it being permanent for many, we should be open to revisiting how we view our “home” networks. These are no longer our home networks – these are now our office networks. And while the focus on securing connections to our company’s legacy and cloud networks is crucial, more focus needs to be shined on our new “home premise” networks.
Out of sight, Out of Mind
With the home network now becoming a premise network for workers, the state of and security of the “home premise” network should be considered. For the last several years, we have seen article after article on lateral threats within corporate networks. Other articles often make the point that the era of perimeter security with a firewall is over and we now need to protect networks from the inside, from internal threats. With workers no longer in the office, why would this concept change? That answer is simple, it does not. Lateral threats on the home premise network, where many workers now permanently reside, can be problematic.
What about that home router? Is it being compromised? How about that printer? Is HTTP, one of the most commonly exploited ports in history, enabled by default? And what about your webcam? Does it have vulnerabilities that are not patched? And this does not even begin to take into consideration other IoT devices such as TVs, refrigerators, doorbells or even lightbulbs. If you think your typical corporate network had security concerns from the inside, it pales in comparison to the average home network. So, I submit to all my friends in Cybersecurity, the threats that can move laterally within our new “home premise” networks, where many of us now work from day in and day out, are in fact real and should be taken seriously.
Out of Sight, Out of Control
Less Touch, Better Result
So how does Genian NAC solve this problem? By leveraging Cloud-Managed visibility and policies, Virtual Network Sensor capabilities and an optional Agent, a “home premise” network can easily be monitored, either centrally or even by employees themselves. The option of empowering employees to monitor and secure their own “home premise” network not only ensures internal/lateral threats can be identified, but also provides a safer home computing environment in general while at the same time addressing privacy concerns. Genian NAC also leverages Device Platform Intelligence which does not require any integration with network infrastructure and provides Visibility 2.0 (EOS/EOL, CVE, Contextual Risk) for all devices connected to the network.
Follow these three simple steps on any network to see an example of how Genian NAC can address some of the challenges discussed above.
Step 1: Deploy a Cloud-Managed Policy Server
Step 2: Option 1 – Deploy a Virtual Network Sensor on VM Workstation
Step 2: Option 2 – Deploy a Network Sensor using the Agent
In this video example, an Agent can be easily deployed (without Active Directory GPO or SCCM) to a Windows machine and using a Sensor Plug-In, the Windows machine itself can act as a Network Sensor, detecting all IP-enabled devices and reporting them to the Policy Server.
Step 3 – Secure Your “Home Premise” Network
Seeing is Believing
Brett is a Cisco CCNP and has over 25 years of experience in networking. During the last 15 years he has specialized as an SME in Designing and Deploying Network Access Control solutions. Prior to focusing on NAC, Brett served as a Cryptologic Technician in the U.S. Navy as well as providing network consulting services such as Enterprise-scale WAN projects for financial institutions and data center BGP connectivity to Service Providers.