This is not “one or the other.” You should leverage all!
When it comes to segmentation, Genians’ network sensor is able to illuminate entire networks, including wired, wireless, virtual, and Cloud by capturing various attributes of all connecting devices. These attributes include device fingerprinting data, business context information such as End of Life (EoL), End of Support (EoS), and risk-related data such as Common Vulnerability Exposure (CVE) along with industry-relevant news. Moreover, such attributes can be tagged according to generic device categories and correlated to more accurately identify any connected devices platform information. Attributes are therefore the key elements neededto precisely identify what it is, who is using it, where they are coming from and to, and how they are being securely connected.
Most importantly,this comprehensive approach helps segment networks logically and with as much granularity as possible since Genians provides over 500 conditions along with specific attributes. Once you deploy this segmented network, you can achieve better policy enforcement against any non-compliant, unknown, or rogue devices using ARP security and other approaches like 802.1x, Switch Port control, SSID, and Agent-based actions. For 16 years now, Genians has provided layer 2 / sensor-based Network Access Control (NAC) solutions. As these do not require any network configuration changes or upgrades whenever the network environment is changed, many customers have chosen this option as their primary method for network visibility and policy enforcement.
- Pros: Fast deployment, no downtime, no disruption. Solution covers all campus network, various types of remote sites, and secures all traffic; north-south and east-west, as well as public and private Cloud.
- Cons: Each network segment requires a network sensor.
For Gateway-based microsegmentation, Genians simply expands the concept of its network sensor from the network layer (L3) to the application layer (L7) in order to secure all access no matter its source. Genians therebysecures access to remote sites as well as applications in distributed environments. In the same network, one has the option to isolate a node trying to communicate with any other nodes, so all traffic can be confidently secured.
- Pros: A single point control by monitoring all traffic.
- Cons: High Availablity (HA) is required to avoid a single point of failure for network traffic.
Agent (Host)-based Microsegmentation
In this case, Genians’ Agent can collect all installed software and hardware asset information from endpoint devices toenrich the attributes of connected devices. The agent can also control native firewall capabilities to support centrally managed firewall-based polices. This approach further supports ZTNA Anywhere and enhanced VPN capabilities.
- Pros: It will automatically establish the most secure connection by leveraging the concept of Always-on ZTNA. Without the agent, devices are not able to gain network access.
- Cons: Major endpoint devices like Windows, macOS, and Linux require an agent to be installed. IoT devices cannot be supported.