Network security: get a complete view of your network
By Ofir Arkin and Ray Binnion
What's on your network?
This is a simple question but most IT managers cannot give an
accurate answer.
Almost any device with an RJ-45 socket can be connected to most
enterprise networks without the knowledge of IT staff. As a result,
rogue devices often operate freely on the network. Anecdotes of
employees who connected
unauthorised wireless access points to "ease their workload"
are far too common.
If they stay undetected and uncontrolled, these devices expose
the enterprise to ongoing risk. They threaten network security and
the stability of business operations.
At the same time, many legitimate devices that belong to the
enterprise are invisible to IT staff. Known limitations in
traditional network management tools prevent them from identifying
firewalled devices, virtual machines and those devices not
connected to the network at the time of a scan.
The 451 Group estimates that existing approaches to asset
inventory tracking and network discovery may detect only 55-75% of
devices. Our experience teaches us that most enterprises have
20-50% more devices running on their networks than their IT team
knows of.
A combination of ineffective tools and frequently stretched
resources leave most IT teams unable to maintain an accurate asset
inventory or accurately document the devices operating on their
networks. Despite this, they have a responsibility for management
and security.
Any IT initiative that cannot see the entire network fails to
deliver value or to meet its intended objectives. Take, for
example,
network access control (NAC). In a report on the NAC market,
the 451 Group warned that a NAC deployment covering only the 70-80%
of devices that happen to be Windows PCs, but does not extend to
every connected device, is inviting problems.
Logically, the first step in the process of deploying NAC (or
undertaking any other IT project) is to audit the network. By
identifying and profiling all devices connected to the network, IT
planners can pinpoint non-compliant, unmanaged and rogue devices
even before activating NAC.
In addition, maintaining a live view of the entire inventory of
network assets enables NAC to operate in real-time and to apply to
the complete infrastructure.
Conversely, if NAC does not know about every device on the
network, the implementation will fail to stop rogue elements from
operating on the network and the enterprise will remain vulnerable
to compromise.
There are many other examples of IT initiatives that require
complete visibility and knowledge of the network to be effective.
Patch management, regulatory compliance, intrusion prevention,
software licence control and migration of operating systems all
need to take account of every network asset. In addition, IT help
desk operations rely on this information being complete and current
in order to deliver an efficient service.
Back to our original question what's on your network? IT
managers who can answer this question accurately are
well-positioned to manage and secure their networks
effectively.
Ofir Arkin is the founder and CTO of Insightix. Ray Binnion is
the non-Executive Chairman of Defend-IT Ltd.