Finding the NAC of effective network IT security

In today’s highly business world, the need for quick and smooth and above all secure access to information is vital. Media firm OMD turned to network access control (NAC) technology to address these issues.

Many companies are poor at practising what they preach. Communications and media firms have grasped this nettle and with so many of their staff travelling at any given time, the need for quick and smooth information flow to central offices is vital. Essentially, not being able to communicate effectively to dispersed staff can mean the difference between success and failure in the highly competitive media business world.

That you would think is a business driver that would prompt firms to make sure that as many of their staff, no matter where they where, no matter what systems that they had, could access the company’s data assets as effectively as possible. And indeed it has for many, but in communicating effectively, access is not the whole story: access has to be reliable, prompt and above all secure.

These points have definitely been grasped by OMD, a division of Omnicom Group, a holding company that manages a portfolio of companies operating in advertising, marketing services, specialty communications, interactive/digital media and media buying services. Headquartered in New York, the firm has more than 140 offices in 80 countries.

Kenneth Corriveau, CIO of Omnicom Media Group, says that providing IT services for such disparate staff presents a number of challenges. He sums up the key issues at stake, “We have a lot of people who travel, especially service teams who may be at clients and who med information for [their jobs] such as presentations etc. They are all at different points in our enterprise. [The question is]: how can we protect the enterprise and balance the needs of the travelling [staff]?”

These needs can be complicated. Not so much in how and what staff want to access, but due to the fact that not everybody’s needs are the same. OMD would not have been able to empower its travelling staff effectively if it simply enforced blanket access control from on the road. There had to be exceptions for some staff, at some times and under some circumstances, to gain access when other colleagues could not enjoy such privileges.

Also from a control point of view, OMD also wanted to be able to lock down the network to those users who had somehow triggered off the anti-virus mechanism whilst keeping open access to those who hadn’t. Corriveau also wanted to have something that could cope with zero day attacks in addition to known viruses for which traditional anti-virus systems had signatures for. In addition there were also compliance regulations to adhere to.

Corriveau remembers the process of finding technology that would provide comprehensive protection against both internal and external threats and address the firm’s unique challenges. “There were heated discussions to find this balance. [we had to] see what’s out there and solve [the problem],” he recalls. After assessing a number of types of products, OMD settled on the CounterACT tailored network access control (NAC) solution and an ActiveScout intrusion prevention system from ForeScout Technologies.

Given the distributed nature of OMD's business, NAC seemed something of a necessity. Such technology would allow rules-based access control providing the degrees of access that OMD demanded. Says Corriveau, “we found NAC to be a very innovative solution from a technological standpoint and easy to implement.” 

CounterACT is clientless, a capability that Corriveau says added to this wish for easy deployment and it also offered business advantages. He explains, “It scans every single device that touches the network, and it doesn't disrupt our business. Users don't even know their devices are being protected, it's that transparent; and they're able to spend their time being productive rather than waiting for network access.”

Like with every implementation of security, or any network technology, there were some teething problems. In the early days there were issues in developing work outs to make sure that the rules applied were not blocking out users. That said, Corriveau is happy with the solution. He says, “[Since] we have been using ActiveScout…we haven't had a zero-day virus or worm problem since we installed it. We've caught everything before it could become an issue. We've since deployed CounterACT appliances to extend that protection to defend against internal sources as well as external threats. "

OMD has also enjoyed unexpected benefits beyond protecting threat protection and ensuring only compliant devices access its network. For example, the company is able to see when certain applications are not working properly because of the type of activity sensed by the NAC solution. An application that is improperly configured on someone's desktop computer will trigger a CounterACT alert and OMD can rectify the issue and make sure every application is performing correctly.

Corriveau expresses satisfaction that ForeScout gives OMD the service attention that it needs and he has a wish that users are better educated as to what the network can and can’t (or won’t) do. There’s a good rationale, he reasons, “It’s important that end users are given better education. Better communication means that users will work better.”

After effectively proving the NAC concept in the US, OMD will roll out CounterACT appliances throughout its international network. The further roll out will add new challenges, as it will enable users to upload video to the network. This is a business requirement and Corriveau believes the NAC is ready to plug any holes that uploading such content may present.



Read more on Network software