Closing IT security gaps with Network Access Control


By: Eve-Marie Lanza, Senior Security Solutions Marketing Manager, HPE Aruba Networking.

IT security gaps caused by lack of visibility and control into user and device activities persist for many organizations, according to a report recently released by security research firm Ponemon Institute.

In the report sponsored by Hewlett Packard Enterprise, The 2023 Global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud, 67% of respondents indicated that identifying and authenticating IoT devices accessing their network is critical to their organizations’ security strategy. Yet nearly the same number of respondents (63%) said their security teams lack visibility and control into all the activity of every device connected to their IT infrastructure.

iot nac1 Aruba

Over 60% of security professionals agreed that securing IoT devices is critical to their organization’s security strategy; a similar amount acknowledged a persistent lack of visibility and control.

Network access control, IoT, and Zero Trust Security

Network access control (NAC) solutions enable IT to limit what users and devices can access on the network. NAC plays an important part in delivering least-privilege access to resources that is foundational to Zero Trust Security solutions.

Because NAC solutions ensure that only users and devices with proper permissions can access resources, they are fundamental in a variety of use cases, including BYOD and guest access. Some NAC solutions can also identify subjects suspected of compromise and quarantine or block access pending further investigation, which can prevent the spread of attacks.

Analysts estimate that over 15 billion devices will be connected to enterprise infrastructure by 2029.[i] The growing number of IoT devices connected to enterprise networks represents a significant expansion of the attack surface. Exacerbating the issue, IoT devices are often installed and managed by lines of business other than IT, contributing to lack of visibility. 80% of IT organizations have reportedly found IoT devices on their networks they did not install or secure.[ii]

IoT: A primary driver in network access control adoption

Closing gaps in IoT security is a concern for networking and security leaders as IoT adoption increases. NAC solutions are helping fill gaps in IoT visibility and access management.

The Ponemon Institute study revealed that respondents’ usage of NAC in support of IoT has increased significantly, from 12% of respondents in 2021 to 45% in this year’s research.

iot nac2 Aruba

Deployment of NAC solutions for IoT has dramatically increased, from 12% in 2021 to 45% in 2023.

“NAC is not simply answering the binary question of, ‘Do you belong on the network—yes or no?’ Rather, it’s supporting what a user or device needs to do on the network to get their job done, making sure they’re only doing those things, and raising an alert if they’re doing something else,” said Jon Green, Chief Security Officer for HPE Aruba Networking at Hewlett Packard Enterprise, in a recent webinar, Addressing Cybersecurity Gaps from Edge to Cloud. (Watch the webinar on demand.)

Green illustrated this concept with a real-world use case of NAC for IoT: “With NAC, you can let the TV screen on the network and monitor its behavior. If it starts doing some unusual activity for a TV screen—like port scanning the data center or ERP system—the NAC solution can stop that activity and raise a security incident for the SOC to investigate and probably find that TV is infected with malware.”

Network access control linked to security effectiveness

The Ponemon study offered additional insights pertaining to respondents with fewer security breaches in the past 12 months than other respondents. Ponemon analyzed what these high-performing organizations are doing to achieve a more effective cybersecurity posture.

High-performing organizations reporting high effectiveness in closing IT security gaps were positive about the use of NAC solutions and their importance to proving compliance, according to the Ponemon study.

Of high performers, 51% considered NAC solutions an essential tool for proof of compliance, compared to only 42% within the general respondent group. High performers were also more likely to use NAC solutions for IoT security.

iot nac3 Aruba

Choosing the right network access control solution for IoT

NAC solutions play a vital role in Zero Trust Security practices, so choosing the right NAC solution matters. The Ponemon report revealed a few critical considerations to keep in mind when comparing NAC solutions.

  • Interoperability and vendor-neutral features. 58% percent of respondents in the Ponemon Institute study said integration of NAC functionality with other elements of their security stack was very or highly important. Choosing a NAC solution that enables bidirectional exchange of information with other elements in the security stack supports continuous monitoring and enforcement.
  • Scalability to support hundreds of thousands of concurrent endpoints. 44% of Ponemon survey respondents reported feeling low or no confidence in their NAC solutions and practices to adapt to changes in the organization that might increase threats and risks. A NAC solution that scales with the organization and supports organizational agility can accelerate digital transformation while protecting critical resources.
  • Suitability for hybrid cloud. More high performers than other Ponemon survey respondents said NAC solutions are best delivered by the cloud. When assessing NAC solutions, consider a cloud-native NAC like HPE Aruba Networking Cloud Auth, which integrates with common cloud identity stores and allows organizations to use Multi Pre-Shared Keys (MPSK) and Device Provisioning Protocol (DPP) for IoT device onboarding.

Explore network access control in depth

Learn more about NAC solutions and discover how HPE Aruba Networking solutions can help you apply Zero Trust Security principles to IoT adoption:

[i] Gartner®, Feb. 2021​

[ii] Gartner®, “Segmentation or Isolation: Implementing Best Practices for Connecting ‘All’ Devices,” September 2019.

Copyright © 2023 IDG Communications, Inc.



Source link