Secure Mobility Safely Onboarding Personal Devices to Corporate Networks © 2012 Bradford Networks.
Download ReportTranscript Secure Mobility Safely Onboarding Personal Devices to Corporate Networks © 2012 Bradford Networks.
Secure Mobility Safely Onboarding Personal Devices to Corporate Networks © 2012 Bradford Networks. All rights reserved. CEO Won an iPad at Book Club … © 2012 Bradford Networks. All rights reserved. 2 Containing the Risk of a Cyber Threat Phishing Email on Device Device Compromised Internal Network Scan Data Consolidation Attack Surface is Multiplying With Every New Device © 2012 Bradford Networks. All rights reserved. Data Exfiltration Challenge With Employee-Owned Devices Configuration Settings Managed Non-Standard Devices Consistent Diverse Unknown Apps Corp Push User Downloaded Unmanaged Risk User’s Privacy Endpoint Protection © 2012 Bradford Networks. All rights reserved. Full Access Restricted Mature Emerging Addressing the BYOD Security Gap Enable BYOD Know The Devices 60% 9% © 2012 Bradford Networks. All rights reserved. 3 Phases of Network Access Control Hybrid Devices Consumerization BYOD Guest Device Corp Device Guest Networking Endpoint Compliance Employee © 2012 Bradford Networks. All rights reserved. Guest Hybrid Users Maturing Visibility & Control to Address BYOD Embrace Automation Policies Contain Block Visibility Disregard Visibility © 2012 Bradford Networks. All rights reserved. Policies Automation BYOD Essentials: Total Network Edge Visibility WHERE LOCATION 1 Real-Time Visibility VPN LOCATION 2 …. Single Network Sentry Appliance LOCATION N © 2012 Bradford Networks. All rights reserved. WHO WHAT WHEN BYOD Essentials: Role-Based Access Policies WHO WHAT WHERE WHEN TRUSTED LOCATIONS TRUSTED USERS TRUSTED TIME TRUSTED DEVICES © 2012 Bradford Networks. All rights reserved. BYOD Essentials: Automation & Control Assign Network Access Assess Risk Unrestricted Access Identify Device Identify User Restricted Access Guest Access No Access © 2012 Bradford Networks. All rights reserved. Who’s Responsible for Onboarding Devices? Compliance Security Exec Compliance / Risk Officer CSO VP Governance, Risk, Compliance CISO Audit and Reporting Director of Security Mgr Policy Awareness and Administration Staff Business Bus Unit General Mgr CIO VP of Infrastructure Project Management Business Line Management IT Strategy & Architecture Bus Analyst / IT Liaison Security Engineering Wired/Wireless Network Administration Bus Process Monitoring & Operations Incident Response / Forensics Endpoint Administration Application QA/Test Security Operations Center Identify/Access Management Vulnerability Assessment © 2012 Bradford Networks. All rights reserved. Operations Network Operations Center Help Desk / IT Support Server/DB Administration Application Development App/Service Administration End Users About Bradford Networks 900 Global Customers Inspired by EDU 10 Years of BYOD Experience Pioneer/Leader in Network Access Control Most Scalable and Secure NAC Solution © 2012 Bradford Networks. All rights reserved. NETWORK SENTRY Network Sentry Feature Set Risk Assessment Risk Mitigation SmartEdge Platform Integrations Security Network Visibility Device Profiling Easy Onboarding Endpoint Compliance Network Provisioning Mobility Discover All Wired & Wireless Infrastructure Detect and Classify Every Endpoint Device Simple and Powerful Device and User Onboarding Pre-Connect Risk Assessment of Endpoint Devices Analytics Historical Event Correlation and Trending © 2012 Bradford Networks. All rights reserved. Safe Network Access Assignment Wired & Wireless Network Sentry SmartEdge Platform SECURITY MOBILITY NETWORK ACCESS CONTROL WIRED & WIRELESS SECURE BYOD EDGE VISIBILITY GUEST MANAGEMENT NETWORK SENTRY NETWORK ANALYTICS EASY 802.1X ONBOARDING ENDPOINT COMPLIANCE WHEN © 2012 Bradford Networks. All rights reserved. WHERE REGULATORY COMPLIANCE WHAT WHO Guest Registration & Management © 2012 Bradford Networks. All rights reserved. Easy 802.1x Onboarding CAPTIVE PORTAL USAGE POLICY DEVICE REGISTRATION OPEN SSID SECURE SSID © 2012 Bradford Networks. All rights reserved. AUTHENTICATION SUPPLICANT CONFIGURATION AUTHENTICATION SERVER Endpoint Compliance Device Risk Assessment Safe Configuration Required OS Patch Levels Endpoint Protection Mandatory Applications Minimum Application Version © 2012 Bradford Networks. All rights reserved. VLAN Assignment BYOD Blueprint: NAC and MDM Corp-IT Smartphone Corp Tablet Temp Emp Employee’s Smartphone Executive’s Tablet MDM Agent Installed or Not Guest © 2012 Bradford Networks. All rights reserved. Exec R&D IT SC Magazine Product Group Test (Identity Management, NAC, DLP) © 2012 Bradford Networks. All rights reserved. 19 Benefits with Bradford Networks IT Management CxO Users • 100% Visibility/Control • Embrace BYOD • Access They Need • Automated Policies • Balance Risk/Cost • Flexibility They Want • Easy to Manage • Maintain Compliance • Privacy They Deserve • Totally Integrated © 2012 Bradford Networks. All rights reserved. Case Studies: Hospitality / Financial Services / Healthcare Challenges: • BYOD - Keep unsafe devices off the network • PCI DSS compliance Challenges: • Enable scalable port security in a 200 VLAN environment • Highly distributed NYC, Tokyo, London Benefits: • Automatically identify who and what is accessing their network • Automatically provisions network access according to the role, device, and location • Enforce access policy based on MDM enrollment status Benefits: • Automatically register who and what device is accessing their network • Blocks unsafe devices and unauthorized users • Automatically provisions network access according to risk profile: role, device, and location • Plan to integrate with Palo Alto to isolate problematic users/devices © 2012 Bradford Networks. All rights reserved. Challenges: • BYOD - Allow physicians, medical students and staff to access EMR using personal devices • HIPAA compliance Benefits: • Automatically identifies every device and user accessing the network • Validates MDM is installed before access is granted • Automatically provisions network access according to the user’s designated profile 900+ Customers Around the World RETAIL/ HOSPITALITY HEALTHCARE/ BIOTECH © 2012 Bradford Networks. All rights reserved. FINANCIAL SERVICES EDUCATION GOVERNMENT/ DEFENSE TECHNOLOGY UTILITIES Taking Action: Request Slides [email protected] BYOD Whitepaper (NAC, MDM) [email protected] Custom Demonstration [email protected] © 2012 Bradford Networks. All rights reserved.