Why AI is crucial for the next level of Network Access Control solutions
Presented by Juniper Networks
NAC (Network Access Control) was created back in a neolithic era when laptops were still scarce on the ground, computing was done on servers and desktops and technology like mobile devices and IoT hadn’t yet made their debut. But then laptops took off, mobile devices became a thing and the number of devices needing to connect to the network blew up.
“Integrating NAC with AIOps is critical to simplify deployment and operations, accelerate the proactive identification and resolution of issues and to improve the security posture of the network,” says Christian Gilby, senior director of product marketing at Juniper Networks. “Pairing the rich insight you can gain from your NAC solution with AI and machine learning adds a whole new level of security and control.”
Why move away from traditional NAC?
NAC was designed in blissful ignorance of the kind of volume that networks would soon need to manage. It was not meant to handle a network that demands more openness to accommodate everything from trusted remote workers and customers permitted guest access, to headless IoT devices and more. As new devices and new security scenarios emerge, other areas of the network have embraced machine learning and AI to streamline processes and improve efficiencies. In the meantime, evolution of NAC systems has stagnated.
Traditional NAC solutions are complex to set up and integrate into a system, and they have inherent limitations, because they rely on on-premises hardware built using monolithic code bases. In this new world of networking, they’ve only gotten more complex to deploy and operate, cost prohibitive to scale and less reliable. And they’re becoming less and less relevant in a world that’s increasingly shifting to cloud-based architectures.
Plus, many NAC products have access to a wealth of insight into the devices connecting to the network, which can be leveraged to improve operations, but this insight is being completely overlooked.
“These limitations can be solved by moving NAC operations to the cloud, and leveraging AIOps for automated provisioning, monitoring, analysis and security,” Gilby says.
Disrupting the NAC space with AIOps
A NAC solution is the first entry point to the network, where a device or user offers an identifier or certificate to authenticate credentials and can then be tracked across the network. This information, paired with AIOps, can be leveraged in several valuable ways.
User and device identity. Once a user is identified by the system, as well as the type of device, whether it’s a laptop that won’t eat up too many resources or a camera that will require extra bandwidth, the network can then allocate the appropriate resources and bandwidth. This can be a game changer for handling the proliferation of devices and applications connecting to the network.
Security checks. Using AI to analyze the volumes of data gathered, from that initial login to a user’s behavior on the network, can surface trends — which is crucial not just for managing the network and bandwidth allocation, but for identifying suspicious behavior. If a device has been compromised, it can be identified immediately. An AI-powered NAC can instantly change roles and quarantine that user at the edge of the network. This is a huge step up in security from a firewall solution, where compromised traffic gets to traverse all the way to the firewall before the quarantine starts.
Troubleshooting and assuring user experience. From client to cloud, a network issue can happen anywhere along a user’s path. To troubleshoot, you need to be able to track a user and their experience across their journey with the network. Tying together NAC with AIOps provides both the data needed to analyze a user’s journey and experience, as well as the means to analyze it, whether that’s determining the quality of a voice call or figuring out why their device can’t connect.
Evaluating NAC solutions
NAC solutions will continue to evolve, becoming less brittle, but not at the rapid pace to match the onslaught of new requirements, applications and IoT devices, Gilby says.
“Networks are moving to the cloud, and so are management solutions, in order to gain agility at scale,” he says. “If you look at modern cloud architectures, especially solutions that are leveraging microservices, they have a lot more agility.”
As IT leaders evaluate AI-powered solutions that can take full advantage of cloud computing, there are a few key features they should look for. That includes ensuring that it’s not siloed, offering a different AI solution for each part of the network. Look for solutions that can pull all that information from across the network into one place to be analyzed.
Both NAC and the network should also be an API-first platform, so that you can integrate all the valuable endpoint products available in the NAC space. For example, opt for software solutions that will evaluate the security posture of the endpoint device and then integrate that with the NAC, or those that can force devices into a quarantine process before adding them to the network.
And looking toward the future, consider the potential of a solution that will offer a location technology feature to integrate with NAC capabilities, Gilby says. Location products on the market can now leverage Bluetooth low energy, which is found on most smartphone platforms and allows users to effectively triangulate location.
Bluetooth low energy is currently used in retail and health care, for finding products and navigating around a store or hospital. It can also bring even more granularity to what policies or what access someone gets based on who they are or where they are in a facility. For instance, in a government space where there are sensitive areas, you could leverage the NAC engine to push a Change of Authorization (CoA) policy to the device to prohibit access to social media networks.
But whatever solution you choose, it should be future proof, especially in a work world that’s become increasingly digital-first and highly distributed.
“One thing we’re seeing now, coming out of the pandemic, is it’s going to be a lot more dynamic,” Gilby says. “People are trying to figure out what the work environment looks like as people come back into the office — how to scale, and how to secure the network. Our customers are definitely seeing the value of bringing NAC technology together with the cloud and AIOps.”
Source: Read Full Article