Harte-Hanks Aberdeen Group: Best In Class Companies Are Leveraging Network Access Control To Stop Malware Dead In Its Tracks
Share:
Please attribute all quotes to: Mounil Patel, Vice President & Research Director, Information Management & Security practice, Aberdeen Group, Boston, MA.
Report Description
Network Access Control (NAC) allows companies to protect sensitive information and data residing on the network through identifying end users at log on, stipulating what access level the user has within the network (through predefined network admission policies), and confirming that the endpoint is in compliance with the network security infrastructure. This benchmark report is Part I of a two part series on identifying successful strategies for mapping out risks associated with endpoints and end users.
Report Outtakes:
Analyst Quote: IT organizations are under increasing pressure to address the security gaps created by non managed PCs connecting to the network. Security gaps enterprises are concerned about include: reducing malware infections, conducting frequent posture checks on network or security policy, controlling individual network access, and meeting regulatory requirements. In order to be successful, these organizations will need to evaluate the risks those gaps represent to their company's operation and financial health. Then, they need to take a new look at their network access control (NAC) plans and understand how NAC may be able to address some of these gaps.
Research Quote: The research shows that over 75% of surveyed companies allow connections from non managed PCs in use by employees, contractors, partners, auditors, and guests. Interestingly, approximately two-thirds of the companies surveyed had little or no visibility into the compliance state of their endpoints to security policy. Although the companies recognize the risk of this situation, they are ill-equipped to fight the potential problems (like malware, spyware and viruses) because they are simply unaware of the state of the machines when they connect to the network-the reason for which is they do not have the appropriate tools to report, diagnose, remediate and audit their non managed PCs.
Sales Quote: The majority of respondents, 59%, report a desire to implement NAC in order to reduce incidents of malware propagation. A further 53% report wanting the solution in order to control network access for staff, partners and contractors, while another 42% report wanting to enforce endpoint software configurations.
Network access control solutions can have a beneficial impact on corporate operational efficiencies while also improving an organizations security posture. 70% of respondents report either no impact or reduced staffing requirements, and 50% report either no change or a reduction in malware incidents over the last year. The ROI argument seems pretty clear, so where is the call to action? After analyzing the study results, Aberdeen found that enterprises are challenged with implementing an all encompassing solution because so many vendors offer only a piece of the puzzle. This leads Aberdeen to conclude that while most companies recognize the risk of non-managed PCs in their infrastructures, they are waiting on NAC vendors to combine capabilities and offer standards-based integration prior to evaluating and subsequently deploying a NAC solution within their enterprise.
Compelling research facts, providing actionable benefits for readers:
Results show that three-quarters of companies have non-managed PCs that connect to their network more frequently than once per week. Two-thirds of respondents report little or no visibility into or control over the security posture of these machines. The two highest risk areas for these connections are Internal LAN (52%) and VPN users (48%), which are, coincidentally, the most frequently used connection channels in any enterprise environment.
Three-quarters of respondents report that it is very important to protect internal network resources from the risk of zero-day infections. But, over two-thirds of respondents indicate, when it comes to ensuring machines are not malware infected when they connect to the Internal LAN, they are attempting to address the risk using manual methods, or worse, they are doing nothing at all. The most appropriate way to address the risk would be to use a class of NAC solution which combines a check on initial connection, followed by continuous monitoring of the security state of the machine. Yet, only 25% are currently using NAC technologies to intelligently segment dangerous machines, and address the risk of zero-day infections.
There is a negative ROI associated with allowing non managed PCs connect to a corporate network without proper checks in place. The typical IT organization today is overcommitted and understaffed. Add to this the requirements of maintaining the status quo of manual checking and remediation of infected, non-managed PCs, and you are further taxing your existing staff. As your organization grows from hundreds to thousands of endpoints, the problems increase which causes the work to increase, resulting in additional risk and costs. The business impact of this slippery slope situation is fairly easy for IT to calculate and therefore allows for easy justification of the expense required to implement a NAC solution.
