The Security Posture Of Endpoints - 1679 Words

Validating the security posture of endpoints may involve simple checks of operating system (OS) versions and patch levels, or it may be much more comprehensive. NAC solutions commonly check endpoints for the presence of anti-virus and antispyware tools and to make sure those tools include the latest updates and definitions. Endpoint compliance checks may be performed using an agent (client software) that runs on endpoint devices and scans them, or via scans done over the network. Security Automation and Orchestration solutions go much further and can check for the presence of required and/or prohibited applications (such as peer-to-peer software), particular files or file types, or even a range of custom registry-level checks. Some†¦show more content†¦Access policies may be tied to just authentication and endpoint compliance criteria, or they may be determined based on a combination of these and other criteria such as the identity or role of a user or device, physical locat ion in the network, connection method (wired or wireless), time of day and other factors. These capabilities vary widely among different solutions. Many solutions can accommodate role-based access policies, and much like with 802.1X this is often accomplished through the use of VLANs by dynamically changing the VLAN on a switch port or wireless access point based on a user’s role or group membership (e.g., Finance, Engineering, Sales, etc.). Methods used for enforcing access policies vary extensively depending on the architecture of the NAC or Security Automation and Orchestration solution. Some solutions enforce control at the point of access to the network (e.g., switch port or wireless access point), which is similar to enforcement used in 802.1X. Other solutions may enforce controls using software agents residing on endpoint devices, via inline appliances or gateways deployed in the network, or by manipulation of commonly used protocols in the network (e.g., TCP, DNS, DHCP). Quarantine (Isolation) and Remediation In addition to endpoint compliance validation, Security Automation and Orchestration also encompasses the concepts of quarantine (or isolation) and remediation.