Continuous risk assessment of endpoints or a one-time audit?

Are you up to speed with your cybersecurity?

Do you really know, in real-time, who is hooked onto your network? Do you have full control of the entire network and all its components, as well as all the devices that need to connect to it? Are all the users keeping their devices secure and free of ransomware?

In a world of hyper-fast services, cloud computing, a geo-distributed mobile workforce, BYOD, and IoT, it is truly a daunting task to control the network and all its endpoints with a key element of success being speed. Therefore, the only solution for the IT security officer is to adopt a new approach; Continuous Risk Assessment (CRA) is a real-time approach to network admission control, an approach that recognizes the need to speedily and continually assess the endpoint risks to the network.

Your network is only as strong as its weakest security link – therefore CRA calls for constant monitoring of the endpoints. The traditional auditing approach of periodical scanning simply lacks the crucial element of speed, which enables network and security teams to stay ahead of cyber attackers by discovering new risks in real-time, acquiring decision supporting data, reacting to changes and anomalies and delivering protection on a continuous basis.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today!

The benefits of Continuous Risk Assessment (CRA)

The National Institute of Standards and Technology (NIST) defines Information Security Continuous Monitoring (ISCM) as:

“Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.”

According to NIST, risk assessment is to be conducted in a frequency that supports a risk-based security decision system and enables adequate protection of the organization’s data.

Furthermore, NIST experts specify that ISCM should be:

“…sufficient to ensure and assure effectiveness of security controls related to systems, networks, and cyberspace, … in accordance with organizational risk tolerance – and within a reporting structure designed to make real-time, data-driven risk management decisions“.

The above recommendations are easier to understand when continuous monitoring is reviewed in light of the major benefits, which a top notch CRA solution should entail. These benefits are:

Proactivity – Real-time CRA must provide organizations with immediate visibility of the security state of the network and all the devices connected to it, reporting their potential vulnerabilities. This enables organizations to address potential issues before they become security breaches. Organizations using CRA are taking a proactive approach to avoiding breaches, instead of investing an ever growing effort in detecting breaches that have already occurred. This approach entails effective management of high-risk devices, proactively preventing future threats.

Updated Context-awareness– The traditional audit approach is based on using pre-defined compliance parameters to determine a risk to the network at the time of the scan/audit. The CRA new approach depends on real-time and continuous update of varied risk factors by:

Monitoring changes in hundreds of parameters

Analyzing and correlating to multiple context attributes

Taking historical records into account

Continuous monitoring brings an analytic and adaptive approach to risk determination. It does so by correlating hundreds of parameters and keeping the security policy updated at all times. Security status analysis is context-aware (time, network location, user identity, and scenario are all considered), identifying anomalies in the network security status and/or in device behavior.

Anywhere, anytime functionality – In a world with no boundaries and a high diversity of endpoint types, CRA must provide capabilities for monitoring devices in any location, no matter what type they are and what type of data is being transferred, or where they are connecting from.

Continuous monitoring must keep the network secure even if employees take their corporate laptops home or connect their phones from a hotel during a business trip. Alternatively, the network needs to remain secure even when staff connect their personal smartphones at the office. CRA must function on and off the corporate network and remain relevant for all current types of devices and OS’s.

Complete Integration – A silo solution cannot work in today’s complex IT scenarios. Stand-alone vulnerability scanners will be abandoned, simply because they are not an integrated part of the entire network operation.

Continuous monitoring procedures must be integrated into the organization’s network infrastructure.

One approach towards achieving this goal is a tight binding of risk assessment with access scenarios, in particular with the network admission (NAC) solution. In the ideal approach, CRA ultimately becomes a natural and deeply integrated part of admission, starting from device on-boarding and continuing with device authentication and re-validation before permitting access to the network.

Automated Action – The desired solution must offer an actionable, preferably fully-automated processes to already determined risk factors. A report of problematic issues is only useful when it is also clear what protective actions need to be taken. For example, quarantine of a risky device or an adaptive approach to VPN authentication related to device risk levels. CRA helps assess potential risks, prioritize resolutions and initiate protective actions.

Portnox CLEAR – on/off premises continuous risk assessment solution

Portnox CLEAR is a cloud-based network access control (NAC) and endpoint security management solution, offering a cohesive approach to Continuous Risk Assessment. As opposed to stand-alone vulnerability scanning tools or NAC solutions with a naïve approach to endpoint stateless posture, Portnox CLEAR delivers ultimate control over users and devices, which can access your network anywhere, anytime. It does this through various access layers, while continuously, pervasively monitoring and understanding endpoint risk in its real-time context.

Portnox CLEAR enables real-time risk assessment of devices – on and off customer premise networks. We know how to take smart actions and proactive access decisions, based on the risk from devices attempting to access your network. Device profiling reports are continuously updated, for complete integration and automation.

With Portnox CLEAR, network and security teams enjoy the full benefits of the CRA approach to network access control. They will really know, in real-time, who is hooked onto the system; to have full control of the entire network and all its components, as well as all the devices that need to connect to it, knowing they are all compliant with NAC policy. The answer to the concerns, which opened this post is a resounding YES with the Portnox CLEAR solution to CRA from Portnox.