Network security is a critical concern for all organizations facing the ever-increasing onslaught of attacks from unknown devices attempting to access critical network infrastructure. When it comes to network security, every employee, customer, or supplier and the devices they bring are potential threat vectors. Additionally, for CISOs, Directors, and IT Managers, strengthening network access privileges and security compliance policies without impeding the access of their employees and customers is a challenge. These managers and staff are tasked with associating device information with user identity for legal compliance and security forensics.
The value of SafeConnect NAC is simple; it significantly reduces security incidents by ensuring that every connected device is visible, controlled for real-time compliance, and either blocked or allowed in real-time. Don’t risk your organization’s reputation or expose your data; instead, ensure the security of your network, components, personal information, and intellectual property remains intact.
Features and Benefits
Know what’s on your network
Agentless device identification and profiling provide visibility into devices on your network by delivering detailed information. These details include: User name, IP address, MAC address, Role, Device Type, Location, Time, and Ownership.
SafeConnect NAC uses advanced intuitive scanning and rich analysis to create strong device profiles:
Device Discovery and Profiling
SafeConnect NAC discovers new IoT and User Devices attempting access to the network.
SafeConnect NAC can either passively profile (determine device type) or quarantine the device until the device type is explicitly known.
SafeConnect NAC uses the following techniques to identify device types:
- Deep Device Fingerprinting
- Web Browser User Agent Identification
- URL Fingerprinting
- MAC address OID fingerprinting
Input from external sources:
- Sequential network devices (wireless access points, firewalls)
- Database sources
Authenticate your users’ identities
Depending on your environment, you can authenticate your users through multiple methods/protocols. End-User (AD/LDAP/SAML) Authentication prevents unauthorized users from accessing network resources.
SafeConnect NAC supports the following authentication types: EAP-PEAP (identity-based), EAP-PEAP (machine-based), EAP-TLS (certificate-based), as well as domain and 802.1X Single Sign-On (SSO).
Control access to IoT or Browserless Devices
Whether it’s printers, VOIP phones, thermostats, and lights like smart devices or industry-specific OT devices, controlling and monitoring these devices can be a real challenge. These devices can represent most of the risks in your environment, and many organizations address this issue through network segmentation. SafeConnect NAC provides a consolidated view of traditional systems, mobile and IoT devices, and Operational Technology (OT) systems; it offers the ability to control IoT devices through ACLs or assign them to specific VLANs from a single dashboard.
SafeConnect NAC allows for multiple options to meet the varying needs for such devices:
- Passive Enrollment – Allows SafeConnect to recognize specific device types and passively allow access.
- Bulk Enrollment – Allows you to whitelist a group of devices with only the MAC address held in your asset management system, allowing only those specific MAC addresses to enter the network.
- Self-registration – In an environment where specific IoT Devices require self-registration, they can be self-registered via a restricted portal.
Assess comprehensive device compliance
Whether it’s your Acceptable Use Policies (AUP) or legal requirements, SafeConnect ensures that devices on your network comply with them. Windows, macOS, and mobile devices are checked for real-time compliance as they move across your network.
Meeting GDPR, HIPAA, PCI DSS, SOX, or GLBA compliance requirements involves knowing the answers to questions like “who, what, when, and where” regarding devices and users and controlling access to the data your company needs to secure. SafeConnect NAC helps you achieve visibility, security, and control, allowing you to automate policies that verify accountability, reduce security vulnerabilities, and prevent emerging threats, ensuring compliance with repeated audits.
Secure access for guests, vendors, and third parties
Self-registration for Guests automates the process of providing temporary network access for your guests. Set different levels of access and approval processes for your guests, vendors, or other third parties that need access to your network. SafeConnect comes standard with a fully configured SMS gateway that provides international SMS support. Device Registration with Bulk Upload MAC Address feature enables identification for browserless devices such as printers, VOIP phones, IP Cameras, or other IoT-enabled devices.
View real-time or historical management reports
SafeConnect NAC has rich and real-time or contextually sensitive context information, such as Contextual Intelligence, including User Name, IP Address, MAC Address, Role, Location, Time, Ownership, and even Compliance Status. This information allows for more timely and informed security decisions.
You can use the Real-Time Reporting Control Panel for visibility into who and what is on your network, with detailed device information for 30 days and session information for 6 months.
Additionally, a built-in reporting interface provides easy-to-use customer details for 30 days and session details for 6 months, which can also be exported to an external source for longer-term data retention, such as a SIEM, and optionally run and schedule reports to be sent via email. This data allows for more timely and informed security decisions.
Integrate to enhance existing security process
SafeConnect NAC shares contextual intelligence gathered to enhance its capabilities far beyond traditional domain controllers with other security solutions such as identity-based firewalls, web content filters, SIEM, and bandwidth management solutions.