Network Segmentation

1. Security is crucial when it comes to protecting your data and critical assets; that’s why the first line of defense lies in securing surface attack surfaces starting from your network’s vulnerable endpoints which many users have access to. You want to make sure both the users and devices are authorized to gain access to the network. Some managed devices like managed PC’s, need security software installed like Qualys or Crowdstrike in order for the company to remotely manage and promptly secure the device’s data in the event of an attack. On the other hand, unmanaged devices like in IoT, medical devices, and other select endpoints do not have the capabilities to have third-party security software installed and therefore are vulnerable to exploitation. Due to their unmanaged properties, these unmanaged endpoints are also susceptible to low network visibility and thus cannot be easily identified nor monitored based on the type of device that is connected, its active status, risk assessment, traffic analysis, user access, compliance liability, etc. This makes it challenging to detect and respond to potential threats or issues effectively.

To optimize network visibility and strengthen security measures, we employ industry-leading technologies that enable comprehensive data collection and profiling of all devices. This integration ensures seamless alignment with our robust security solutions and enables us to maintain maximum visibility across your network. 

2. AccuCode works with endpoint profiling software/tools like Ordr, Medigate, and Axonius to name a few, to facilitate device profiling and fully integrates with your ServiceNow platform. Netflow and SPAN is used to pass configuration information (identifying the flow of data for all endpoints) and to provide an exact copy of your traffic to the endpoint profiling software where information such as the make, model, serial number, OS, firmware, installed apps, port usage, location, and much more is collected while also identifying any devices with security risks or vulnerabilities. The end result is your ServiceNow database filled with accurate inventory and device metadata for all of your network’s endpoints. Your ServiceNow database will be used to update and work with tools like ISE to expedite a tight-knit and comprehensive NAC solution for robust security. 

3. The endpoint profiling software seamlessly integrates with ServiceNow, enabling real-time updates to your Network Access Control (NAC) solution, such as Cisco ISE or Aruba Clearpass, through REST API integration. This integration ensures that any changes made, such as adding a device or user through ServiceNow, automatically trigger access rights provisioning within your NAC solution, guaranteeing proper and secure access control. Moreover, your NAC solution can reciprocate by updating ServiceNow with critical information, including authentication and authorization events, network access policy changes, and threat or anomaly detection notifications. To enhance profiling capabilities, the profiling tools leverage Infoblox, DHCP, and Active Directory information, providing valuable device context for more accurate analysis of network data and behavior. With comprehensive device information collected, the endpoint profiling software shares its data lake database or repository with ISE or Clearpass, empowering them to make informed access control decisions and enforce network security policies. This collaborative ecosystem establishes a robust network security framework that ensures secure and controlled network access based on device attributes, user identities, and predefined policies.

4. We use a Threat-centric NAC (TC-NAC) approach addressing the network visibility limitation by integrating threat intelligence and analytics into the access control process that traditional NAC solutions do not otherwise offer. This means leveraging real-time threat information from various sources, such as intrusion detection systems, firewalls, threat feeds, and security information and event management (SIEM) systems. By continuously monitoring the network for potential threats, it can make dynamic access decisions based on the current threat environment such as dynamically blocking suspicious endpoints not just because of bad profiling but also because of bad behavior or suspicious device performance. By combining access control mechanisms with threat intelligence and analytics, TC-NAC offers a more proactive and adaptive approach to network security. It helps organizations detect and respond to threats in real time, reducing the risk of data breaches, unauthorized access, and network compromises.