Problem is, the security models in Windows, Mac OS X and Linux often require agents, either permanent or dissolvable, to have local administrator rights in order to run. This becomes a problem in organizations that (wisely) don't let laptops and desktops run with local administrator privileges. In some cases, agents may need administrator privileges only the first time they're installed; that may allow IT to work around this limitation.
But what if you can't place an agent on a system? In that case, agentless assessments are conducted through remote scanning methods, such as running a vulnerability scan, or by using RPC (remote procedure call) or WMI (Windows Management Instrumentation) to query a host. Alternatively, passive scanning, using intrusion detection and network anomaly detection, looks for malicious hosts based on actual traffic. An assessment could even be defined as forcing a user into signing off on an Acceptable Use Policy before being granted access to the network.
Post-connection reassessments occur after the host is granted access. These are overlooked at your peril because a host's condition can change while connected. A worm might be activated, or a malicious user could start attacking. Post-connect assessments can be initiated automatically after set a time period; by an administrator as needed; or based on a change in the host, such as a desktop firewall or AV being disabled. New assessments are compared with the current policy, and defined actions are taken.
An interesting twist to post-connect assessments are products that use passive network monitoring, either within the NAC system or by integrating with an existing intrusion detection or network anomaly detection system, to alert on malicious activity. These external monitors alert on network traffic and can detect problems missed by host-based assessments.
Policy Selection
Robust policy definition is critical to a successful NAC deployment. Defining rules that are flexible enough not to unduly burden end users yet strict enough to protect the network will take planning and testing. A binary policy, such as, "Comply with the current policy or be denied access," sounds good on paper, but often fails in the real world. A laptop that has been offline, say while a user went on vacation, may not be up-to-date on its AV signature, but that doesn't mean it's infected. Do you really want to cut an employee off, or would it be better to get the laptop current in the background while the user continues to work?
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
