How new access control technologies can address insider threats

Granular policies should be aligned for ease of use and manageability across the entire organization, and to assure consistency across network zones, data types, roles, and responsibilities. It's particularly important to apply just one set of policies for both local and remote (SSL VPN) access — it saves time, money and user patience, and assures at least baseline policy coverage. Once granular policies are in place, aligned for consistency and interoperability, and checked for gaps, they are ready to be propagated across networks, applications, and data.

Choose an open, flexible solution

The first step is to make effective use of network security products already in place. Individual network defenses like firewalls, SSL VPN gateways and intrusion prevention and intrusion detection systems (IPS/IDS), as well as other security software and appliances, need to interoperate with the selected network access control solution. The goal is to make sure that access control and network defenses are aligned on policy, and reference the same information.

Interoperability works both ways: the access control solutions take input from security devices to assess the instantaneous threat environment and identify events, and they enforce their response through these same devices, for example by restricting access to threatened network segments, applications, data sources, or by restricting or blocking actions of suspect individuals or devices. The best of them offer policies and templates that work across multiple network access methods and with different network security products to speed implementation and simplify management.

Critical use cases

With granular access control in place communicating with firewalls, IPS and IDS, SSL VPN gateways, rate-limiting switches and other compatible devices, organizations can begin to address complex use cases such as these:

* zone-based access to applications — restrictions on specific application use in sensitive areas; for example blocking IM attachments when users are in the personnel zone or accessing the finance servers, regardless of user
* time-based access; for example by restricting social networking applications to after hours and lunchtime use
* “high alert” policies that restrict access to a location, application, data type, or by an individual's identity or organizational role when security devices signal a local or general attack
* rate-limiting of low-priority downloads to maintain Quality of Service (QoS) for customer-facing functions, like web portal and VoIP applications
* granular intrusion response that quarantines, logs off or locks out users or devices (not just IP addresses) in response to anomalous behavior on the intranet
* correlation of information across network security products to identify “slow and stealthy” attacks that evade simple security point product solutions

accessaddresscancontrolhowinsidernewsecuritytechnologiesthreats