Wireless switch vendor Aruba Networks has made two enhancements in Network Access Control (NAC), which it says will allow it to control the security risks posed by wayward mobile devices.
NAC is the process whereby devices are checked for security risks prior to admission onto a network. Earlier this year, security giant Symantec warned that smartphones would soon be just as vulnerable to attack as PCs are today.
But Aruba believes its interoperability with third-party network access control solutions, as well as its new Endpoint Compliance System, can lessen these vulnerabilities.
Firstly, Aruba says that it has verified the interoperability of its networks with the three leading NAC solutions, namely Microsoft’s Network Access Protection (NAP), Juniper’s Unified Access Control (UAC), and Cisco’s Network Admission Control (NAC).
According to Aruba the identity-based access feature of its Mobility Controller authenticates users through the Active Directory, RADIUS, and LDAP databases used by these platforms. As a result all three NAC platforms can compare device security settings against enterprise security policies such as the anti-virus software version, firewall settings or operating system patches.
The Mobility Controller also correlates this policy information with its knowledge of user behaviour, environmental factors (such as time and location), and third-party in-line security appliances (such as IDS/IPS systems or anti-virus devices). Any discrepancy will result in a flag and the device will be either quarantined or blacklisted.
The second NAC enhancement is Aruba’s new Endpoint Compliance System (ECS), a NAC solution which it says is suited for unmanaged mobile devices. Aruba says that these two advancements “address the spectrum of managed and unmanaged devices, and offer users a comprehensive security solution for both fixed and mobile devices.”
Aruba’s new ECS tool extends the company’s NAC offering to include threat assessment and policy decision making. Working in conjunction with Aruba’s user-based stateful firewall, policy enforcement is role-based and can be implemented as RF-level blacklisting, quarantining for immediate remediation, and redirection to third-party in-line security services such as anti-virus tools.
“Mobile computing devices outsell desktop systems two-to-one, so networks must be designed to accommodate unmanaged, mobile devices,” said Robert Fenstermacher, Aruba's industry marketing lead for enterprise solutions.
Aruba’s ECS tool is available now and prices are available upon request. Last month Aruba reinforced its security credentials when it purchased Network Chemistry's wireless intrusion detection and prevention business.