Introducing OPSWAT Threat Intelligence Similarity Search Learn More

Ensure Secure Access In-Office and At-Home with OPSWAT

With the recent shift to remote work there has been an increased focus on securing access for remote workers. Even if you have implemented a "good enough" solution remote access, you also need to holistically secure access to the on-premises network. To get holistic protection, use both Network Access Control (NAC) and a Software Defined Perimeter (SDP). When used separately, they each help protect on-premises and remote access, but when used together, they can do even more to help secure your network as part of a multi-layered security strategy.

NAC has been around for years and is a solution you likely have encountered to help users connect to a network securely. This includes features like setting policies to limit who is allowed on your network based on organization policy. SDP, also known as Zero Trust Network Access (ZTNA), is relatively new to the scene and you may not have encountered it yet. SDP is a new approach to network security that provides "least privileged" access to applications. By now, you have likely learned that a sound approach to cyber security requires a multi-layered security plan otherwise known as defense in depth. In the case of NAC and SDP, NAC acts to protect the lower layers of the network that SDP utilizes. If the underlying network is not protected in terms of availability and integrity, the security and access of users can be compromised. Without NAC, availability and security of applications can be compromised. With NAC and SDP both in place, true zero trust protection of the network, applications, devices, and users can be attained.

The defense in depth approach to cyber security calls for a multi-layered security plan. The outer layer is the perimeter of the network and the inner layers are for servers, and employees and their computers.

Within the traditional perimeter behind your firewall, NAC integrates with other portions of your security infrastructure like the firewall and IDS - and is able to protect your network and employee devices to a degree. But if attackers infiltrate the first layer, your border firewall, then SDP can act as another security layer by limiting access through least privilege access control to your application services. But the SDP protection does not stop there, it is a virtual security layer that extends beyond the perimeter of your network and adds additional security to protect your applications and data when users or the applications they access are remote—as they often are these days.

In summary, here are the highlights of how they complement each other:

  • NAC protects East-West traffic by segmenting devices as they join the network. This works by keeping devices quarantined if they are non-compliant or on an IOT only VLAN. SDP does something similar in the cloud using the zero-trust model to only grant access to those who need it. This leads to an enhanced ability to segment the network overall.
  • With SDP alone, employees can connect securely to resources. But this leaves your networking resources vulnerable to non-compliant user devices or compromised IOT devices. Both SDP and NAC can automatically apply policies to reduce risk. Meanwhile, NAC can protect and enforce your LAN and the user’s device by ensuring the user and device are on a contextually safe network segment. At the same time, SDP can enforce and protect the application and the data by creating a perimeter of one at a level above the NAC.
  • SDP can expand your network perimeter to protect access to corporate cloud-hosted applications and data where NAC cannot. This protects access to corporate cloud-hosted applications and data providing visibility and control beyond the corporate LAN.

OPSWAT offers an industry leading secure access solutions, SafeConnect NAC and SDP. These solutions offer all the benefits mentioned above, and unlike other options on the market, these two solutions are tested together and delivered by a single vendor, and policies for security and compliance for devices can be defined in a shared fashion.

Contact OPSWAT to learn more.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.