Intelligent CISO Issue 54 | Page 34

When we look more closely at definitions of Zero Trust , we can see where modern NAC solutions fit in .
PREDICTIVE INTELLIGENCE

Modern approaches to NAC don ’ t need 802.1X ( except for wireless ) and go beyond simplistic perimeter policing . Today , NAC solutions focus on continuous device visibility and identification , posture assessment and compliance . They tackle control across all types of networks ( wired , wireless , cloud ) and all types of devices ( IT , enterprise IoT , Industrial IoT and Medical IoT ). They also support integration between multiple different security vendors .
These capabilities are all essentials for a dynamic Zero Trust architecture .
Another benefit of modern NAC solutions is that they support a defence in depth strategy . They enable a Zero Trust policy with an enforcement point at the edge of the network , so can limit the lateral spread of a threat . For example , network edge enforcement can prevent cyber-attackers from using a compromised IoT device to move laterally into a device with more privileged access to key resources .
It ’ s time to reassess how you see NAC solutions . Look for :
• The ability to discover all devices on your network – not just those associated with a human user
• Continuous visibility and device control
• Orchestration of security controls across multiple vendor solutions
Continuous detection and control are essential to Zero Trust
When we look more closely at definitions of Zero Trust , we can see where modern NAC solutions fit in .
The US National Institute of Standards and Technology ( NIST ) Special Publication 800 – 207 , published in August 2020 , established an abstract

When we look more closely at definitions of Zero Trust , we can see where modern NAC solutions fit in .

definition of Zero Trust and Zero Trust Architecture ( ZTA ). While targeted at US federal agencies , SP 800-207 also documented general deployment models , use cases and a high-level roadmap for implementing a ZTA approach for enterprises .
The NIST Special Publication also developed seven key tenets of Zero Trust . The seventh tenet states : ‘ The enterprise collects as much information as possible about the current state of assets , network infrastructure and communications and uses it to improve its security posture ’.
It ’ s clear that in order to do this , some ability to continuously detect and control devices and assets connecting to the network is needed .
34 www . intelligentciso . com