Mobile NAC essentially extends NAC functionality that is found on the LAN to mobile endpoints. It does so by not only checking devices as they gain access to the corporate network but also any time from startup to shutdown. Fiberlink defines Mobile NAC as follows:
"Mobile NAC uses the Extend360 Mobility Platform to provide the four basic functions of Network Access Control:
Policy Management. — Setting policies for endpoint computers, including policies on what security applications should be present on endpoints, how these should be configured, and what actions to take if an endpoint computer is out of compliance
Endpoint Monitoring and Assessment. — Continually monitoring the security posture of endpoint computers and comparing them with policies to determine if the systems are in or out of compliance
Quarantine and Enforcement. — Blocking noncompliant endpoints from accessing corporate networks and restricting partially compliant systems to specified network locations
Remediation. — Remediating (repairing) computers that are out of compliance with corporate policies so they can be reconnected with the corporate network and employees can resume work
Fiberlink states they offer fast, cost-effective implementation, since Mobile NAC is deployed as a hosted service that requires no changes to enterprises' network infrastructure."
Like all NAC solutions, Fiberlink's Mobile NAC protects corporate networks from noncompliant endpoints. But it also addresses "the Mobile Blindspot" by protecting the endpoints themselves and the confidential data on them with "always on" monitoring and remediation.
The Fiberlink Mobile NAC solution is not designed to be a gateway controlling access to the corporate LAN from unknown and unauthorized users. This functionality requires hardware to be installed on the corporate LAN; Fiberlink Mobile NAC does not require any hardware be placed on the corporate LAN.
Fiberlink provides a unique approach to addressing authorized users with deficient security postures. Rather than assessing, quarantining, and remediating devices as they attempt to access the corporate LAN, the Fiberlink Mobile NAC solution performs these functions any time the device is powered on. In doing so, the corporate LAN is protected because all devices are constantly protected by never being placed into the Mobile Blindspot. Figure 8-14 illustrates NAC coverage in the Mobile Blindspot.
The Fiberlink philosophy is that assessing devices only as they enter the network is not good enough. Rootkits, Trojans, and so on can all infect deficient mobile devices and become installed deep within the operating system. Trying to find these devices after the fact and upon access to the network, as opposed to any time the machine is running, does not provide an adequate level of protection.
The Fiberlink Mobile NAC solution was specifically designed for mobile users. All aspects of the NAC solution function on mobile systems while they are mobile and not connected to the corporate LAN. In addition, the solution is offered as a SaaS model and as a compliment to LAN-based NAC, patching and security systems. The SaaS model enables companies to have a complete Mobile NAC solution in place in a matter of weeks.
3.142.114.245