Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

8/25/2020
02:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Pulse Secure NAC Extends Zero Trust Network Assurance as Users, Endpoints & IoT Devices Return to a Hybrid Workplace

Pulse Secure today announced new features to its Network Access Control (NAC) solution, Pulse Policy Secure (PPS), that enhance endpoint and IoT device visibility, compliance, remediation, and threat response as organizations embrace expanded remote work flexibility with employees and their devices returning to a hybrid workplace. 

Available separately or as part of Pulse Access Suite Plus, Pulse Policy Secure (PPS) is an enterprise-class NAC solution that is easy to deploy, manage and scale. The update release includes over 30 new features and enhancements such as support for additional endpoint detection and response (EDR) and IoT / OT vendors including McAfee and Nozomi.

With businesses slowly opening up more modified and social-distanced work settings and accelerating multi-cloud and hybrid IT resource use, organizations are experiencing increased attack vectors and exploits stemming from endpoint and IoT device exposures. What’s required to ensure user productivity and information security in today’s hybrid work environment is greater managed and unmanaged device oversight, expanded endpoint compliance and remediation capability, and means to unify remote and on-premise access control.

In the “2020 Endpoint and IoT Zero Trust Security Report," Cybersecurity Insider’s noted the following survey results: *

  • 66% saw an “increase to significant increase” in endpoint and IoT security incidents impact over the last 12 months, with the top 3 being malware, insecure network and remote access, and compromised credentials / weak authentication.
  • 50% anticipate “high to likely” that their organization will become compromised due to an endpoint or IoT originated attack in the next 12 months.
  • 48% have “moderate to unlikely means” to discover, identify and respond to unknown, unmanaged, or insecure devices accessing network and cloud resources.

Modern Network Access Control solutions provide the agent and agentless visibility, contextual access policy control and integrated threat response capabilities necessary to prevent endpoint exposures that yield identity theft, malware and network compromise. Regulated industries, such as financial services and healthcare, need to be especially diligent in enforcing endpoint compliance and segregating IoT access.

According to a recent market report by IDC, NAC is a mainstream market forecasted to grow 10.7%, reaching $1.9B by 2024.** NAC has evolved from an admission control tool to enable real-time, on-premises endpoint, mobile and IoT device discovery, assessment, enforcement and remediation capabilities. In this report, Pulse Secure ranked among the top 3 hybrid NAC vendors by global market share - offering 802.1X, non-802.1X agent-based agentless functions. The report’s “Who Shaped the Year” section highlights Pulse Secure’s capabilities: ***

“Pulse Policy Secure (NAC) offers the complete range of capabilities, including 802.1X and non-802.1X, agent and agentless Client, and network profiling with UEBA, which gives enterprises flexibility to deploy across a gamut of hybrid IT environments. This makes Pulse Secure's NAC ideal to support a wide range of use cases, such as: visibility only, full-featured 802.1X, agent-based BYOD (they offer a mobile VPN and MDM), as well as agentless guest, IoT and IT/OT security. Having a built-in RADIUS server, high performance appliance (up to 50,000 concurrent sessions), centralized management (up to 400 appliances), and ecosystem integrations also provides benefits to NAC scalability and interoperability.

As a Secure Access platform play, competing with Cisco, Fortinet and HP, Pulse Secure provides a portfolio of solutions available separately or as an integrated suite for hybrid IT. Pulse Secure offers all three primary secure access technologies recognized by IDC: VPN, NAC, and SDP. With unified Client, appliance, management and rules engine, this cross functionality allows corporate policy to be set across any combination of solutions. As the pandemic forces adopting organizations to prioritize securing the growing remote workforce, Pulse Secure is able to provide a comprehensive solution-set which does not requiring sacrificing the continuing need for on-premise security.”

”Beyond the merits of device visibility and access enforcement, modern NAC solutions are increasingly becoming a critical component of a multifaceted secure access program, both supporting a wide variety of important uses and adding value through key integrations with other security technologies,” said Peter Finale, sr. research analyst for IDC’s security team. “Pulse Secure is distinguished among Secure Access platform players as offering extensive hybrid NAC capabilities, device intelligence, scalability and key integrations while delivering user experience, endpoint security, and access management across NAC, VPN and SDP solutions.”

New Features Enhance Endpoint Compliance

“The latest release of Pulse Secure NAC continues to advance our deployment, usability and threat response capabilities while delivering enterprise-class functionality,” said Ganesh Nakhawa, director of portfolio solutions at Pulse Secure. “With our unique means to offer a unified endpoint compliance and protected connectivity capabilities across mobile, network and cloud environments, organizations can mitigate endpoint and IoT security risks while ensuring productivity no matter where employees work.”

Pulse Secure offers a portfolio of Secure Access solutions that provide exceptional usability, visibility and Zero Trust policy orchestration to enable seamless, compliant user and device access to applications and resources across distributed network and cloud environments. New PPS version 9.1R8 features and enhancements include:

  • Endpoint security compliance enhancements with leading endpoint detection and response (EDR) vendors including new McAfee ePolicy Orchestrator (ePO) integration. This allows organizations to assign role-based access based on device attribute details provided by McAfee ePO, automatically install McAfee ePO client if not detected, and limit or block connectivity based on threat alerts received from ePO, such as non-compliant or compromised devices.
     
  • Agentless device discovery and security posture assessment advancements, such as expanded passive device fingerprinting using TCP and SMB protocols, to enhance endpoint access control and reduce administrative classification tasks.
     
  • Greater device visibility and threat response for Industrial Control System (ICS) environments based on increased IoT/IIoT device classifications, and automated access control based on threat severity notifications from IT and OT security vendors such as Nozomi.
     
  • Management UI improvements that simplify and streamline administrative tasks such as new search and custom reporting options to expedite audits, investigations and operational insight.

Pulse Policy Secure has FIPS 140-2 Level 1 certification and is Common Criteria certified extensive deployment in government, military and government contractor applications. Used to satisfy NIST 800-53 controls and Comply-to-Connect requisites, the solution is certified on the U.S. DoD Unified Capabilities (UC) Approved Products List (APL) and for J Joint Warfighting IT Interoperability (JTIC).

NAC Upgrade Program

Organizations can take advantage of Pulse Secure’s Trade-in Program to replace current NAC solutions from companies such as Forescout, Cisco, Aruba, and Fortinet. For more information, contact a sales representative at [email protected], call 844-807-8573, or contact an authorized reseller.

* Source: 2020 Cybersecurity Insiders, Endpoint and IoT Security Report Conducted by Cybersecurity Insiders and commissioned by Pulse Secure, the report surveyed 413 security decision makers, in August of 2020, across several industries, including financial services, healthcare, manufacturing, high-tech, government, and education.

** Source: IDC, Worldwide Network Access Control Forecast, 2020–2024: Demand for Visibility Drives New Growth, Doc # US46280820, May 2020

*** Source: IDC Worldwide NAC Market Shares, 2019: Diverse Market Demands Expand NAC's Addressable Market, Doc # US46276020

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Google Cloud Debuts Threat-Detection Service
Robert Lemos, Contributing Writer,  9/23/2020
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark Reading,  9/23/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26120
PUBLISHED: 2020-09-27
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even witho...
CVE-2020-26121
PUBLISHED: 2020-09-27
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an uploa...
CVE-2020-25812
PUBLISHED: 2020-09-27
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
CVE-2020-25813
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
CVE-2020-25814
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> ...