Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

8/25/2020
02:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Pulse Secure NAC Extends Zero Trust Network Assurance as Users, Endpoints & IoT Devices Return to a Hybrid Workplace

Pulse Secure today announced new features to its Network Access Control (NAC) solution, Pulse Policy Secure (PPS), that enhance endpoint and IoT device visibility, compliance, remediation, and threat response as organizations embrace expanded remote work flexibility with employees and their devices returning to a hybrid workplace. 

Available separately or as part of Pulse Access Suite Plus, Pulse Policy Secure (PPS) is an enterprise-class NAC solution that is easy to deploy, manage and scale. The update release includes over 30 new features and enhancements such as support for additional endpoint detection and response (EDR) and IoT / OT vendors including McAfee and Nozomi.

With businesses slowly opening up more modified and social-distanced work settings and accelerating multi-cloud and hybrid IT resource use, organizations are experiencing increased attack vectors and exploits stemming from endpoint and IoT device exposures. What’s required to ensure user productivity and information security in today’s hybrid work environment is greater managed and unmanaged device oversight, expanded endpoint compliance and remediation capability, and means to unify remote and on-premise access control.

In the “2020 Endpoint and IoT Zero Trust Security Report," Cybersecurity Insider’s noted the following survey results: *

  • 66% saw an “increase to significant increase” in endpoint and IoT security incidents impact over the last 12 months, with the top 3 being malware, insecure network and remote access, and compromised credentials / weak authentication.
  • 50% anticipate “high to likely” that their organization will become compromised due to an endpoint or IoT originated attack in the next 12 months.
  • 48% have “moderate to unlikely means” to discover, identify and respond to unknown, unmanaged, or insecure devices accessing network and cloud resources.

Modern Network Access Control solutions provide the agent and agentless visibility, contextual access policy control and integrated threat response capabilities necessary to prevent endpoint exposures that yield identity theft, malware and network compromise. Regulated industries, such as financial services and healthcare, need to be especially diligent in enforcing endpoint compliance and segregating IoT access.

According to a recent market report by IDC, NAC is a mainstream market forecasted to grow 10.7%, reaching $1.9B by 2024.** NAC has evolved from an admission control tool to enable real-time, on-premises endpoint, mobile and IoT device discovery, assessment, enforcement and remediation capabilities. In this report, Pulse Secure ranked among the top 3 hybrid NAC vendors by global market share - offering 802.1X, non-802.1X agent-based agentless functions. The report’s “Who Shaped the Year” section highlights Pulse Secure’s capabilities: ***

“Pulse Policy Secure (NAC) offers the complete range of capabilities, including 802.1X and non-802.1X, agent and agentless Client, and network profiling with UEBA, which gives enterprises flexibility to deploy across a gamut of hybrid IT environments. This makes Pulse Secure's NAC ideal to support a wide range of use cases, such as: visibility only, full-featured 802.1X, agent-based BYOD (they offer a mobile VPN and MDM), as well as agentless guest, IoT and IT/OT security. Having a built-in RADIUS server, high performance appliance (up to 50,000 concurrent sessions), centralized management (up to 400 appliances), and ecosystem integrations also provides benefits to NAC scalability and interoperability.

As a Secure Access platform play, competing with Cisco, Fortinet and HP, Pulse Secure provides a portfolio of solutions available separately or as an integrated suite for hybrid IT. Pulse Secure offers all three primary secure access technologies recognized by IDC: VPN, NAC, and SDP. With unified Client, appliance, management and rules engine, this cross functionality allows corporate policy to be set across any combination of solutions. As the pandemic forces adopting organizations to prioritize securing the growing remote workforce, Pulse Secure is able to provide a comprehensive solution-set which does not requiring sacrificing the continuing need for on-premise security.”

”Beyond the merits of device visibility and access enforcement, modern NAC solutions are increasingly becoming a critical component of a multifaceted secure access program, both supporting a wide variety of important uses and adding value through key integrations with other security technologies,” said Peter Finale, sr. research analyst for IDC’s security team. “Pulse Secure is distinguished among Secure Access platform players as offering extensive hybrid NAC capabilities, device intelligence, scalability and key integrations while delivering user experience, endpoint security, and access management across NAC, VPN and SDP solutions.”

New Features Enhance Endpoint Compliance

“The latest release of Pulse Secure NAC continues to advance our deployment, usability and threat response capabilities while delivering enterprise-class functionality,” said Ganesh Nakhawa, director of portfolio solutions at Pulse Secure. “With our unique means to offer a unified endpoint compliance and protected connectivity capabilities across mobile, network and cloud environments, organizations can mitigate endpoint and IoT security risks while ensuring productivity no matter where employees work.”

Pulse Secure offers a portfolio of Secure Access solutions that provide exceptional usability, visibility and Zero Trust policy orchestration to enable seamless, compliant user and device access to applications and resources across distributed network and cloud environments. New PPS version 9.1R8 features and enhancements include:

  • Endpoint security compliance enhancements with leading endpoint detection and response (EDR) vendors including new McAfee ePolicy Orchestrator (ePO) integration. This allows organizations to assign role-based access based on device attribute details provided by McAfee ePO, automatically install McAfee ePO client if not detected, and limit or block connectivity based on threat alerts received from ePO, such as non-compliant or compromised devices.
     
  • Agentless device discovery and security posture assessment advancements, such as expanded passive device fingerprinting using TCP and SMB protocols, to enhance endpoint access control and reduce administrative classification tasks.
     
  • Greater device visibility and threat response for Industrial Control System (ICS) environments based on increased IoT/IIoT device classifications, and automated access control based on threat severity notifications from IT and OT security vendors such as Nozomi.
     
  • Management UI improvements that simplify and streamline administrative tasks such as new search and custom reporting options to expedite audits, investigations and operational insight.

Pulse Policy Secure has FIPS 140-2 Level 1 certification and is Common Criteria certified extensive deployment in government, military and government contractor applications. Used to satisfy NIST 800-53 controls and Comply-to-Connect requisites, the solution is certified on the U.S. DoD Unified Capabilities (UC) Approved Products List (APL) and for J Joint Warfighting IT Interoperability (JTIC).

NAC Upgrade Program

Organizations can take advantage of Pulse Secure’s Trade-in Program to replace current NAC solutions from companies such as Forescout, Cisco, Aruba, and Fortinet. For more information, contact a sales representative at [email protected], call 844-807-8573, or contact an authorized reseller.

* Source: 2020 Cybersecurity Insiders, Endpoint and IoT Security Report Conducted by Cybersecurity Insiders and commissioned by Pulse Secure, the report surveyed 413 security decision makers, in August of 2020, across several industries, including financial services, healthcare, manufacturing, high-tech, government, and education.

** Source: IDC, Worldwide Network Access Control Forecast, 2020–2024: Demand for Visibility Drives New Growth, Doc # US46280820, May 2020

*** Source: IDC Worldwide NAC Market Shares, 2019: Diverse Market Demands Expand NAC's Addressable Market, Doc # US46276020

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9994
PUBLISHED: 2020-10-22
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.
CVE-2020-9997
PUBLISHED: 2020-10-22
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory.
CVE-2020-9927
PUBLISHED: 2020-10-22
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9928
PUBLISHED: 2020-10-22
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9929
PUBLISHED: 2020-10-22
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.