Security Enforcement, The Cooperative Way

Imagine all of your network and security devices working as a unit to enforce security policy. That’s the vision of “cooperative policy enforcement,” an emerging concept being promoted by Aventail.

While network admission control (NAC) is emerging and there are many different policy enforcement tools available, there still isn’t a common, coordinated structure for enforcing policy across all devices. Chris Hopen, CTO of Aventail, says the key is having a broader policy that aggregates the traditionally separate policies of firewalls, routers, switches, VPN gateways, and NAC boxes.

Some industry analysts consider cooperative policy a natural progression. “Cooperative policy has to happen. It’s not even a question of if, but of when. You have many network assets as an organization — firewalls, routers, switches, VPN gateways — and each of those should be able to enforce policy, not just any one,” says Robert Whiteley, senior analyst for enterprise networking at Forrester Research. “Most NAC products make you choose one of those” to do enforcement, he says.

With cooperative policy enforcement, the policy servers on each security device can share security problems they find and take action to fix them, he says. When an IPS sitting behind the VPN gateway detects a problem, for instance, it can work with the gateway to pinpoint the source: “So when the IPS raises an event and says here’s malicious traffic, that device can then make a SOAP call back to us, query us, and say ‘what user is responsible for injecting this traffic into the network?’”

Then the offending user could automatically be blocked from the network or certain service. “This is beyond reporting and more about taking action,” he says. “Today devices do not allow any visibility into their policy decisions, let alone providing a mechanism for allowing another network device to control or dictate changes to the policy behavior.”

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Comments are closed.