Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Embracing BYOD with MDM and NAC

4,514 views

Published on

Learn how to embrace bring your own device (BYOD) in the enterprise with mobile device management (MDM) and network access controls (NAC). Special guests from Forescout featured.

Published in: Technology, Business
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL eBOOK INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookeBOOK Crime, eeBOOK Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Embracing BYOD with MDM and NAC

  1. 1. Embracing BYODwith MDM and NAC Chris Isbrecht, Fiberlink Gil Friedrich, ForeScout1
  2. 2. Today’s Agenda • The BYOD Landscape • Network Access Control (NAC) 101 • Embracing BYOD with MDM and NAC • Use Cases 2
  3. 3. The BYOD LandscapeHow are you managing employee-owned devices today? 26% 31% Mobile device management (MDM) solution Native email controls No controls in place What are your biggest concerns with BYOD support? 43% 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Having Securing Potential Inability to Additional Requests to visibility into corporate employee blacklist help desk support new all devices data on the privacy applications support devices used for device issues work 3
  4. 4. The BYOD Landscape Unmanaged and Non-Compliant Tablets & Smartphones BYOD iOS Apps Android BlackBerry Windows Customer Experience Compliance & Regulations Data Security End User Privacy 4
  5. 5. Embracing BYOD with MDM and NACGil Friedrich, VP of Technology, ForeScoutJune 8, 2012 © 2012 ForeScout, Page 5
  6. 6. What is Network Access Control (NAC)? Technology that identifies users and network-attached devices and automatically enforces security policy. LIMITED FIXED© 2012 ForeScout, Page 6
  7. 7. NAC Architecture Visibility and control of everything on your network Appliance Packet DB Policy Engine Engine Windows Mac/Linux MobileNAC Switch VPN Wi-Fi User Dir SEIM ePO Plugin Plugin & MDM Plugin Plugin Plugin Plugin Plugin PluginWhat is this machine? Who’s the person behind the keyboard? How is it connected? © 2012 ForeScout, Page 7
  8. 8. What Is Network Access Control (NAC) See Grant Fix Protect Real-time network asset intelligence • Device type, owner, login, location • Applications, security profile ForeScout CounterACT Appliance / Virtual Appliance(((((© 2012 ForeScout, Page 8
  9. 9. What Is Network Access Control (NAC) See Grant Fix Protect Real-time network asset intelligence Network access controls • Device type, owner, login, location • Grant access, register guests • Applications, security profile • Limit or deny access Web Email CRM ForeScout CounterACT Sales Appliance / Virtual Appliance Employee Guest(((((© 2012 ForeScout, Page 9
  10. 10. What Is Network Access Control (NAC) See Grant Fix ProtectManual to automated response• Remediate OS• Fix security agents• Fix configuration• Start/stop applications• Disable peripherals• Block worms, attacks© 2012 ForeScout, Page 10
  11. 11. Mobile Security and NAC NAC can serve as the BYOD enabler Most companies will use various technical control mechanisms… • Block all of the BYOD devices • VDI - Virtual Desktop Infrastructure • MAW – Mobile Application Wrapper • WAP – Wireless Access Point • MDM - Mobile Device Management • NAC – Network Access Control© 2012 ForeScout, Page 11
  12. 12. Network Access Control Foundational for BYOD • No matter what [BYOD] strategy is selected, the ability to detect when unmanaged devices are in use for business purposes will be required — and that requires NAC. • NAC policies can be used in combination with other approaches to implement the four strategies outlined in the framework — Contain, Embrace, Block and Disregard • NAC helps to protect the network, but it is only one component of a broader BYOD security strategy. Other solutions, such as MDM and HVDs [VDIs], are needed to secure mobile endpoints.Gartner, ―NAC Strategies for Supporting BYODEnvironments‖, December 2011, Lawrence Orans and John Pescatore © 2012 ForeScout, Page 12
  13. 13. Layered Security Options© 2012 ForeScout, Page 13
  14. 14. Poll Question • Describe your organization’s plans for implementing a NAC solution a) Already implemented a NAC solution b) Plans to evaluate and purchase a NAC solution in the next 6 months c) Will implement a NAC solution in next 12 months d) No NAC solution; no plans for implementation 14
  15. 15. NAC+MDM Synergies: 1+1=3 Unify visibility, compliance and access control NAC focus is on MDM focus is on the network the mobile device MDM Alone NAC Alone NAC+MDM Visibility Full info on Basic OS info on Complete managed only. all devices Access Control For managed Partial (Missing Complete and email only endpoint info) Compliance Managed only Very limited Complete Deploy Agent Pre-registration Network based Both© 2012 ForeScout, Page 15
  16. 16. Why Consider a NAC and MDM Combination? BYOD requires network, device, data and application controls• MDM products can only secure • NAC can identify new/unmanaged devices that they manage mobile devices, protect the network and automate MDM enrollment• NAC products can identify mobile • MDM technology is needed to gain devices – but lack deep inspection deep inspection and compliance details• MDM lacks network access • NAC can restricted network resources control, exposes your network and according to policy data to attack by unknown devices• MDM device inspection is strong, • NAC/MDM integration can initiate a but based on polling frequency new inspection at the time of network access © 2012 ForeScout, Page 16
  17. 17. Why Consider a NAC and MDM Combination? BYOD requires network, device, data and application controls• MDM provides rich mobile lifecycle • Mobile device lifecycle management is management: provisioning, apps, data outside the scope of core NAC containerization… capabilities• MDM policies assessment may not be • NAC could temporarily quarantine a flexible to allow users to use their non-complying mobile device on a device outside of policy corporate network• MDM daily operation is usually run by • NAC/MDM integration allows security communications, applications or operators to gain visibility and control desktop teams across all devices © 2012 ForeScout, Page 17
  18. 18. Automate Registration: How It Works Device connects to the network – a. Classify its type: Mobile device and its type (Android, iPhone iOS, Blackberry OS) or PC ForeScout (Windows, Mac, Linux)  b. Check if it has the mobile agent ? If the agent is missing – a. Quarantine the mobile device b. Register and install relevant MaaS360 agent on the mobile device (via HTTP Redirection) ))))))) Once installed with an agent – a. Allow access based on policy b. Continue monitoring the agent’s operation© 2012 ForeScout, Page 18
  19. 19. Automate Registration: How It Works Device connects to the network – a. Classify its type: Mobile device and its type (Android, iPhone iOS, Blackberry OS) or PC ForeScout (Windows, Mac, Linux) b. Check if it has the mobile agent If the agent is missing –  a. Quarantine the mobile device b. Register and install relevant MaaS360 agent on the mobile device (via HTTP Redirection) ))))))) Once installed with an agent – a. Allow access based on policy b. Continue monitoring the agent’s operation© 2012 ForeScout, Page 19
  20. 20. Automate Registration: How It Works Device connects to the network – a. Classify its type: Mobile device and its type (Android, iPhone iOS, Blackberry OS) or PC ForeScout (Windows, Mac, Linux)  b. Check if it has the mobile agent If the agent is missing –  a. Quarantine the mobile device b. Register and install relevant MaaS360 agent on the mobile device (via HTTP Redirection) ))))))) Once installed with an agent – a. Allow access based on policy b. Continue monitoring the agent’s operation© 2012 ForeScout, Page 20
  21. 21. Real-time Compliance Testing: How It Works Device connects to the network – Has a mobile agent but is jail broken ForeScout Force a compliance test a. CounterACT informs MaaS360 to ? assess configuration attributes b. If in violation, inform ForeScout CounterACT c. CounterACT quarantines the mobile device and sends informative message Enable a compliance recheck ))))))) a. CounterACT informs MaaS360 to test b. Upon re-assessment, allows onto network if violation no longer exists c. Continue monitoring the agent’s operation© 2012 ForeScout, Page 21
  22. 22. Real-time Compliance Testing: How It Works Device connects to the network – Has a mobile agent but is jail broken ForeScout Force a compliance test  a. CounterACT informs MaaS360 to assess configuration attributes b. If in violation, inform ForeScout CounterACT c. CounterACT quarantines the mobile device and sends informative message Enable a compliance recheck ))))))) a. CounterACT informs MaaS360 to test b. Upon re-assessment, allows onto network if violation no longer exists c. Continue monitoring the agent’s operation© 2012 ForeScout, Page 22
  23. 23. Real-time Compliance Testing: How It Works Device connects to the network – Has a mobile agent but is jail broken ForeScout Force a compliance test a. CounterACT informs MaaS360 to assess configuration attributes b. If in violation, inform ForeScout CounterACT  c. CounterACT quarantines the mobile device and sends informative message Enable a compliance recheck ))))))) a. CounterACT informs MaaS360 to test b. Upon re-assessment, allows onto network if violation no longer exists c. Continue monitoring the agent’s operation© 2012 ForeScout, Page 23
  24. 24. Real-time Compliance Testing: How It Works Device connects to the network – Has a mobile agent but is jail broken ForeScout Force a compliance test a. CounterACT informs MaaS360 to ? assess configuration attributes b. If in violation, inform ForeScout CounterACT  c. CounterACT quarantines the mobile device and sends informative message Enable a compliance recheck ))))))) Recheck a. CounterACT informs MaaS360 to test b. Upon re-assessment, allows onto network if violation no longer exists c. Continue monitoring the agent’s operation© 2012 ForeScout, Page 24
  25. 25. Real-time Compliance Testing: How It Works Device connects to the network – Has a mobile agent but is jail broken ForeScout Force a compliance test  a. CounterACT informs MaaS360 to ? assess configuration attributes b. If in violation, inform ForeScout CounterACT  c. CounterACT quarantines the mobile device and sends informative message Enable a compliance recheck ))))))) a. CounterACT informs MaaS360 to test b. Upon re-assessment, allows onto network if violation no longer exists c. Continue monitoring the agent’s operation© 2012 ForeScout, Page 25
  26. 26. MDM, NAC Integration Example Complimentary Hybrid Cloud and On-Premise Implementation Apple iOS MDM API Android AgentBlackBerry Symbian Management, Policy, Monitoring Windows Application and Data Catalog webOS • Unified visibility • Unified access policy • Unified reporting • Automated MDM enrollment • On-access assessment • Block malicious activity ForeScout CounterACT© 2012 ForeScout, Page 26
  27. 27. About ForeScout ForeScout is the leading global provider of automated security control solutions for Global 2000 enterprises and government organizations. • Founded 2000, Cupertino, CA – 115 employees worldwide, 200 partners worldwide • Largest independent vendor of Network Access Control (NAC) – Leader ranking by Gartner, Forrester and Frost&Sullivan – Fastest growing #2 market share, second to Cisco • Innovative, proven worldwide – Global deployments across multiple vertical industries – Very large implementation (> 250,000 endpoints)© 2012 ForeScout, Page 27
  28. 28. NAC Market Leadership ―Magic Quadrant for Network Access ―Forrester Wave Network Access Control‖, Control‖, December 8, 2011; Lawrence Q2-2011 Forrester Research, Inc. Orans and John Pescatore; Gartner, Inc.*This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and * Forrester Wave NAC Q2- 20111The Forrester Wave™ is copyrighted by Forrestershould be evaluated in the context of the entire report. The Gartner report is available upon request from Research, Inc. Forrester and Forrester Wave™ are trademarks of ForresterForeScout. Gartner does not endorse any vendor, product or service ]depicted in our research Research, Inc. The Forrester Wave™ is a graphical representation of Forresters callpublications, and does not advise technology users to select only those vendors with the highest ratings. on a market and is plotted using a detailed spreadsheet with exposedGartner research publications consist of the opinions of Gartners research organization and should not scores, weightings, and comments. Forrester does not endorse anybe construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect vendor, product, or service depicted in the Forrester Wave. Information is based onto this research, including any warranties of merchantability or fitness for a particular purpose. best available resources. Opinions reflect judgment at the time and are subject to change. © 2012 ForeScout, Page 28
  29. 29. Thank you. Questions? gil@forescout.com© 2012 ForeScout, Page 29
  30. 30. Questions or follow-up?Wrap Up cisbrecht@fiberlink.com gil@forescout.com• Upcoming Webinars (Registration Link in Chat Window) – Crushing 6 BYOD Risks: Policy Guidance from a Legal Expert • Thursday, June 21st @ 2:00 PM Eastern – Getting Started with MaaS360 • Tuesday, June 26th @ 2:00 PM Eastern• Past Webinars (http://links.maas360.com/webinars) – The Cloud-Enabled Social Mobile Enterprise – Android in the Enterprise: Piecing Together Fragmentation – BYOD: Striking a Balance—Employee Privacy and IT Governance• Plus lots of How-To content on our website – The Ten Commandments of Bring Your Own Device • http://links.maas360.com/wp_tenCommandments – Mobile Device Management: Your Guide to the Essentials and Beyond • http://links.maas360.com/ebook_mdmEssentials 30

×