It's no secret that network security is a huge deal. Cyber crime's on the rise, attacks growing in ingenuity and guile, and according to the 2015 Meeker Report 69% of victims don't even discover the breach themselves. Translation - no network is safe. And it's largely thanks to this that network access controls (NAC) have enjoyed greater demand in the last few years.
NAC has evolved over time, from earlier incarnations to a new segment, known as EVAS. EVAS is an acronym derived from the terms endpoint visibility, access and security. Its approach to network security aims at extending previous NAC capabilities to include other security functions. So besides access control, you can expect real-time monitoring, improved visibility of endpoints and enhanced security features relating to both threat response and remediation.
How Does It Work?
EVAS helps prevent threats by utilising extensive and increasing intelligence about endpoints, networks and IT assets to help organisations improve their threat prevention, detection and response. Its actions can be broken down into three distinct stages.
The Three Phases of EVAS Threat Mitigation:
1. Before an Attack
Before catastrophe strikes, EVAS does everything it can to minimise the risk by:
Monitoring assets. Acting as a watchdog, EVAS monitors all assets connected to a network at any given time and stays on high alert for anything risky or non-compliant. Whether it's users, devices, applications or operating systems, it'll sound the alarm and help security operations meet the potential threat head-on.
Gathering intelligence. EVAS assists in risk mitigation by allowing the security team to gather intelligence that helps them respond to threats with efficacy, streamline their workflows and operations, while keeping their fingers on the pulse of IT risk and being ready to remedial action.
Enforcing policy. Thanks to the constant flow of intelligence EVAS provides, enough contextual information is gleaned to assist in creating granular network access policies that do their bit by decreasing the attack surface by restricting access to networks segments, assets and sensitive content.
2. During an Attack
If an attack is detected, EVAS can help analysts limit its scope by:
Integrating into threat defense systems. On their own, network-based threat defense systems analyse network behaviour and malicious activities, but their downfall is a lack of contextual understanding about the presence or state of actual endpoints on the network. EVAS steps in here and fills the need for more information using its database on network endpoints. Detection and response protocols can happen thanks to this sharing, and data can be correlated to reflect the behaviour, configurations and endpoints that led to an attack.
Blocking tactics. Attacks on a network tend to follow a "kill chain" where a compromised system attempts to lay hold of credentials, escalate privileges and exfiltrate data from other network assets. EVAS granular access controls can block "kill chain" activities as they happen.
Taking steps towards remediation. After the discovery of an attack, security teams can use EVAS policies to minimise the potential impact and fallout.
3. After an Attack
After an attack is detected EVAS aids in the following ways:
Assessing endpoints. EVAS helps in the discovery of compromised systems by sharing its database with vulnerability analysis tools and better equipping them to assign "high priority" tickets that operations can use in the remediation process.
Remedying systems. Because many EVAS systems can be integrated with endpoint security systems, patch management and MDM, it can assist in monitoring and automating the remedial process.
Improving policies and security systems. Thanks to EVAS databases, attack analysis and threat intelligence, it's possible to finely tune access policies that ultimately block attacks or prevent them from spreading.
As threats to the network grow in ferocity, it has never been more crucial to ensure security is comprehensive enough to meet these threats head on. Take the time to invest in your network's security and consider implementing an EVAS system. It'll be well worth it.
Photo Credit: Network Switch RJ45 Cable via photopin (license)
