Srdjan Vranic Co.Next

NAC and Beyond

NAC is more than just a “Network Access Control”

NAC solutions support network visibility and

access management through policy enforcement

on devices and users of corporate networks.

Security and risk management leaders should

develop requirements that determine which vendor

solutions best address their cost and manageability

requirements.

Gartner: “Market Guide for Network Access Control”, 9 May 2017

The Connected World is Changing

Regulations / Risk

Access layers used to reach data / Growing attack surface

1970’s 1980’s 1990’s – 2000 2000 – 2010 2010 – 2020

SNA ModemsSNA

WiredModemsSNA

WirelessWiredModems (VPN)SNA

WiredWirelessVirtualVPN

Can it happen to me….?

NAC goals

Visibility of all devices connected to company

network.

Control. Only authorized devices can access

company resources.

Compliance enforcement.

NAC solution consideration

Scalable and central deployment

Granular implementation

Granular rules

Not to be labor intensive

Fully automatable

Agentless

Can illuminate devices in virtual networks, in

cloud, in VPN

Can handle IoT, Printers, Cameras, VoIP, OT etc

So how can organizations evolve in a connectedworld and remain secure?

INTRODUCING PORTNOXAny user. Any device. Anywhere.

Who We Are

FOUNDED

2007

First GA

2008

OWNERHSIP

Privately held & profitable Keep investing in new technologies and new markets

LOCATIONS

GlobalOffices in US, UK and Global Partnerships

GLOBAL FOOTPRINT

+500 Customers worldwide

Different customers, common challenges

Financial Retail

Technology

Healthcare Consulting

Other

Customer Success Stories

“Portnox was easy to implement, priced competitively and the right

solution at the right time”

– Iuval Kat, CISO, eToro

“One of the most valuable and easy to implement tools we've dealt with in the last years”

– Ariel Litvin, CISO, First Quality

“We selected Portnox … to allow for seamless access to our … while ensuring we have the proper security in-place to block potential hacks or unauthorized users”

- Sean Reddington, CIO, OrthoIndy

What the market says…

Driving NAC Innovation

PORTNOX CLEAR(cloud)

Portnox product offering delivers similar values in two different architecture approaches:

PORTNOX CORE

(on-prem)

Hybrid solution is also available

See – 100% visibility in real-time, across all access layers. Agentless, centralized deployment.

Infrastructure vendor agnostic.

Control – risks mitigation by limiting access, quarantine, blocking a device or remediation of security

issue. For example by installing a missing patch or starting the antivirus.

Automate – Flexible, location aware automated reactions, enabling CISOs to reduce time and cost

associated with manual responses.

What’s in it for our customers?PORTNOX

CORE(on-prem)

Portnox CORE Architecture (On Prem)

No Agents No Infrastructure Changes

Vendor agnostics

Centralized

Ethernet

Wireless

Firewall

VPN

IP Camera

MacOS

or Linux

Windows

Printers Portnox ServerWindows + SQL

PBX

AD

BYOD

Telnet - SSH

WMI – RPC – Remote Registry

SNMP - Fingerprint

Agent P - Fingerprint

SNMP - Fingerprint

SNMP -Telnet - SSH

SNMP – Telnet/SSH

SNMP – Telnet/SSH - NETCONF

Portnox deployment consideration

Software-based, no appliances

Three components, Web (IIS), Portnox server

(Windows server, physical or virtual), Database

(SQL Server)

All three components on one server support up

to 10.000 endpoints.

Cluster of Portnox servers is supported.

Portnox licensing

Per monitored wired port

Per access point

Licenses are perpetual

Portnox CORE Architecture

Illuminate Authenticate Control

Illuminate:• Directly connect to infrastructure• Native protocols (SNMP, SSH, etc)• Real-time device awareness• Visibility across all access layers• Visibility to unmanaged devices (clutter)

Authenticate:• Direct connection to devices• 20+ authentication methods• Custom Fingerprint for ‘network of things’

Control• Flexible connection methods (pre, post, partial)• Robust endpoint compliance

o OS, AV, Programs, #NIC(s), Removable Storage, Admin, etc.

• Flexible enforcement policieso User, device, location, time, compliance

• Flexible actionso Alert, Dynamic VLAN, Remediate, Close Port, etc.No Agents & Central Deployment

Value Beyond NAC – Visibility

• Quickly and Easily Find Anything on your network• Reduce incident response• Reduce resource load• Save time & money

Search & find any device,user, application on your

network!

Value Beyond NAC – Simplicity (Devices view)

• Inventory view

• Customizable columns

• Faceted navigation

• Actionable visibility

802.1X Complexity

• Long NAC deployment and endless maintenance in a big WW organization.

• Profiling and strong authentication of IoT.

• Requires dedicated HR.

• “Catholic Marriage” with the HW vendor

Discovery

• 802.1X is problematic with IoT

• Inventory and baseline management

• Lack of Visibility

Enforcement –

• failed close architecture

Simplicity Vs 802.1X

questions…?PORTNOX

CORE(on-prem)