Access all areas

An Executive Interview with Juniper Networks

With security becoming more and more important to financial institutions, the concept of Network Access Control (NAC) aims to do exactly what its name implies: control access to a network with policies, including security checks and post-admission controls, over where users can go and what they can do. Sanjay Beri explains more.

“You want to take advantage of the speed and flexibility technology offers, but you have to maintain control over your critical resources and prevent data loss”
-Sanjay Beri, Juniper Networks

FST. What can you tell us about the current drivers for NAC solutions?
Sanjay Beri. New technologies are being utilized that enable businesses to operate differently than they have until now. Organizations want to take advantage of these changes to achieve a competitive advantage, but changes can also introduce risks and threats. For example, organizations want to move faster by enabling outsiders like partners, suppliers or customers to access the network directly. Or they may want to allow employees who work remotely to connect to the network after using their computers outside the perimeter. In both cases, an organization can’t predict how users will behave or know the state of their machines. You want to take advantage of the speed and flexibility technology offers, but you have to maintain control over your critical resources and prevent data loss. Access control lets you do this. This is especially important in financial services organizations, where companies need to fiercely protect their reputation, as well as comply with regulations and defend against cyber terrorism. So the drivers include guest access, insider threats, off shoring/outsourcing and compliance monitoring and enforcement.  

FST. How does network access control solve this problem?
SB. Network access control solutions manage access to the network and its applications based on user and/or device compliance against a series of enterprise-defined network and security policies. Criteria for network and security policies include things like user identity, device identity, health, security state and network location. Policies to be enforced may include users and their devices adhering to and maintaining a baseline of criteria defined by the enterprise and making sure only authorized users are accessing networks and applications.

Furthermore, a NAC solution can ensure that access is allowed only to authorized corporate resources, and all corporate authentication and security policies are met before the network is accessed and during the duration of a session. Therefore you can make sure that the accounting department only accesses financial records and HR and the person the records belong to only access personal records.

FST. Do NAC solutions replace existing security solutions like firewalls, VPNs and antivirus?
SB. A comprehensive access control solution actually leverages and extends existing security solutions like firewalls and VPNs. For example, Juniper's Unified Access Control (UAC) solution uses Juniper's firewalls as enforcement points to stop unauthorized traffic where the firewalls reside. Likewise, access control policies can be shared between UAC and Juniper's Secure Access SSL VPN appliances to centralize provisioning of access control and ensure consistent policies for both remote and local access. This simplifies policy development and management, which results in cost savings.

FST. What does Juniper's NAC solution look like?
SB. Juniper's Unified Access Control is comprised of a number of components. All access policy is implemented by the Infranet Controller - UAC's hardened, centralized policy server; and user identity, device security state and network location are determined by the UAC Agent - which is available as a lightweight, dynamically downloadable agent with cross-platform support for Microsoft Windows, Apple Mac OS and Linux platforms, as well as an agent-less mode, for when installing a software client is not feasible.

Juniper Networks Unified Access Control is based on open industry standards and field-tested components that leverage existing enterprise network infrastructure, delivering solid investment protection. UAC reduces access control deployment complexity and cost, while increasing operational efficiencies.

Sanjay Beri is vice president, Access Solutions Business Unit at Juniper Networks and has more than 10 years of experience in the high-tech industry including key roles at such companies as Microsoft, Newbridge Networks (now Alcatel) and McAfee. Prior to Juniper, he was a co-founder of Ingrian Networks, a leader in providing solutions to secure data in transit and storage. Beri holds a Masters in Electrical Engineering from Stanford University, and an MBA from Berkeley.