Compromised and stolen credentials remain the main threat to corporate data. Remote access via VPN is the most vulnerable method of access, due to compromised employee credentials. The need for flexible and extremely easy to implement two factor authentication (“2FA”) has become crucial for organizations of all sizes. Another weak link in remote access, beyond user authentication, is generated by connecting to organizational insecure and vulnerable end-points. It is not uncommon that when accessing the network using a VPN through a personal device, any vulnerability existing on that device can quickly become a security hole in the entire network’s protection. To address the heavy challenges of securing remote access, organizations should look for solutions that are cost-effective and provide a cohesive approach for all aspects of access security: compromised credentials, lost or stolen devices and access from insecure endpoints.
Meet Portnox CLEAR – cloud-based access control for VPN
Portnox CLEAR is a Security Software-as-a-Service (SaaS) cloud platform that delivers continuous, on/off-premises risk monitoring and access control to all organizational endpoints. It assigns each connecting device a risk score (similar to a credit score), dynamically assesses the threat they may pose to your network and enforces access control actions in real time. Portnox CLEAR can be used in many flexible ways to authenticate user remote access by VPN providing a unique combination of access control by authentication (Active Directory or Open LDAP), strong factor validation and end-point cyber risk assessment (“risk-based access”).
Portnox CLEAR™ Unique Two-Factor-Authentication Solutions
As part of its entire cloud-based NAC offering, Portnox CLEAR offers a unique approach to 2FA for VPN. 2FA is a method of computer access control in which access is granted only if two separate pieces of evidence are presented to the authentication mechanism – typically, knowledge (something the user knows, such as his username and password), and possession (something the user has, such as a security token).
Conventional 2FA solutions, however, completely ignore the device that is requesting remote access. Portnox CLEAR, on the other hand, can offer device authentication via its device enrollment mechanism. Devices that install the Portnox AgentP application and have been enrolled in the organization are uniquely recognized and are, therefore, continuously monitored and tracked.
The two elements in Portnox’s unique 2FA solution are the typical knowledge (user credentials) coupled with a unique possession (the enrolled device), ensuring that security is offered on two levels: authentication of the user himself and authentication of the device. Stealing a user’s credentials is useless if the device requesting access is not enrolled; and stealing an enrolled device is of no use if the credentials are not available.
Portnox device authentication is offered in two formats: One-Time-Password (OTP) 2FA and Portnox AgentP 2FA.
OTP 2FA
In this solution, the AgentP application on the enrolled device acts as a soft token by implementing the HMAC-Based OTP algorithm. It generates an OTP upon demand and, together with the user’s username and password, the app allows that specific device access to the organization’s remote network.
As Portnox knows which AgentP generated the OTP, the supplied OTP is the method of authenticating the device; while the supplied credentials are the method for authenticating the user.
Portnox AgentP 2FA
In this solution, a call back mechanism is utilized, relying on the fact that each deployment of AgentP on a device is uniquely recognized. When a user tries to log in by VPN with his credentials, CLEAR calls back the specific AgentP on the device requesting access, to verify that the device is the one it claims to be.
Because Portnox knows that the requesting device is an enrolled device, callback is the method for authenticating the device; while the supplied credentials are the method for authenticating the user.
Portnox CLEAR end-point risk assessment and access policy
Portnox CLEAR offers pervasive and context-aware risk assessment for VPN clients to address attempts by unsecured, vulnerable devices to access the corporate network:
- Real-time pervasive monitoring of any device, mobile and laptop, on and off the corporate network
- Monitoring changes in hundreds of parameters, analyzing security posture and known-vulnerabilities of end-points
- Analyzing and correlating to multiple context attributes
- Taking historical observations into account
- Calculating cyber risk score and making access decisions based on this score
This blog was written by Portnox.
Portnox is the manufacturer of Next generation Network Access Control (NAC), that can assist you in protecting your network including your VPN.
Portnox CLEAR offers many other capabilities for real-time access control and risk assessment as part of its entire SaaS offering, which is fully subscription based and does not require deployment of any on-premise software or appliances. With its Fall-2016 release, Portnox CLEAR demonstrates again its leadership and unparalleled innovation as already recognized by the latest award from Frost and Sullivan.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。