NAC is Back - How Network Access Control Can Protect Your Remote Devices and Data - Rob Allen - BSW #376
Dec 18, 2024
auto_awesome
Rob Allen, Chief Product Officer at ThreatLocker, dives into how Network Access Control (NAC) is essential for safeguarding remote devices in today's borderless work environment. He discusses the vulnerabilities presented by a lack of corporate firewalls and the significance of direct connections over traditional VPNs. The conversation also touches on the evolving role of CISOs and their heightened accountability amid rising cyber threats, underscoring the need for proactive, endpoint-centric security measures in the age of hybrid work.
The traditional corporate firewall is diminishing, prompting the need for Network Access Control to safeguard remote devices and data.
With 92% of successful attacks involving unmanaged devices, robust security measures are essential in the evolving cybersecurity landscape.
CISOs must adopt business-oriented strategies that embrace collaboration across departments to nurture a comprehensive security culture.
Deep dives
The Resurgence of Network Access Control (NAC)
Network Access Control (NAC) is gaining importance as companies adapt to the changing landscape of remote work and unmanaged devices. Recent statistics indicate that 92% of successful attacks involved unmanaged devices, and 70% included remote encryption, highlighting the need for robust security measures. With the traditional corporate firewall and perimeter essentially fading, there is a need to ensure that all devices connecting to networks are properly managed and secured. The podcast emphasizes that organizations must rethink how they protect their data and devices in this increasingly complex environment.
Challenges in Cyber Resilience
The Level Blue Futures Report emphasizes that while IT leaders anticipate positive outcomes from rapid computing changes, 85% recognize increased cyber risk. The need for better visibility into IT environments is crucial, as many organizations face barriers in achieving true cyber resilience. The podcast discusses the importance of recognizing operational issues that hinder cybersecurity and suggests that companies adopt strategic approaches to prioritize resilience. By addressing these challenges, organizations can better prepare themselves against potential threats.
Cyber Risk Management Evolution
The evolving field of cyber risk management emphasizes the need for real-time risk insights rather than manual, siloed approaches. Automation plays a central role in this transformation, as seen in platforms like CyberSaint's CyberStrong, which provides quantifiable risk assessments to aid decision-making. This proactive approach enables organizations to address their unique cyber risks and implement effective controls. By shifting toward a more integrated model, businesses can enhance their ability to manage and mitigate cyber threats.
The Evolution of CISO Responsibilities
The podcast highlights the changing role of Chief Information Security Officers (CISOs) in 2025, stressing the need for business-oriented strategies beyond technical defenses. As the landscape becomes more complex, CISOs must navigate challenges such as misinformation and legacy systems resistant to change. The emphasis is placed on fostering collaboration with various departments to embed security culture throughout the organization. Rather than solely relying on technical measures, leaders are encouraged to consider a holistic approach to security that encompasses process and people.
Constructive Communication in Leadership
Creating a culture of constructive feedback is crucial for organizational success, and leaders play a vital role in modeling this behavior. By implementing regular feedback mechanisms, organizations can nurture an environment where employees feel empowered to share insights and concerns. The podcast contrasts traditional 360-degree reviews with ongoing, organic feedback processes that foster growth and adaptability. Encouraging open dialogue not only enhances professional development but also strengthens the overall effectiveness of the organization.
The local network is no more. Neither is the corporate firewall. Users are not only working from the office but also remotely, meaning the network we utilize has quickly become the internet, leaving devices and data vulnerable to cyber threats. But how do we monitor this new, expanded network?
Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how the dissolution of the business perimeter makes network access controls essential to protect your devices and, by extension, your data. Network Access Control helps protect business assets whether employees are in the office or remote. ThreatLocker Network Control provides a direct connection between the client and server, as opposed to a VPN that goes through a central point.
In the leadership and communications segment, CISOs need to consider the personal risks associated with their role, CISOs: Don’t rely solely on technical defences in 2025, The Questions Leaders Need to Be Asking Themselve, and more!
