Utilising DNS protocol for threat discovery, network access control and BYOD Compliance.

With the emergence of trends like Bring Your Own Device (BYOD), increased mobility and cloud technology, securing corporate data is becoming more difficult. Organisations are continuously looking for new technologies to protect their users and information. BYOD is becoming a core framework where the organisation, mobile access and cloud interact.

The Emergence of BYOD
Bring Your Own Device (BYOD) is defined as allowing the employees to use their personal computers, mobile phones, tablet or other devices for work by an organisation.
Between 2019 and 2024, the expected yearly growth is 15% indicating unprecedented growth due to its possible benefits for end-users and organisations.
The reasons for growth are two-sided. Employees experience increased satisfaction, production and innovation, which is vital in today’s competitive landscape. Businesses also experience significant cost savings.
With the emergence of 5G, it is expected that BYOD will be adopted more widely but
bringing other challenges parallel to this growth.

Challenges in BYOD

The business benefits are also bringing new challenges. Security and scalability concerns are seen as the leading areas preventing the broader acceptance of BYOD.

Security Challenges

  • An infected personal device with malware can affect the corporate technology infrastructure and infect other devices once it is connected to the internal network.
  • When corporate information is stored in personal devices protecting the data and enabling accountability is difficult.
  • In the case the devices are stolen, the risk of corporate data compromise is
    significantly higher as centralised security policies cannot be enforced on personal
    devices.
  • When the users are off the premises, it becomes challenging to provide security services.

Scalability Challenges

  • When a personal device malfunctions, is lost or stolen, it can disrupt the business, especially if the device is the primary one.
  • Accounting for different device types, designing the approval processes and auditingfor compliance becomes more complex as the number of devices increase.

NetCyte for Agentless Threat Visibility & Endpoint Compliance

NetCyte is a next-generation NAC solution that provides dynamic and adaptive access
control with unparalleled threat discovery. The system creates a holistic view of IT
infrastructure by enabling 100% accurate discovery, classification and profiling of any device.

The threat discovery component reduces the attack surface and minimises the impact of cyber threats originating from devices in the corporate networks. Threat analysis is performed with or without an agent supporting both corporate and guest devices.

By utilising different methods for detection and blocking the system is deployed in a few days. The system can act as the DNS Server within the organisation to discover and block access enabling organisations to deploy a NAC framework quickly with advanced threat discovery and prevention.

  • Multiple techniques on the network, DNS and application layers are utilised for seamless discovery.
  • By using SNMP or SSH to poll MAC and ARP address tables, a 100% accurate visibility of network topology is created.
  • Device discovery can be made through a lightweight DNS Server, which is very easy to deploy and great enabler for auto-enrolment of the users.
  • The Secure DNS server enables the discovery of malicious activity without any
    topology change based on its AI-based categorisation engine.
  • DNS Server acts as the first line of blocking if the device is unauthorised or creates a malicious activity.
  • If the blocked devices reside on a manageable switch/router/firewall blocking takes place at any level by executing a simple VLAN/ACL change through an SSH
    connection to the network device.
  • Endpoints can be protected even when they are off the premises.

How it Works

The system provides multiple methods for detection and blocking.

Detection

  • Track ARP & MAC Table from Network Devices: By just using the SNMP protocol, all devices are discovered and classified. Agentless classification without Admin rights is supported.
  • Port Mirroring: Ports which devices are active are mirrored. Through the mirrored port, devices are discovered. On distributed networks, this requires appliances in remote sites.
  • ARP & DHCP Sniffing: In this mode multicast ARP & DHCP packets are tracked through trunk ports. On distributed networks, this requires appliances in remote sites.
  • DNS Query Analysis: The system acts as a DNS Server for the organisation to discover the devices inside the organisation.

Blocking

  • SSH Command Execution for VLAN change or ACL application.
  • SNMP Execution for VLAN change.
  • TCP Reset if port mirroring is used.
  • 802.1x.
  • ARP Redirection.

Architectural Advantages

  • Agentless for Windows, MAC and Linux devices.
  • Better scalability in Windows-based distributed networks.
  • Advanced threat discovery and prevention.
  • Ability to perform network device configuration.
  • Multiple methods for detection and prevention.
  • Ability to identify malicious traffic from guest devices without an agent or inline
    operation.

CyberCyte Advantages

  • Deploy in days across complex campus networks.
  • Support for multiple deployment scenarios.
  • Do not require multiple distributed components.
  • No reliance on agents, traffic interception or port mirroring.
  • Support non-intelligent and unmanageable network devices.
  • Do not require any configuration change or agent on endpoints.
  • Advanced threat discovery with remediation.