Soliton - Blog

How digital certificates give your NAC solution the edge

Written by Roel Schuitman | Oct 21, 2021 10:00:00 PM

IT managers today face a variety of challenges every day. They need to offer a safe, reliable network for company machines and devices that belong to employees and guests (including IoT). While doing this, they need to mitigate the risks of cybercrime.

NACs help IT managers achieve this balance by offering complete visibility around who is on the network and what they’re doing, regulating access levels, and monitoring interactions. Using digital certificates provides credentials that identify a user (and often their device or devices) known to the network. With certificate-based authentication, a business can verify that all devices connected to its network are authorised.

Let’s explore how digital certificates help improve NAC - and how you can quickly and easily get started. 

 

How digital certificates give you the edge

In the past, networks would combine certificate-based authentication with user authentication such as a username and password. However, solutions like NetAttest EPS can deliver all the benefits to a business without users having to deal with unwieldy passwords. And on Windows it’s possible to use the current Windows user with the certificate of the device. Passwords are time-consuming to set up and quickly forgotten, which causes more problems.

Digital certificates allow users to access the correct areas of the network the first time and every time, which reduces queries to IT support teams. For businesses, digital certificates are scalable - it’s never been simpler to add devices to the network, essential when there are more devices than ever and more employers checking in from random office locations.

The Soliton KeyManager app offers networks a more straightforward way to distribute digital certificates. By introducing a less complicated 3-step certificate administration process, IT managers can dramatically shorten the life of a digital certificate, which enhances security. 

The application offers a user self-service to automatically request and install user and device certificates on any device, with only three steps. The Soliton KeyManager app presents the user a warning to renew their certificates, allowing users to click the appropriate link, which delivers four significant benefits to businesses:

  • Reduces the time the IT team spend on certificate management
  • Adds a new layer of security to the Simple Certificate Enrolment Protocol (SCEP) via a unique secret per request
  • Enables public and private key pairs to be generated
  • Thanks to the way it’s created, it never leaves the device during the issuing process

 

Issuing certificates on managed and unmanaged devices

The great thing about using digital certificates for authentication (as opposed to usernames and passwords) is that you can issue them to devices that your company does not manage without troubling your IT team.

The NAC solution from Soliton Systems (which is #1 in Japan) has built-in, easy certificate distribution, which helps distribute certificates to unmanaged external systems, such as personal devices or the devices of partners and contractors. In addition, the Soliton KeyManager app removes the need for specific mobile device management to deploy these certificates, making it easy and secure for users to install digital certificates on their systems.

Many companies find providing network access to external devices a security problem. So they’re using a MAC-based NAC solution that is easy for hackers to spoof and evade restrictions. By getting hold of machines under false pretences, spying on broadcast traffic, or using brute force, cyber-criminals can get authorised MAC addresses, which leads to unwanted access to your network.

It’s impossible to entirely avoid dealing with machines that only come with MAC addresses (especially in areas such as healthcare and automotive) as an identity. At Soliton, we’ve worked hard to balance these requirements with your security needs.

Using a dedicated database for MAC addresses, Soliton’s NAC solutions NetAttest EPS simplifies the process of issuing access for these devices:

  • It gives you all the tools you need to add new devices to your network quickly
  • A secure MAC address database with storage for up to 200,000 addresses
  • A dedicated interface for registering new MAC addresses

One thing that makes Soliton’s NetAttest the ideal NAC solution is that it never uses agents. It does not require anyone to install software on their devices, making safe BYOD genuinely possible. Plus, it improves security as the use of agents increases the attack surface. 

Does your NAC solution give you this level of protection and convenience?