While Network Access Control (NAC) and Software Defined Perimeter (SDP) can both help improve your cyber security when used separately, they can do even more to help secure your network when used together as part of a multi-layered security plan.
NAC has been around and is a solution you likely have encountered before helping users to connect to a network securely. This includes features like setting policies to limit who is allowed on your network based on organization policy. SDP also known as Zero Trust Network Access (ZTNA), on the other hand, is relatively new to the scene and it is likely you have not encountered it. SDP is a new approach to network security that provides least privileged access to applications. By now, you have no doubt learned that a sound approach to cyber security requires a multi-layered security plan otherwise known as defense in depth. For NAC and SDP this remains true, these security solutions can do a lot to secure network resources individually, but when layered together they can do even more.
Multi-layered Security Plan
The defense in depth approach to cyber security calls for a multi-layered security plan. The outer layer is the perimeter of the network, then comes a layer for your servers, and another for your employees and their computers.
Within the traditional perimeter, behind your firewall, NAC alone is able to protect your network and your employees’ devices to a degree, but if attackers infiltrated that first layer—your border firewall, then SDP can act as another layer by limiting access through least privilege access control to your application services. But SDP’s protection does not stop there, it is a virtual security layer that extends beyond the perimeter of your network and adds additional security to protect your applications and data when users or the applications they access are remote—as they often are these days.
For more information on getting started with a multi-layered security plan, see our defense in depth infographic.
In summary, here are the highlights of how they complement each other:
NAC and SDP Work Together to Isolate Devices
NAC protects East-West traffic by segmenting devices as they join the network. This works by keeping devices quarantined if non-compliant or on an IoT only VLAN. SDP does something similar in the cloud using the zero-trust model to only grant access to those who need it. This leads to an enhanced ability to segment the network overall.
Protect Applications and Data
With SDP alone, employees can connect securely to resources. But this leaves your office resources vulnerable for use for malicious purposes by users not following security policies that could violate industry standards. From there, both can apply policies to reduce risk. Meanwhile, NAC can protect and enforce your LAN and the user’s device. At the same time, SDP can enforce and protect the application and the data.
SDP Expands the Perimeter
SDP can expand your network perimeter to protect access to corporate cloud-hosted applications and data where NAC cannot. This protects access to corporate cloud-hosted applications and data providing visibility and control beyond the corporate LAN.
Get SafeConnect NAC and SDP
Enjoy this content? Signup for our Network Security e-book to learn more about how to improve your network security!