Q&A on ESUKOM with Jens Lucius, QA Manager and Trainer at NCP engineering, Part 2
Now we’re try to change that: intrusion detection systems, firewalls and VPNs or even door access systems are able to talk to each other and contribute to a real-time representation of the network. Companies using IF-MAP are able to receive more information about the status of their network and do enforcement based on that. The NCP VPN solution acts not only as a provider of information gathered from a user’s VPN access, but also can do enforcement based on that.
For example, an intrusion detection system could detect a security breach originating from a VPN user, report that to the IF-MAP Server and the NCP VPN solution will shut down or limit the VPN access for that user. No need for time-costly interaction of an administrator (and time is of the essence in case of an attack). Also automation of security enforcement can help take the load of the network administrator, whose task will get more taxing with the increase of mobile workers and their demands. Of course, automation has to be carefully weighed against the possibility of false positives.
Another benefit is the possibility to do single sign-on or federation with other security systems based on a common standard -- and not proprietary protocols. Federation, for example, has already been successfully tested with Juniper at the last TCG Plugfest.
Stay tuned for Part 3, in which we talk to Jens about the VOGUE project.