Background: Securing a Vast Nationwide Network
South Korea’s postal system, a large and highly-distributed organization, encompasses two major divisions, numerous affiliated agencies, and thousands of regional offices nationwide. This complex infrastructure requires the highest levels of security and availability for over 70,000 network-attached endpoint devices of various types. Initially, this presented a significant IT operational and security management challenge. The existing legacy IP address management (IPAM) solution proved unable to scale sufficiently to manage the continuous increase in new devices and the burgeoning demand for BYOD support.
Modernizing IPAM and Enhancing Overall Security
To address these limitations, IT determined it was necessary to replace the legacy solution. It was paramount to maintain existing network security and access policies to avoid negatively impacting availability within the production environment. Beyond establishing a more robust and flexible IP address management capability, IT also sought to enhance the postal system’s overall security profile by implementing a world-class secure authentication framework.
The organization’s specific requirements included:
- Comprehensive Visibility & Control: Full visibility and control of all endpoint devices across the entire IT infrastructure.
- Precise Device Identification: Ability to identify exact device platform and user information for secure IP address assignment.
- Seamless Policy Migration: Smooth migration of legacy IP address management policies.
- Enhanced IPAM Features: Improved management of static IP/MAC addresses, prevention of IP conflicts, and on-demand IP addressing provisioning.
- Advanced Authentication: An enhanced authentication process with API-enabled cross-platform information-sharing capabilities.
- Automated Software Management: Real-time detection of all installed endpoint software and enforcement of versioning requirements via remote installation, including anti-malware definition updates.
- BYOD Support: Enterprise-wide support for Bring Your Own Device initiatives.
Solution: Genians NAC Enables Comprehensive IT Security Automation
Genians NAC provided the postal system with a powerful solution that enabled IT security automation, addressing all identified challenges without disrupting existing operations.
Genians NAC delivered:
- Full Security Policy Framework: Allowing the creation and enforcement of comprehensive security policies.
- Seamless Legacy Policy Migration: Ensuring a smooth transition for existing policies.
- Real-time IP Address Management: Providing IP address name translation management, mapping static IPs to dedicated devices and users, and securely controlling IP address usage across the entire network (Allow, Deny, Lease, Assign). It also resolves IP address conflicts and prevents unwanted changes.
- Enhanced Authentication & SSO: Providing an agent-based authentication process that seamlessly shares authenticated information with other IT security and operational solutions through a single sign-on (SSO) process.
- Automated Endpoint Software Control: Installing and maintaining all required software for the entire complex of enterprise end-devices.
- Secure BYOD Provisioning: Offering a secure BYOD provisioning process for both wired and wireless network environments.
- Real-time Device Monitoring & Control: Logging all connectivity information (including IP/MAC and user name) in real-time, detecting and immediately controlling non-compliant devices.
- Comprehensive Audit Trail: Providing a complete audit trail to demonstrate compliance and generate audit reports.
Genians’ non-disruptive sensing technology was fundamental, enabling the postal system to see the “what/who/when/where” of all network connections in real-time. This provided precise and comprehensive management of all potential endpoint devices and simplified critical user/device authentication by integrating seamlessly with existing systems.
Summary: Automated Compliance, Enhanced Security, and Operational Efficiency
By employing Genian NAC, the postal system gained a centralized and intuitive management interface for IP addresses, allowing IT system administrators to easily control IP usage and maintain comprehensive IT security compliance more effectively.
Holistic Network Control and Sustainable Savings
Genians NAC can integrate with a wide range of existing IT security and business solutions (such as NGFW, IDS/IPS, MDM, SIEM, and organization intranets) to provide holistic network monitoring and control. This enabled the postal system to achieve full IT security automation, ensuring the highest levels of systems security, availability, and regulatory compliance, while significantly enhancing productivity and reducing operational burdens across its vast nationwide network.