Using MDM and Agents for In-depth Inspection and Control

With the introduction of mobile devices like smartphones and tables, IT departments lost many tools used formanaging, securing and controlling end devices. No longer are Windows PCs in an active directory domain the majority of devices. A new management solution is needed and many organizations are adopting mobile device management (MDM) solutions to streamline access for mobile users, reduce IT workload and maintain the network security.

Leveraging MDM
MDM systems often focus on the management of the endpoint and are not aware of the infrastructure the device will be using. The information gathered from endpoints is very valuable to the network administrators, who rely on their own "compliance agents" to provide control of the endpoints as part of their NAC solutions. Leveraging the endpoint information gathered by an MDM system in a NAC solution provides an organization with additional value to both systems. Converting that information to real-time actions is even more powerful, and can simplify network and MDM operation and improve security.

Now organizations apply network access control functions to automate the registration and onboarding process for mobile and other devices. Device configuration tasks like these are more frequent because the lifetime for mobile devices is shorter than for their keyboard counterparts.

Including MDM information in the network access logic improves security and provides for real-time, policy-based network access. CGX integrates with MDM solutions like MobileIron to provide real-time access control, simplified device enrollment and device security checks.

Learn about CGX MDM

Using Mobile Agents
Ensuring mobile devices are compliant with policy is an important element in securing access to critical resources in the network. Devices may fail to meet compliance criteria when users install apps or reconfigure devices. When such devices aren't compliant, access to sensitive applications and data should be restricted. MDM solutions as described above are often used for the organization's own devices. This leaves a security gap for employees' personal devices (BYOD). Mobile agents can be used to provide compliance information from these devices before allowing access to the infrastructure.

Performing deep inspection through agents running on devices such as iPads or Android tablets can ensure their compliance before connecting to the network. An agent can gather operating system versions and patches, system configurations and the applications on the device. Non-compliant mobile devices can be repaired through web notifications. For laptops, built-in, automated remediation or third party patch management systems can be leveraged to bring devices back into compliance.

In all cases, devices that are security risks can be quarantined from the network or granted limited access depending on policy.

Learn about CGX Posture Compliance.