One of the greatest things about distributed networks is they are dynamic and resilient, but as result of that, they are also overly complex and unpredictable. Where its inherent scalability, high fault tolerance and low latency present enormous advantages for users, things are a little problematic on the security side of things. Last week, we had the opportunity to meet with Denny LeCompte, CEO and Jeremy Morrill, VP of Product Management at Portnox in a briefing where we discussed the security concerns of distributed environments and Portnox’s new and first-ever in the market cloud-native TACACS+-as-a-Service that is designed to help businesses manage network devices easily from a single platform.
TACACS+ for Administrator Access to Network Devices
TACACS+ or Terminal Access Controller Access Control System is a standard security protocol for remote authentication. When a client requests access to a certain router or NAS (Network Access Server), the request is responded to by the TACACS+ process. The application enables centralized validation of all user access. The protocol delivers flexible control over access authentication and authorization and provides detailed accounting information. In simple terms, it is that extra step in network access management that offers an additional blanket of security.
Be that as it may, the implementation of TACACS+ is neither simple, nor cost-friendly, not for mid-market businesses anyway. This is the reason why despite being around for a long time, even today the technology is out of reach of many small and mid-size companies that are restrained by their limited resources. To avail TACACS+, a company first needs to invest in a Network Access Control (NAC) product that includes the application which comes at no small cost.
Addressing the Issues around Implementing Policies on Devices with a AAA Protocol
This is what prompted Portnox to launch its own cloud-native TACACS+ so as to bring the technology within the reach of organizations any size. The company that already offers RADIUS and has a widely adopted NAC-as-a-Service on its portfolio understood the cost and complexity that stood between small and mid-range companies adopting TACACS+. So instead of tactfully packaging both its NAC and TACACS+ solutions together, it went with offering them separately so that buyers do not feel constrained by the cost factor.
Portnox is a startup based out of Tel Aviv that is fast gaining momentum in the security space for its growing list of network and endpoint security solutions aimed at midmarket companies. Portnox’s journey from Israel to the States has been long and enduring. After meeting with a series of logistical obstacles and under the leadership of LeCompte, the company finally set foot in the US soil. Now based in Austin, Texas with offices back in Israel, it is a company that is slowly but steadily expanding its footprints in the network security space.
Along expanding and repackaging its portfolio for the new market, Portnox rolled out the new Portnox cloud-native TACACS+-as-a-Service. Already in development for some time, the product was finally finished and saw the light of day under Denny LeCompte. On June 15th, they announced the general availability of the Portnox cloud-native TACACS+ solution, the first TACACS+ to run on cloud.
A Closer Look at Portnox TACACS+-as-a-Service
Portnox TACACS+ is “the first and only cloud native solution” that provides authentication, authorization and accounting (AAA). To break it down, it enables users to centrally authenticate user access to all network devices. This way administrators can grant access to legit users and keep intruders out. Image provided by Portnox[/caption]
Authorization service enables users to determine what the authenticated users have permissions to do and enforce access control policies so that users can be limited to avail select network services and execute certain commands. This can help prevent users from making unauthorized changes. Morrill says, with Portnox TACACS+, “You can get as fine grained details as you want, just as you could in any other TACACS+ solutions”.
Lastly, through accounting and auditing, companies can transparently track the identities of users, the activities they carried out, services they accessed, session times, resources they consumed and such things.
Morrill explains, that with Portnox’s TACACS+, administrators will be “able to set the privilege level or define commands that someone can execute or is not allowed to execute. (It) is a fantastic feature for those network engineers who are looking to delegate roles and responsibilities to junior network engineers or IT help desk staff without doing any damage to the network or causing any potential outages in the process.”
Cost reduction was one of the goals behind the Portnox TACACS+-as-a-Service which is why the starting price has been set at a very nominal $2 a device. As an introductory offer, Portnox is offering its TACACS+ free of cost for 1 administrator and up to 100 devices.
Portnox TACACS+ runs on cloud or any network, is hardware-agnostic and has integrations with a lot of NAC platform-supported Active Directories including Microsoft AD, OpenLDAP, Azure AD and Google Workspace via which IT personnels can access the TACACS+ service to connect to the network.
The modern network scales out at a very fast pace and it falls on the IT departments to manage the countless devices and access points inside it. Managing the rapidly proliferating access credentials and authorization levels, and implementing policies to validate access, at the same time logging all actions can be a lot to handle on a day to day basis. On the off-chance, an error is committed, it can cause loss of service and unplanned downtimes. Portnox’s TACACS+ makes it not only manageable by enabling administrators to control it from a central platform, but in the process ensures security compliance and a stronger security posture. Special thanks to Denny LeCompte and Jeremy Morrill for talking to us and Carole Hutchinson for making it happen.
Get a free ride of the Portnox TACACS+-as-a-Service today at their website.